SPIRE-365: create-only mode false status is not set on the main CR once the create-only mode is disabled#89
Conversation
openshift-ci-robot
added
the
jira/valid-reference
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
@PillaiManish: This pull request references SPIRE-365 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughThe PR enhances CREATE_ONLY_MODE environment variable handling by introducing synchronized one-time logging for invalid values, improving case-insensitivity and whitespace tolerance in the IsInCreateOnlyMode function, and refactoring the controller to derive CreateOnlyMode status from environment variables rather than aggregating operand states. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes ✨ Finishing touches
Comment |
PillaiManish
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@PillaiManish: This pull request references SPIRE-365 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@anirudhAgniRedhat @PillaiManish
|
|
@PillaiManish @anirudhAgniRedhat Enhancement: Accept case-insensitive "TRUE"/"FALSE" for CREATE_ONLY_MODE env var using strings.EqualFold(). Any random/invalid value will default to false (disabled) for safety. CREATE_ONLY_MODE env var handling • Accepts: true/True/TRUE → Enables create-only mode The check is case-insensitive. Recommend documenting "true" or "false" as accepted values. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (3)
pkg/controller/utils/utils_test.go (2)
780-784: Test case name is slightly misleading.The test case "env var not set" actually sets the env var to an empty string via
t.Setenv. While functionally equivalent due toos.Getenvbehavior, the test name could be clearer. Consider renaming to "env var set to empty string" or adding a separate test that truly unsets the variable usingos.Unsetenv.
804-809: Thesync.Onceguard limits testability of the warning log.The
logInvalidCreateOnlyModeOnceinutils.goensures the warning is logged only once. Since this is package-level state, only the first test encountering an invalid value will trigger the log. Consider adding a comment documenting this limitation, or exposing a test hook to reset the guard for comprehensive log verification.pkg/controller/zero-trust-workload-identity-manager/controller.go (1)
312-321: Minor:IsInCreateOnlyMode()called twice per reconciliation.
utils.IsInCreateOnlyMode()is called both insetCreateOnlyModeCondition(line 201) and again at line 316. While functionally correct (env var is stable), consider returning the value fromsetCreateOnlyModeConditionor calling it once and passing to both locations to avoid redundant processing.♻️ Optional refactor
-// setCreateOnlyModeCondition sets the CreateOnlyMode condition on the main CR based on the environment variable -func setCreateOnlyModeCondition(statusMgr *status.Manager, existingConditions []metav1.Condition) { - createOnlyMode := utils.IsInCreateOnlyMode() +// setCreateOnlyModeCondition sets the CreateOnlyMode condition on the main CR based on the environment variable +// Returns the current create-only mode status +func setCreateOnlyModeCondition(statusMgr *status.Manager, existingConditions []metav1.Condition) bool { + createOnlyMode := utils.IsInCreateOnlyMode() if createOnlyMode { statusMgr.AddCondition(CreateOnlyMode, utils.CreateOnlyModeEnabled, "Create-only mode is enabled: Updates are not reconciled to existing resources", metav1.ConditionTrue) } else { // Only set to False if we previously had it set to True (to show the transition) existingCondition := apimeta.FindStatusCondition(existingConditions, CreateOnlyMode) if existingCondition != nil && existingCondition.Status == metav1.ConditionTrue { statusMgr.AddCondition(CreateOnlyMode, utils.CreateOnlyModeDisabled, "Create-only mode is disabled", metav1.ConditionFalse) } } + return createOnlyMode }Then in Reconcile:
// Set CreateOnlyMode condition based on environment variable (simpler than aggregating from operands) - setCreateOnlyModeCondition(statusMgr, config.Status.ConditionalStatus.Conditions) + createOnlyModeEnabled := setCreateOnlyModeCondition(statusMgr, config.Status.ConditionalStatus.Conditions) // Check create-only mode from environment variable for logging and OLM update - createOnlyModeEnabled := utils.IsInCreateOnlyMode() r.log.Info("Aggregated operand status", "allReady", result.allReady, "notCreated", result.notCreatedCount, "failed", result.failedCount, "createOnlyModeEnabled", createOnlyModeEnabled, "anyOperandExists", result.anyOperandExists)
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting
📒 Files selected for processing (3)
pkg/controller/utils/utils.gopkg/controller/utils/utils_test.gopkg/controller/zero-trust-workload-identity-manager/controller.go
🧰 Additional context used
📓 Path-based instructions (1)
**
⚙️ CodeRabbit configuration file
-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.
Files:
pkg/controller/utils/utils.gopkg/controller/utils/utils_test.gopkg/controller/zero-trust-workload-identity-manager/controller.go
🔇 Additional comments (7)
pkg/controller/utils/utils.go (3)
9-14: LGTM!The new imports for
syncandcontroller-runtimeare appropriate for thesync.Onceguard and structured logging functionality.
28-29: LGTM!The
sync.Onceguard at package level is appropriate for ensuring the warning is logged only once per process lifetime, preventing log spam during repeated reconciliation cycles.
233-255: LGTM!The implementation correctly addresses all reviewer feedback from the PR:
- Case-insensitive handling via
strings.ToUpper- Whitespace tolerance via
strings.TrimSpace- Invalid values safely default to disabled (false)
- One-time warning log for invalid inputs with helpful guidance on valid values
pkg/controller/zero-trust-workload-identity-manager/controller.go (4)
199-216: LGTM!This function correctly addresses the PR's main objective: setting
CreateOnlyModetoFalsewhen the mode is disabled after being enabled. The transition check on line 210 prevents cluttering the status when the mode was never enabled.
328-343: LGTM!The simplified structs correctly remove the per-operand
CreateOnlyModetracking fields, aligning with the new environment-driven approach.
475-492: LGTM!The updated comments clearly explain that ZTWIM now checks the environment variable directly, while this function still extracts operand-level
CreateOnlyModeconditions for visibility purposes.
386-392: LGTM!The return correctly reflects the simplified aggregate result structure.
|
/retest |
1 similar comment
|
/retest |
|
@PillaiManish: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
lgtm |
|
/verified by qe |
openshift-ci-robot
added
the
verified
|
@sayak-redhat: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/verified by qe test cases covered in MD file inside the jira |
|
@sayak-redhat: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
anirudhAgniRedhat
left a comment
anirudhAgniRedhat
left a comment
There was a problem hiding this comment.
/approve
Thanks for the PR
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: anirudhAgniRedhat, PillaiManish The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
4 participants
This PR fixes the status of the main CR to revert the status of the CREATE_ONLY_MODE when it is set to false.