[Draft] - Adding cabilities for crdcompatibilitychecker and capi CRs

[miyadav]

Adding new capability constants
WIP - OCPCLOUD-3368
/hold

Generated by - claude-opus-4-6(2.1.169)

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @miyadav! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3e94ca8f-0c5e-4b85-b9ce-c863fe0e7b7a

📥 Commits

Reviewing files that changed from the base of the PR and between 1fc3a3d and 2cf942d.

⛔ Files ignored due to path filters (11)

• config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/AAA_ungated.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/CRDCompatibilityRequirementOperator.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ClusterUpdateAcceptRisks.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ClusterUpdatePreflight.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ImageStreamImportMode.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/SignatureStores.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**

📒 Files selected for processing (2)

• config/v1/tests/clusterversions.config.openshift.io/CRDCompatibilityRequirementOperator.yaml
• config/v1/types_cluster_version.go

📝 Walkthrough

Walkthrough

This PR introduces two new optional cluster capabilities to the ClusterVersion API: CompatibilityRequirements and ClusterAPI. It adds exported constants documenting that ClusterAPI depends on CompatibilityRequirements, extends the CRD schema enumeration to include both capabilities under the CRDCompatibilityRequirementOperator feature gate, registers them in the public KnownClusterVersionCapabilities list and the current capability set, and adds an XValidation rule that prevents enabling ClusterAPI without also enabling CompatibilityRequirements (either explicitly in spec.additionalEnabledCapabilities or implicitly in status.capabilities.enabledCapabilities).

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title contains typos ('cabilities' instead of 'capabilities', 'crdcompatibilitychecker' lacks proper capitalization) and is vague about what is actually being added despite referencing specific components.	Correct typos and clarify the title, for example: 'Add CompatibilityRequirements and ClusterAPI capability constants' to accurately describe the changes.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description mentions adding capability constants for CRDCompatibilityChecker and CAPI, which aligns with the changeset, though it is minimal and marks the PR as work-in-progress.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All Ginkgo test names in the PR are stable and deterministic, containing only static descriptive strings without dynamic information like pod names, timestamps, UUIDs, or other runtime values.
Test Structure And Quality	✅ Passed	Test is standard Go unit test (not Ginkgo), appropriately simple with single responsibility, meaningful assertions, and follows existing config/v1 test patterns.
Microshift Test Compatibility	✅ Passed	This PR does not add any Ginkgo e2e tests. It only modifies config/v1/types_cluster_version.go with type definitions and constants, which are not test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests added in this PR. Changes are API type definitions and unit tests using standard Go testing package, not e2e tests.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only modifies config/v1/types_cluster_version.go, a Go type definition file for the ClusterVersion CRD schema. No deployment manifests, operator code, or scheduling constraints are introduced—on...
Ote Binary Stdout Contract	✅ Passed	The PR modifies only config/v1/types_cluster_version.go, a pure CRD type definition file with no executable code. No stdout-writing operations (fmt.Print*, log., klog., os.Stdout) are present....
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only modifies config/v1/types_cluster_version.go to add type definitions and constants, not Ginkgo e2e tests; check is not applicable.
No-Weak-Crypto	✅ Passed	The PR only modifies CRD type definitions and constants in config/v1/types_cluster_version.go; no cryptographic algorithms, custom crypto implementations, or weak cipher usage detected.
Container-Privileges	✅ Passed	This PR modifies only Go type definition files for Kubernetes CRDs, not container/K8s manifests. No privileged container configurations present.
No-Sensitive-Data-In-Logs	✅ Passed	No logging statements found in the PR. The modified file contains only type definitions, constants, and comments with no executable code. All validation messages are safe user-friendly error messag...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can scan changed files for high-signal PII patterns.

Microsoft Presidio Analyzer scans changed files for sensitive identifiers such as payment card numbers, US Social Security numbers, Bitcoin wallet addresses, and phone numbers. To tune entities, score thresholds, or languages, add Microsoft Presidio configuration in the repository (for example .presidiocli or AnalyzerEngineProvider YAML). When that configuration is present, CodeRabbit skips the built-in Presidio scan.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

config/v1/types_cluster_version.go (1)

22-22: ⚡ Quick win

Add/extend CRD validation tests for the new dependency rule.

Please add explicit create/update tests for ClusterAPI requiring CompatibilityRequirements (both failing and passing paths), mirroring the existing marketplace dependency test style.

As per coding guidelines, “Add validation tests in <group>/<version>/tests/<crd-name>/” for API validation changes.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1/types_cluster_version.go` at line 22, Add CRD validation tests for
the new XValidation rule in types_cluster_version.go that enforces ClusterAPI
requires CompatibilityRequirements: create tests under the API group/version
tests directory (following the pattern in existing marketplace dependency tests)
that cover both failing and passing paths for create and update operations; name
tests clearly (e.g.,
TestCreateClusterVersion_ClusterAPIWithoutCompatibilityRequirements_Fails and
TestUpdateClusterVersion_EnableCompatibilityRequirements_Passes) and construct
ClusterVersion objects toggling spec.capabilities.additionalEnabledCapabilities
and status.capabilities.enabledCapabilities to assert validation rejection when
ClusterAPI is present without CompatibilityRequirements and acceptance when
CompatibilityRequirements is present either in spec or in status.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config/v1/types_cluster_version.go`:
- Line 22: The XValidation rule currently only applies when
spec.capabilities.baselineCapabilitySet == 'None', letting configs with a
non-None baseline (e.g., baselineCapabilitySet: v4.18) enable ClusterAPI without
CompatibilityRequirements; remove the baselineCapabilitySet check so the rule
always enforces the dependency: update the kubebuilder XValidation expression in
types_cluster_version.go to check for the presence of spec.capabilities and
spec.capabilities.additionalEnabledCapabilities, and if 'ClusterAPI' is in
spec.capabilities.additionalEnabledCapabilities require
'CompatibilityRequirements' to be either in
spec.capabilities.additionalEnabledCapabilities or (if present) in
status.capabilities.enabledCapabilities; keep the existing has(...) guards and
the same error message.

---

Nitpick comments:
In `@config/v1/types_cluster_version.go`:
- Line 22: Add CRD validation tests for the new XValidation rule in
types_cluster_version.go that enforces ClusterAPI requires
CompatibilityRequirements: create tests under the API group/version tests
directory (following the pattern in existing marketplace dependency tests) that
cover both failing and passing paths for create and update operations; name
tests clearly (e.g.,
TestCreateClusterVersion_ClusterAPIWithoutCompatibilityRequirements_Fails and
TestUpdateClusterVersion_EnableCompatibilityRequirements_Passes) and construct
ClusterVersion objects toggling spec.capabilities.additionalEnabledCapabilities
and status.capabilities.enabledCapabilities to assert validation rejection when
ClusterAPI is present without CompatibilityRequirements and acceptance when
CompatibilityRequirements is present either in spec or in status.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: afefc07d-7be7-4bb8-a2e8-90622698cd31

📥 Commits

Reviewing files that changed from the base of the PR and between 5ce2c30 and e0a748d.

📒 Files selected for processing (1)

• config/v1/types_cluster_version.go

[JoelSpeed]

The changes here look fine, but we should make this a feature gated validation based on the presence of the two gates

[JoelSpeed]

Make these feature gated enum validations instead

That way we only ship the capabilities when the feature gates are promoted

[stefanonardo]

according to this guide, we should add a capability set for the current version

[miyadav]

according to this guide, we should add a capability set for the current version

Thanks @stefanonardo for review , it is already here

[openshift-ci]

@miyadav: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.