WIP kms: wire up config overrides for KMS values#708
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: ⛔ Files ignored due to path filters (6)
📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughAdds operatorConfig.Spec.UnsupportedConfigOverrides.Raw as an argument to AddKMSPluginSidecarToPodSpec, and adds a go.mod replace directive mapping github.com/openshift/library-go to github.com/kevinrizza/library-go at v0.0.0-20260610202501-42a0e5fc0061. ChangesKMS Plugin Sidecar Configuration
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error, 3 warnings)
✅ Passed checks (11 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Around line 137-138: The go.mod currently contains a replace directive
pointing to a personal fork ("github.com/kevinrizza/library-go =>
github.com/kevinrizza/library-go v0.0.0-20260609171831-1dc5b3029e36"); replace
this temporary fork reference with the official module
(github.com/openshift/library-go) once the upstream changes are merged, and use
a proper tagged release version (not a pseudo-version) or remove the replace
entirely if the required version is satisfied by the existing require line;
ensure the upstream PR is merged to openshift/library-go before updating the
replace, then run go mod tidy to update the lock info.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 4d172e8c-108b-4ba8-8413-26e972787bcb
⛔ Files ignored due to path filters (6)
go.sumis excluded by!**/*.sumvendor/github.com/openshift/library-go/pkg/operator/encryption/kms/pluginlifecycle/sidecar.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/library-go/pkg/operator/encryption/kms/pluginlifecycle/unsupported_config.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/library-go/pkg/operator/encryption/kms/pluginlifecycle/vault.gois excluded by!**/vendor/**,!vendor/**vendor/github.com/openshift/library-go/test/library/encryption/kms/vault.gois excluded by!**/vendor/**,!vendor/**vendor/modules.txtis excluded by!**/vendor/**,!vendor/**
📒 Files selected for processing (2)
go.modpkg/operator/workload/workload_openshiftapiserver_v311_00_sync.go
|
|
||
| replace github.com/openshift/library-go => github.com/kevinrizza/library-go v0.0.0-20260609171831-1dc5b3029e36 |
There was a problem hiding this comment.
Replace personal fork with official library-go release before merge.
This replace directive points to a personal fork (github.com/kevinrizza/library-go) rather than the official OpenShift library. As acknowledged in the PR description, this is temporary WIP that must be updated to vendor the official library-go change.
Supply chain risks:
- Personal forks lack the review, signing, and provenance guarantees of official releases
- The pseudo-version indicates an unreleased commit rather than a tagged version
- This introduces potential supply chain compromise vectors
Required before merge:
- The underlying library-go changes must be merged to
github.com/openshift/library-go - Update this replace directive to point to the official library (or remove it entirely if the version in the require block is sufficient)
- Use a tagged release version rather than a pseudo-version
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` around lines 137 - 138, The go.mod currently contains a replace
directive pointing to a personal fork ("github.com/kevinrizza/library-go =>
github.com/kevinrizza/library-go v0.0.0-20260609171831-1dc5b3029e36"); replace
this temporary fork reference with the official module
(github.com/openshift/library-go) once the upstream changes are merged, and use
a proper tagged release version (not a pseudo-version) or remove the replace
entirely if the required version is satisfied by the existing require line;
ensure the upstream PR is merged to openshift/library-go before updating the
replace, then run go mod tidy to update the lock info.
Source: Coding guidelines
d53a8b7 to
2e422f8
Compare
pass log level along to vault WIP - this commit is using a replaces directive for my library-go fork. needs to be updated to vendor real change in library-go
2e422f8 to
a02eb47
Compare
|
@kevinrizza: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
pass log level along to vault
WIP - this commit is using a replaces directive for my library-go fork. needs to be updated to vendor real change in library-go
Summary by CodeRabbit
Chores
Bug Fixes