HYPERFLEET-1317 - chore: add Ruclo to OWNERS#12
Conversation
Add SubnetSpec model and optional subnets array to ClusterPlatform to support subnet configuration in cluster platform spec. Required by E2E tests that validate Maestro Go template rendering of subnet data in ManifestWork ConfigMaps.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR introduces a Estimated code review effort: 2 (Simple) | ~10 minutes Security Notes
Sequence Diagram(s)Not applicable — this PR is schema/metadata-only with no new multi-component runtime control flow. 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
models/cluster/model.tsp (1)
14-19: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winNo format validation on
cidr/role.
cidr: stringaccepts any value, not just valid CIDR notation, androle: stringis unconstrained despite representing a small fixed set of values (e.g. public/private). Per HyperFleet SEC-03, input must be validated at API boundaries — this model defines the request schema.🛡️ Proposed constraint
model SubnetSpec { id: string; name: string; - cidr: string; - role: string; + `@pattern`("^([0-9]{1,3}\\.){3}[0-9]{1,3}/[0-9]{1,2}$") + cidr: string; + role: "public" | "private"; }Note: this mirrors the existing unconstrained
ClusterNetworkEntry.cidrfield, so it's an existing pattern rather than a new regression — flagging as improvement opportunity.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@models/cluster/model.tsp` around lines 14 - 19, The SubnetSpec request schema currently leaves cidr and role as unconstrained strings, so add API-boundary validation in the model definition to enforce valid CIDR format and restrict role to the allowed set (for example public/private). Update the SubnetSpec type in the cluster model to use appropriate validation/enum constraints, and keep the field names cidr and role aligned with any existing request/schema patterns.Source: Path instructions
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@models/cluster/model.tsp`:
- Around line 14-19: The SubnetSpec request schema currently leaves cidr and
role as unconstrained strings, so add API-boundary validation in the model
definition to enforce valid CIDR format and restrict role to the allowed set
(for example public/private). Update the SubnetSpec type in the cluster model to
use appropriate validation/enum constraints, and keep the field names cidr and
role aligned with any existing request/schema patterns.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 2189ffa2-fa70-464a-b5a4-121bc89c4271
📒 Files selected for processing (6)
CHANGELOG.mdOWNERSmain.tspmodels/cluster/model.tspschemas/template/openapi.yamlschemas/template/swagger.yaml
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift-hyperfleet/architecture(manual)openshift-hyperfleet/hyperfleet-api(manual)openshift-hyperfleet/hyperfleet-sentinel(manual)openshift-hyperfleet/hyperfleet-adapter(manual)openshift-hyperfleet/hyperfleet-broker(manual)
Summary
JIRA
https://redhat.atlassian.net/browse/HYPERFLEET-1317