Skip to content

HYPERFLEET-1202 - refactor: derive E2E HTTP client from api-spec-template#138

Open
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-refactor-e2e-http-client
Open

HYPERFLEET-1202 - refactor: derive E2E HTTP client from api-spec-template#138
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-refactor-e2e-http-client

Conversation

@rafabene

@rafabene rafabene commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Refactor E2E HTTP client to generate from api-spec-template (partner contract) instead of api-spec (core contract)
  • Both specs downloaded from GitHub releases via curl — no Go module dependency on spec repos (language-agnostic)
  • Template spec → typed client for partner entities (Clusters, NodePools, Channels, Versions, WifConfigs) in pkg/api/openapi/
  • Core spec → internal types only (AdapterStatus, AdapterCondition, ForceDeleteRequest) in pkg/api/core/
  • Channel, Version, WifConfig client methods now use generated typed models instead of generic Resource with map[string]any
  • Cluster/NodePool status and force-delete endpoints use doJSON (internal-only, not in template spec)

Test plan

  • make check passes (generate, fmt-check, vet, lint, test)
  • make build compiles successfully
  • E2E tests pass against a live environment

@openshift-ci openshift-ci Bot requested review from tirthct and vkareh July 1, 2026 15:23
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ciaranroche for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added stronger, typed handling for channel, version, and WifConfig operations (create, patch, list, delete) with explicit HTTP status validation.
    • Expanded adapter status and force-delete support for cluster and nodepool flows using core API types.
  • Bug Fixes

    • Standardized lifecycle and deletion/update condition assertions using consistent boolean status values.
    • Updated targeted PATCH payload handling (including label-based updates and typed spec fields) for more reliable verification.
  • Tests / Chores

    • Migrated e2e suites and shared helpers (matchers, pollers, validation) to core adapter status/condition types.
    • Improved OpenAPI generation via parameterized spec versions, added core codegen config, and updated generated artifact cleanup/ignore rules.

Walkthrough

This PR removes the hyperfleet-api-spec dependency, adds generated core API output, and rewires code generation to fetch versioned OpenAPI specs. Client code now uses typed OpenAPI models and direct HTTP calls for selected endpoints. Helper code moves adapter status handling to core types. E2E tests update condition checks to openapi.True/openapi.False, adopt core adapter statuses, and switch several PATCH flows to typed payloads or label-based updates.

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (10 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the refactor to generate the E2E HTTP client from the api-spec-template.
Description check ✅ Passed The description is directly related to the changeset and accurately describes the client/spec refactor.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed No non-test log calls interpolate token/password/credential/secret; no CWE-532 secret-in-log exposure found.
No Hardcoded Secrets ✅ Passed No hardcoded secrets, embedded credentials, long base64 blobs, or sensitive string assignments were found in the touched files (CWE-798/CWE-259).
No Weak Cryptography ✅ Passed No md5/des/rc4/ECB, SHA1-for-security, custom crypto, or secret/HMAC comparisons found in the repo scan; no CWE-327/CWE-328/CWE-208 signal.
No Injection Vectors ✅ Passed No new CWE-89/78/79/502 sink appears in changed non-test code; only fmt.Sprintf for API paths/logging and json.Unmarshal in trusted payload loading.
No Privileged Containers ✅ Passed No changed Kubernetes/OpenShift manifest, Helm template, or Dockerfile contains privileged markers; the only YAML change is a codegen config, not deployable.
No Pii Or Sensitive Data In Logs ✅ Passed Only structured logs of resource names/IDs, payload paths, and reasons were found; no raw bodies, secrets, or PII, and debug logs default off.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
e2e/channel/crud_lifecycle.go (1)

75-90: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Assert EnabledRegex too. The GET after PATCH only checks IsDefault; add an assertion for EnabledRegex so a regression in the patched regex can’t slip through.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/channel/crud_lifecycle.go` around lines 75 - 90, The PATCH/GET lifecycle
check in the channel CRUD test only verifies IsDefault, so a regression in
EnabledRegex could be missed. Update the verification after h.Client.GetChannel
in the crud_lifecycle.go test to also assert fetched.Spec.EnabledRegex matches
the patched enabledRegex value, alongside the existing IsDefault check, so both
fields set by PatchChannel are validated.
🧹 Nitpick comments (4)
pkg/client/channel.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated channel errors.

These bare returns drop operation-specific context. Keep the generated HTTP status handling, but wrap the error before returning.

Wrap response and payload errors
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusCreated, "create channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create channel response: %w", err)
 	}
@@
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusAccepted, "delete channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete channel %q response: %w", channelID, err)
 	}
@@
 	channel, err := handleHTTPResponse[openapi.Channel](resp, http.StatusOK, "patch channel")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch channel %q response: %w", channelID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load channel payload %q: %w", payloadPath, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/channel.go` around lines 22 - 24, The create channel flow in
channel.go is returning a bare error from handleHTTPResponse without operation
context. Update the affected return paths in the channel-related functions
(including the create/retrieve/update/delete helpers) so they wrap the
propagated error with the operation name before returning, while keeping the
existing HTTP status checks and generated response handling intact.

Source: Path instructions

pkg/client/wifconfig.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated WifConfig errors.

The direct returns drop request context from HTTP decode/status failures and payload loading failures.

Wrap response and payload errors
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusCreated, "create wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create wifconfig %q response: %w", req.Name, err)
 	}
@@
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusAccepted, "delete wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete wifconfig %q response: %w", wifConfigID, err)
 	}
@@
 	wifConfig, err := handleHTTPResponse[openapi.WifConfig](resp, http.StatusOK, "patch wifconfig")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch wifconfig %q response: %w", wifConfigID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load wifconfig payload %q: %w", payloadPath, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/wifconfig.go` around lines 22 - 24, Wrap the propagated WifConfig
failures so they preserve request context instead of returning the raw error. In
the WifConfig client flow, update the direct error returns around
handleHTTPResponse, payload loading, and related call sites in the WifConfig
methods to use the project’s Error Model Standard with contextual wrapping; use
the surrounding method names and request intent (for example the
create/update/read WifConfig paths) to identify each bare return err and replace
them consistently.

Source: Path instructions

pkg/client/version.go (1)

22-24: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Wrap propagated version errors.

Bare returns lose the channel/version identifiers that make E2E failures diagnosable.

Wrap response and payload errors
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusCreated, "create version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create version %q in channel %s response: %w", req.Name, channelID, err)
 	}
@@
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusAccepted, "delete version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("delete version %q in channel %s response: %w", versionID, channelID, err)
 	}
@@
 	version, err := handleHTTPResponse[openapi.Version](resp, http.StatusOK, "patch version")
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("patch version %q in channel %s response: %w", versionID, channelID, err)
 	}
@@
 	if err != nil {
 		logger.Error("failed to load payload", "channel_id", channelID, "payload_path", payloadPath, "error", err)
-		return nil, err
+		return nil, fmt.Errorf("load version payload %q for channel %s: %w", payloadPath, channelID, err)
 	}

As per path instructions, “Wrap errors per Error Model Standard — no bare return err.”

Also applies to: 59-61, 76-78, 88-91

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/client/version.go` around lines 22 - 24, The version-related error paths
in version.go are returning raw errors, which drops the channel/version context
needed for diagnosis. Update the response and payload handling in the version
creation flow and the other mentioned version helpers so that errors are wrapped
before returning, using the existing function names like handleHTTPResponse and
the version create/update logic to add channel/version identifiers and operation
context. Keep the same control flow, but replace bare err propagation with
wrapped errors that preserve the underlying cause and relevant version metadata.

Source: Path instructions

e2e/nodepool/concurrent_creation.go (1)

143-143: 🚀 Performance & Scalability | 🔵 Trivial | 💤 Low value

Preallocate adapterMap with known capacity.

len(statuses.Items) is known here (same pattern already applied correctly in e2e/cluster/stuck_deletion.go). Same gap repeats in e2e/nodepool/creation.go:59.

As per path instructions, "preallocate slices/maps when size is known."

Proposed fix
-						adapterMap := make(map[string]core.AdapterStatus)
+						adapterMap := make(map[string]core.AdapterStatus, len(statuses.Items))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@e2e/nodepool/concurrent_creation.go` at line 143, The adapterMap
initialization in the nodepool concurrent creation flow should be preallocated
because the number of status items is already known. Update the map creation in
the logic that builds adapterMap from statuses.Items to use the existing item
count as capacity, following the same pattern used in the stuck deletion path
and the creation flow. This change should be applied wherever adapterMap is
constructed in this routine so the map starts with the expected size instead of
growing dynamically.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Makefile`:
- Around line 46-63: The Makefile’s generate target currently downloads mutable
OpenAPI artifacts using API_SPEC_VERSION and API_SPEC_TEMPLATE_VERSION defaults
of latest, with no integrity verification. Update the generate flow to use
immutable release versions instead of latest, add SHA-256 checksum validation
for the downloaded files, and make the curl calls fail on HTTP errors so the
generate step cannot proceed with unexpected or tampered specs; apply this in
the generate target where the openapi/openapi.yaml and openapi/core-openapi.yaml
downloads are performed.

---

Outside diff comments:
In `@e2e/channel/crud_lifecycle.go`:
- Around line 75-90: The PATCH/GET lifecycle check in the channel CRUD test only
verifies IsDefault, so a regression in EnabledRegex could be missed. Update the
verification after h.Client.GetChannel in the crud_lifecycle.go test to also
assert fetched.Spec.EnabledRegex matches the patched enabledRegex value,
alongside the existing IsDefault check, so both fields set by PatchChannel are
validated.

---

Nitpick comments:
In `@e2e/nodepool/concurrent_creation.go`:
- Line 143: The adapterMap initialization in the nodepool concurrent creation
flow should be preallocated because the number of status items is already known.
Update the map creation in the logic that builds adapterMap from statuses.Items
to use the existing item count as capacity, following the same pattern used in
the stuck deletion path and the creation flow. This change should be applied
wherever adapterMap is constructed in this routine so the map starts with the
expected size instead of growing dynamically.

In `@pkg/client/channel.go`:
- Around line 22-24: The create channel flow in channel.go is returning a bare
error from handleHTTPResponse without operation context. Update the affected
return paths in the channel-related functions (including the
create/retrieve/update/delete helpers) so they wrap the propagated error with
the operation name before returning, while keeping the existing HTTP status
checks and generated response handling intact.

In `@pkg/client/version.go`:
- Around line 22-24: The version-related error paths in version.go are returning
raw errors, which drops the channel/version context needed for diagnosis. Update
the response and payload handling in the version creation flow and the other
mentioned version helpers so that errors are wrapped before returning, using the
existing function names like handleHTTPResponse and the version create/update
logic to add channel/version identifiers and operation context. Keep the same
control flow, but replace bare err propagation with wrapped errors that preserve
the underlying cause and relevant version metadata.

In `@pkg/client/wifconfig.go`:
- Around line 22-24: Wrap the propagated WifConfig failures so they preserve
request context instead of returning the raw error. In the WifConfig client
flow, update the direct error returns around handleHTTPResponse, payload
loading, and related call sites in the WifConfig methods to use the project’s
Error Model Standard with contextual wrapping; use the surrounding method names
and request intent (for example the create/update/read WifConfig paths) to
identify each bare return err and replace them consistently.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b79c90ef-161e-472a-80ff-32db1e885b35

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa8341 and 1b11559.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (45)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • hack/tools.go
  • go.mod

Comment thread Makefile
@rafabene rafabene force-pushed the HYPERFLEET-1202-refactor-e2e-http-client branch from 1b11559 to 815f79e Compare July 1, 2026 20:18

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
Makefile (1)

46-63: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Checksum verification still missing (CWE-494).

Version pinning + -f on curl (Lines 47-48, 56-60) fixes the latest-tag drift from the prior review, but the downloaded spec YAMLs still have zero integrity verification. A compromised or re-tagged GitHub release for hyperfleet-api-spec-template/hyperfleet-api-spec at these pinned tags would silently alter generated client code (CWE-494: Download of Code Without Integrity Check). "Immutable tags" is not a substitute for checksum pinning — GitHub release assets under a given tag can still be replaced by repo maintainers/compromised tokens.

As per path instructions, **/Makefile requires: "No curl-pipe-bash for tool installation (use checksummed downloads)".

🔒 Add checksum pinning
 API_SPEC_VERSION ?= v1.0.25
 API_SPEC_TEMPLATE_VERSION ?= v1.0.26
+API_SPEC_SHA256 ?= <pin-me>
+API_SPEC_TEMPLATE_SHA256 ?= <pin-me>

 .PHONY: generate
 generate: $(OAPI_CODEGEN) ## Generate API client code from OpenAPI schema
 	rm -f pkg/api/openapi/openapi.gen.go pkg/api/core/core.gen.go
 	mkdir -p pkg/api/openapi pkg/api/core openapi
 	`@rm` -f openapi/openapi.yaml openapi/core-openapi.yaml
 	`@echo` "Downloading template spec ($(API_SPEC_TEMPLATE_VERSION))..."
 	`@curl` -sfL -o openapi/openapi.yaml \
 		"https://github.com/openshift-hyperfleet/hyperfleet-api-spec-template/releases/download/$(API_SPEC_TEMPLATE_VERSION)/template-openapi.yaml"
+	`@echo` "$(API_SPEC_TEMPLATE_SHA256)  openapi/openapi.yaml" | sha256sum -c -
 	`@echo` "Downloading core spec ($(API_SPEC_VERSION))..."
 	`@curl` -sfL -o openapi/core-openapi.yaml \
 		"https://github.com/openshift-hyperfleet/hyperfleet-api-spec/releases/download/$(API_SPEC_VERSION)/core-openapi.yaml"
+	`@echo` "$(API_SPEC_SHA256)  openapi/core-openapi.yaml" | sha256sum -c -
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 46 - 63, The generate target in Makefile still
downloads OpenAPI spec assets without integrity checks, so add checksum
verification for the files fetched by the curl commands in generate. Update the
workflow around API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and the downloads
for openapi/openapi.yaml and openapi/core-openapi.yaml to validate each asset
against a pinned checksum before running OAPI_CODEGEN. Keep the fix localized to
the generate rule and make it fail fast if the downloaded content does not match
the expected digest.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@Makefile`:
- Around line 46-63: The generate target in Makefile still downloads OpenAPI
spec assets without integrity checks, so add checksum verification for the files
fetched by the curl commands in generate. Update the workflow around
API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and the downloads for
openapi/openapi.yaml and openapi/core-openapi.yaml to validate each asset
against a pinned checksum before running OAPI_CODEGEN. Keep the fix localized to
the generate rule and make it fail fast if the downloaded content does not match
the expected digest.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e912c016-4160-4cff-93f2-aa51266352bc

📥 Commits

Reviewing files that changed from the base of the PR and between 1b11559 and 815f79e.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (45)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • hack/tools.go
  • go.mod
✅ Files skipped from review due to trivial changes (6)
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/cluster/force_delete.go
  • openapi/oapi-codegen-core.yaml
  • e2e/nodepool/update_edge_cases.go
  • .gitignore
🚧 Files skipped from review as they are similar to previous changes (36)
  • e2e/cluster/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/cluster/update.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/delete.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/update_edge_cases.go
  • e2e/channel/crud_lifecycle.go
  • e2e/version/crud_lifecycle.go
  • pkg/helper/validation.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/cluster/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/cluster/adapter_failure.go
  • e2e/nodepool/update.go
  • pkg/helper/pollers.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/stuck_deletion.go
  • e2e/wifconfig/crud_lifecycle.go
  • e2e/adapter/adapter_failover.go
  • pkg/client/nodepool.go
  • e2e/adapter/maestro_unavailability.go
  • pkg/client/version.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/cluster/creation.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/client/cluster.go
  • e2e/nodepool/lifecycle_smoke.go
  • pkg/client/channel.go

…late

Refactor E2E tests to generate the HTTP client from api-spec-template
(partner contract) instead of api-spec (core contract). Both specs are
downloaded from GitHub releases via curl, keeping spec repos
language-agnostic with no Go module dependency.

- Template spec generates typed client for partner entities (Clusters,
  NodePools, Channels, Versions, WifConfigs) into pkg/api/openapi/
- Core spec generates internal types (AdapterStatus, AdapterCondition,
  ForceDeleteRequest) into pkg/api/core/
- Channel, Version, WifConfig client methods now use generated typed
  models instead of generic Resource with map[string]any
- Cluster/NodePool status and force-delete endpoints use doJSON since
  they are internal-only and not in the template spec
- E2E tests updated to use openapi.* for partner types and core.* for
  internal types
- Spec versions pinned to immutable tags with curl --fail
- Updated test assertions from map-based (HaveKey) to typed struct
  field access
- Updated nodepool-patch.json payload to use typed NodePoolSpec fields
@rafabene rafabene force-pushed the HYPERFLEET-1202-refactor-e2e-http-client branch from 815f79e to e27beda Compare July 1, 2026 21:54

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
Makefile (1)

46-63: 🔒 Security & Privacy | 🔵 Trivial

Enable GitHub Immutable Releases on the spec repos. It locks release assets and tags after publish, closing the remaining CWE-494/CWE-829 supply-chain window without adding checksum handling here.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 46 - 63, Update the OpenAPI spec download flow in the
generate target to rely on GitHub Immutable Releases for both spec repositories,
since the current curl-based pulls from the versioned release assets still
depend on mutable release contents. Keep the existing generate workflow and
symbols like API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and generate, but
adjust the source/versioning approach so the downloaded assets are from
immutable releases after publish.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Makefile`:
- Around line 46-63: Update the OpenAPI spec download flow in the generate
target to rely on GitHub Immutable Releases for both spec repositories, since
the current curl-based pulls from the versioned release assets still depend on
mutable release contents. Keep the existing generate workflow and symbols like
API_SPEC_VERSION, API_SPEC_TEMPLATE_VERSION, and generate, but adjust the
source/versioning approach so the downloaded assets are from immutable releases
after publish.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1ace306c-74d3-4b24-95b4-8d41d9ad44ee

📥 Commits

Reviewing files that changed from the base of the PR and between 815f79e and e27beda.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (46)
  • .gitignore
  • Makefile
  • e2e/adapter/adapter_failover.go
  • e2e/adapter/adapter_with_maestro.go
  • e2e/adapter/maestro_unavailability.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/adapter_failure.go
  • e2e/cluster/concurrent_creation.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/creation.go
  • e2e/cluster/delete.go
  • e2e/cluster/delete_edge_cases.go
  • e2e/cluster/delete_external.go
  • e2e/cluster/force_delete.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • e2e/cluster/stuck_deletion.go
  • e2e/cluster/update.go
  • e2e/cluster/update_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/version/crud_lifecycle.go
  • e2e/wifconfig/crud_lifecycle.go
  • go.mod
  • hack/tools.go
  • openapi/oapi-codegen-core.yaml
  • pkg/client/channel.go
  • pkg/client/cluster.go
  • pkg/client/nodepool.go
  • pkg/client/version.go
  • pkg/client/wifconfig.go
  • pkg/helper/matchers.go
  • pkg/helper/pollers.go
  • pkg/helper/validation.go
  • testdata/payloads/nodepools/nodepool-patch.json
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
💤 Files with no reviewable changes (2)
  • go.mod
  • hack/tools.go
✅ Files skipped from review due to trivial changes (4)
  • e2e/cluster/perf_cascade_delete_latency.go
  • e2e/cluster/perf_read_entity_size_latency.go
  • e2e/cluster/perf_update_latency.go
  • .gitignore
🚧 Files skipped from review as they are similar to previous changes (38)
  • e2e/nodepool/perf_delete_latency.go
  • e2e/nodepool/update_edge_cases.go
  • e2e/cluster/perf_create_latency.go
  • e2e/cluster/update.go
  • e2e/nodepool/perf_create_latency.go
  • e2e/cluster/perf_delete_latency.go
  • e2e/cluster/lifecycle_smoke.go
  • e2e/nodepool/delete.go
  • e2e/nodepool/lifecycle_smoke.go
  • e2e/cluster/delete_edge_cases.go
  • pkg/helper/validation.go
  • openapi/oapi-codegen-core.yaml
  • e2e/cluster/delete_external.go
  • e2e/nodepool/update.go
  • e2e/adapter/maestro_unavailability.go
  • pkg/helper/pollers.go
  • e2e/cluster/crash_recovery.go
  • e2e/cluster/force_delete.go
  • e2e/wifconfig/crud_lifecycle.go
  • e2e/channel/crud_lifecycle.go
  • e2e/cluster/delete.go
  • pkg/client/cluster.go
  • e2e/cluster/concurrent_creation.go
  • pkg/client/nodepool.go
  • e2e/version/crud_lifecycle.go
  • e2e/cluster/update_edge_cases.go
  • e2e/cluster/adapter_failure.go
  • e2e/nodepool/creation.go
  • e2e/nodepool/delete_edge_cases.go
  • e2e/nodepool/concurrent_creation.go
  • pkg/helper/matchers.go
  • pkg/client/channel.go
  • e2e/adapter/adapter_failover.go
  • e2e/cluster/creation.go
  • e2e/cluster/stuck_deletion.go
  • pkg/client/version.go
  • e2e/adapter/adapter_with_maestro.go
  • pkg/client/wifconfig.go

@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

/retest

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

@rafabene: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-deployment-validation e27beda link true /test e2e-deployment-validation

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

The only remaining E2E failure (Maestro transport test) is caused by the template spec missing the subnets field in ClusterPlatform. This is fixed in openshift-hyperfleet/hyperfleet-api-spec-template#11 — once that PR is merged and released as v1.0.27, I will update API_SPEC_TEMPLATE_VERSION in the Makefile and the cluster payload to use the new typed fields.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant