NO-ISSUE: Change BareMetalHostRef's type to LocalObjectReference

[giladravid16]

Summary by CodeRabbit

Release Notes

Breaking Changes

• Removed the namespace field from bare metal host references (spec.bareMetalHostRef and status.bareMetalHostRef).
• BareMetalHost resources must now be located in the same namespace as the ImageClusterInstall resource.

Refactor

• Updated API definitions and CRD schemas to use Kubernetes standard reference format.

[openshift-ci-robot]

@giladravid16: This pull request explicitly references no jira issue.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Replaces the custom BareMetalHostReference struct with Kubernetes' standard corev1.LocalObjectReference, removing the explicit namespace field. The BareMetalHost namespace is now derived from the ImageClusterInstall object's own namespace, affecting API types, CRD schemas, controllers, tests, and manifests.

Changes

Cohort / File(s)	Summary
API Type Definitions api/v1alpha1/imageclusterinstall_types.go	Replaced custom BareMetalHostReference struct with corev1.LocalObjectReference in ImageClusterInstallSpec.BareMetalHostRef and ImageClusterInstallStatus.BareMetalHostRef, removing explicit namespace field.
API Tests api/v1alpha1/imageclusterinstall_webhook_test.go	Updated webhook tests to construct BareMetalHostRef using corev1.LocalObjectReference (name-only) instead of custom struct with name and namespace across all test cases.
CRD Schema Definitions bundle/manifests/extensions.hive.openshift.io_imageclusterinstalls.yaml, config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml	Removed namespace field and its validation requirements from both spec.bareMetalHostRef and status.bareMetalHostRef schema; added x-kubernetes-map-type: atomic and updated descriptions for name field.
Controller Implementation controllers/imageclusterinstall_controller.go, controllers/imageclusterinstall_monitor.go	Modified BMH lookup logic to derive namespace from ImageClusterInstall.Namespace rather than from reference; removed field index for .spec.bareMetalHostRef.namespace; updated helper functions to accept full ici object.
Controller Tests controllers/imageclusterinstall_controller_test.go, controllers/imageclusterinstall_monitor_test.go	Updated test fixtures and helpers to use corev1.LocalObjectReference (name-only); adjusted bmhInState helper to accept namespace argument; simplified fake-client indexing.
Manifest & Sample Configuration bundle/manifests/image-based-install-operator.clusterserviceversion.yaml, config/samples/extensions_v1alpha1_imageclusterinstall.yaml, hack/integration-test/imageclusterinstall.yaml	Removed namespace field from spec.bareMetalHostRef in example payloads and sample configuration; updated ClusterServiceVersion timestamp.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Modified Ginkgo tests lack explicit timeout specifications on Eventually() calls and 64+ assertions lack meaningful failure messages.	Add .WithTimeout() to all Eventually()/Consistently() calls and include diagnostic messages in all assertions for improved debugging.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: converting BareMetalHostRef from a custom type to Kubernetes' LocalObjectReference.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in modified test files are stable and deterministic with no dynamic content, fmt.Sprintf calls, or variable interpolation.
Microshift Test Compatibility	✅ Passed	This PR modifies existing test files without adding new Ginkgo e2e tests, so the custom check is not applicable and passes.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This pull request does not add any new Ginkgo e2e tests. The PR is a refactoring effort that changes the type of BareMetalHostRef from a custom BareMetalHostReference struct to Kubernetes' corev1.LocalObjectReference. The test file modifications are updates to existing tests to accommodate the type change, not additions of new test blocks.
Topology-Aware Scheduling Compatibility	✅ Passed	PR changes BareMetalHostRef type and controller logic with no scheduling constraints, affinity rules, or topology specifications added.
Ote Binary Stdout Contract	✅ Passed	PR modifies type definitions, controller implementations, and test files. None are entry points or test suite setup files where OTE stdout restrictions apply.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR does not introduce new Ginkgo e2e tests with IPv4 assumptions or external connectivity requirements; changes are limited to unit test updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Review rate limit: 9/10 reviews remaining, refill in 6 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giladravid16

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [giladravid16]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

controllers/imageclusterinstall_controller.go (1)

610-633: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Filter the BMH watch mapping by namespace, not just name.

After dropping the namespace field from the index, this mapper now enqueues every ImageClusterInstall whose spec.bareMetalHostRef.name matches the changed BMH name anywhere in the cluster. A change to ns-a/host-0 will also trigger reconciles for ns-b ICIs that reference their own host-0, which can fan out badly in all-namespaces mode.

Suggested fix

 	var requests []reconcile.Request
 	for _, ici := range iciList.Items {
+		if ici.Namespace != bmhNamespace {
+			continue
+		}
 		// Create a request only if the installation hasn't started
 		if ici.Status.BootTime.IsZero() {
 			req := reconcile.Request{
 				NamespacedName: types.NamespacedName{
 					Namespace: ici.Namespace,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@controllers/imageclusterinstall_controller.go` around lines 610 - 633, The
current mapper uses only ".spec.bareMetalHostRef.name" to list
ImageClusterInstalls, causing cross-namespace matches; update the mapping to
also restrict by namespace—either add a second MatchingFields entry for
".spec.bareMetalHostRef.namespace" using the BMH namespace variable (e.g.,
bmhNamespace) or, after calling r.List into iciList, filter the results by
comparing each ici.Spec.BareMetalHostRef.Namespace to the BMH namespace before
appending the reconcile.Request; keep the existing check for
ici.Status.BootTime.IsZero() when building requests.

api/v1alpha1/imageclusterinstall_types.go (1)

92-128: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Regenerate the API deepcopy/webhook artifacts before merging.

Typecheck is currently broken after this type swap: ImageClusterInstall no longer satisfies runtime.Object, and ImageClusterInstallSpec.DeepCopy is missing in the webhook path. That usually means the generated deepcopy files were not refreshed after changing these API fields. Please rerun the API generators and commit the updated generated artifacts.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/v1alpha1/imageclusterinstall_types.go` around lines 92 - 128, The API
types were changed (e.g., ImageClusterInstall, ImageClusterInstallSpec and
ImageClusterInstallStatus) but the generated deepcopy/webhook artifacts were not
updated, causing ImageClusterInstall to no longer satisfy runtime.Object and
ImageClusterInstallSpec.DeepCopy to be missing; regenerate the codegen artifacts
(deepcopy, client, listers/webhooks as your project uses) by rerunning your
repository's API generators (e.g., controller-gen and/or your project's
hack/update-codegen scripts), commit the updated generated files, and verify
ImageClusterInstall now implements runtime.Object and that
ImageClusterInstallSpec.DeepCopy exists.

🧹 Nitpick comments (1)

controllers/imageclusterinstall_controller_test.go (1)

2638-2644: ⚡ Quick win

Add a cross-namespace collision test for mapBMHToICI

With name-only indexing (Line [2638]-Line [2644]), please add one regression test that creates two ImageClusterInstall objects in different namespaces referencing the same BMH name, then asserts only the BMH’s namespace is enqueued. This protects the new LocalObjectReference behavior from accidental cross-namespace matches.

Proposed test addition

+It("does not return requests from other namespaces with the same BMH name", func() {
+	bmh := &bmh_v1alpha1.BareMetalHost{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-bmh",
+			Namespace: clusterInstallNamespace,
+		},
+	}
+	Expect(c.Create(ctx, bmh)).To(Succeed())
+
+	sameNS := &v1alpha1.ImageClusterInstall{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      clusterInstallName,
+			Namespace: clusterInstallNamespace,
+		},
+		Spec: v1alpha1.ImageClusterInstallSpec{
+			BareMetalHostRef: &corev1.LocalObjectReference{Name: bmh.Name},
+		},
+	}
+	Expect(c.Create(ctx, sameNS)).To(Succeed())
+
+	otherNS := &v1alpha1.ImageClusterInstall{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "other-ns-ici",
+			Namespace: "other-namespace",
+		},
+		Spec: v1alpha1.ImageClusterInstallSpec{
+			BareMetalHostRef: &corev1.LocalObjectReference{Name: bmh.Name},
+		},
+	}
+	Expect(c.Create(ctx, otherNS)).To(Succeed())
+
+	requests := r.mapBMHToICI(ctx, bmh)
+	Expect(requests).To(HaveLen(1))
+	Expect(requests[0].NamespacedName).To(Equal(types.NamespacedName{
+		Name:      clusterInstallName,
+		Namespace: clusterInstallNamespace,
+	}))
+})

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@controllers/imageclusterinstall_controller_test.go` around lines 2638 - 2644,
Add a regression test for mapBMHToICI: when the index is name-only (WithIndex
key ".spec.bareMetalHostRef.name"), create two ImageClusterInstall objects in
different namespaces that both reference a BareMetalHost with the same Name,
then call mapBMHToICI and assert the resulting reconcile request enqueues only
the BareMetalHost's namespace (not both ImageClusterInstall namespaces); locate
test helpers and usages around WithIndex and the mapBMHToICI invocation in
controllers/imageclusterinstall_controller_test.go and ensure the test
constructs ImageClusterInstall.Spec.BareMetalHostRef as a LocalObjectReference
to exercise the cross-namespace protection.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/v1alpha1/imageclusterinstall_types.go`:
- Around line 90-92: The change removed namespace information from the
BareMetalHostRef causing CRs that referenced BareMetalHosts in other namespaces
to be misresolved; revert to an explicit namespaced reference and add
validation: change the BareMetalHostRef field type from
corev1.LocalObjectReference to corev1.ObjectReference (so it includes Name and
Namespace) in the ImageClusterInstall spec, update the field comment to require
Namespace when referencing cross-namespace BMHs, and add/adjust the
ImageClusterInstall admission validation (ValidateCreate/ValidateUpdate) to
reject empty or ambiguous namespaces (or explicitly require a migration step) so
existing persisted CRs keep their intended target rather than silently resolving
to ici.Namespace.

---

Outside diff comments:
In `@api/v1alpha1/imageclusterinstall_types.go`:
- Around line 92-128: The API types were changed (e.g., ImageClusterInstall,
ImageClusterInstallSpec and ImageClusterInstallStatus) but the generated
deepcopy/webhook artifacts were not updated, causing ImageClusterInstall to no
longer satisfy runtime.Object and ImageClusterInstallSpec.DeepCopy to be
missing; regenerate the codegen artifacts (deepcopy, client, listers/webhooks as
your project uses) by rerunning your repository's API generators (e.g.,
controller-gen and/or your project's hack/update-codegen scripts), commit the
updated generated files, and verify ImageClusterInstall now implements
runtime.Object and that ImageClusterInstallSpec.DeepCopy exists.

In `@controllers/imageclusterinstall_controller.go`:
- Around line 610-633: The current mapper uses only
".spec.bareMetalHostRef.name" to list ImageClusterInstalls, causing
cross-namespace matches; update the mapping to also restrict by namespace—either
add a second MatchingFields entry for ".spec.bareMetalHostRef.namespace" using
the BMH namespace variable (e.g., bmhNamespace) or, after calling r.List into
iciList, filter the results by comparing each
ici.Spec.BareMetalHostRef.Namespace to the BMH namespace before appending the
reconcile.Request; keep the existing check for ici.Status.BootTime.IsZero() when
building requests.

---

Nitpick comments:
In `@controllers/imageclusterinstall_controller_test.go`:
- Around line 2638-2644: Add a regression test for mapBMHToICI: when the index
is name-only (WithIndex key ".spec.bareMetalHostRef.name"), create two
ImageClusterInstall objects in different namespaces that both reference a
BareMetalHost with the same Name, then call mapBMHToICI and assert the resulting
reconcile request enqueues only the BareMetalHost's namespace (not both
ImageClusterInstall namespaces); locate test helpers and usages around WithIndex
and the mapBMHToICI invocation in
controllers/imageclusterinstall_controller_test.go and ensure the test
constructs ImageClusterInstall.Spec.BareMetalHostRef as a LocalObjectReference
to exercise the cross-namespace protection.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 45f51792-42ce-47d6-9d93-5c86092bf7de

📥 Commits

Reviewing files that changed from the base of the PR and between ffeb54a and 38ae254.

⛔ Files ignored due to path filters (1)

• api/v1alpha1/zz_generated.deepcopy.go is excluded by !**/zz_generated*

📒 Files selected for processing (11)

• api/v1alpha1/imageclusterinstall_types.go
• api/v1alpha1/imageclusterinstall_webhook_test.go
• bundle/manifests/extensions.hive.openshift.io_imageclusterinstalls.yaml
• bundle/manifests/image-based-install-operator.clusterserviceversion.yaml
• config/crd/bases/extensions.hive.openshift.io_imageclusterinstalls.yaml
• config/samples/extensions_v1alpha1_imageclusterinstall.yaml
• controllers/imageclusterinstall_controller.go
• controllers/imageclusterinstall_controller_test.go
• controllers/imageclusterinstall_monitor.go
• controllers/imageclusterinstall_monitor_test.go
• hack/integration-test/imageclusterinstall.yaml

💤 Files with no reviewable changes (2)

• hack/integration-test/imageclusterinstall.yaml
• config/samples/extensions_v1alpha1_imageclusterinstall.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

This silently changes the meaning of existing CRs that used a different BMH namespace.

Before this change, persisted spec.bareMetalHostRef.namespace values were honored; after this change the controller resolves the BMH from ici.Namespace instead. Any existing ImageClusterInstall that referenced a host in another namespace will now either stop finding it or, worse, resolve a same-named BMH in the ICI namespace. This needs an explicit migration/validation story before rollout.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/v1alpha1/imageclusterinstall_types.go` around lines 90 - 92, The change
removed namespace information from the BareMetalHostRef causing CRs that
referenced BareMetalHosts in other namespaces to be misresolved; revert to an
explicit namespaced reference and add validation: change the BareMetalHostRef
field type from corev1.LocalObjectReference to corev1.ObjectReference (so it
includes Name and Namespace) in the ImageClusterInstall spec, update the field
comment to require Namespace when referencing cross-namespace BMHs, and
add/adjust the ImageClusterInstall admission validation
(ValidateCreate/ValidateUpdate) to reject empty or ambiguous namespaces (or
explicitly require a migration step) so existing persisted CRs keep their
intended target rather than silently resolving to ici.Namespace.

[giladravid16]

/hold

[openshift-ci]

@giladravid16: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ibio	38ae254	link	true	/test e2e-ibio
ci/prow/ibio-reinstall-v4v6	38ae254	link	false	/test ibio-reinstall-v4v6
ci/prow/ibio-reinstall	38ae254	link	false	/test ibio-reinstall
ci/prow/e2e-ibio-v6v4	38ae254	link	true	/test e2e-ibio-v6v4
ci/prow/e2e-ibio-v4v6	38ae254	link	true	/test e2e-ibio-v4v6
ci/prow/ibio-reinstall-v6v4	38ae254	link	false	/test ibio-reinstall-v6v4

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.