OTA-1548: set up accepted risks

[hongkailiu]

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

• New Features

  • Added a CLI command to manage accepting conditional update risks.
  • CLI can set per-command environment variables for test commands.

• Improvements

  • Upgrade flow now preserves accepted risks when constructing or clearing updates.
  • Rollback command is now visible in the CLI.
  • Feature-gate wiring added for the new accept command.

• Tests

  • Added unit tests for add/remove/replace/clear risk logic and new end-to-end tests.

• Chores

  • Updated dependencies.

• Style

  • Expanded describer exceptions for an additional API group/version.

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a new Cobra subcommand to manage ClusterVersion.spec.desiredUpdate.acceptRisks, wires it behind a feature gate, propagates AcceptRisks into upgrade/cancel flows, adds unit and e2e tests, extends test CLI env var support, tweaks rollback visibility and describer exceptions, and bumps two dependencies. (≤50 words)

Changes

Cohort / File(s)	Summary
Accept Risk command & unit tests pkg/cli/admin/upgrade/accept/accept.go, pkg/cli/admin/upgrade/accept/accept_test.go	New accept Cobra command (New) with options, clusterVersionInterface, Complete/Run, getAcceptRisks, patchDesiredUpdate, flag handling (--replace,--clear), validation logic, and unit tests for getAcceptRisks.
Upgrade integration pkg/cli/admin/upgrade/upgrade.go	Wired accept subcommand behind OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS; changed cancel/update flows to preserve and propagate spec.desiredUpdate.acceptRisks when constructing and patching updates.
E2E tests & CLI env var support test/e2e/accept.go, test/e2e/util.go	New e2e test exercising accept-risk CLI flows and helper verifyAcceptRisks; test CLI utilities extended to support per-command env vars (CLI.EnvVar) and IsTechPreviewNoUpgrade/SkipIfNotTechPreviewNoUpgrade.
CLI rollback visibility pkg/cli/admin/upgrade/rollback/rollback.go	Removed Hidden: true from rollback cobra.Command (command now visible); minor formatting adjustments.
Describer test exceptions pkg/helpers/describe/describer_test.go	Added {Group: "apiextensions.openshift.io", Version: "v1alpha1"} to MissingDescriberGroupCoverageExceptions.
Dependencies go.mod	Bumped github.com/openshift/api and github.com/openshift/client-go versions in require block.

Sequence Diagram(s)

sequenceDiagram
    participant User as "User"
    participant CLI as "oc upgrade accept\n(Cobra cmd)"
    participant Client as "ClusterVersion client"
    participant API as "Kubernetes API / ClusterVersion"

    User->>CLI: invoke command (tokens, --replace/--clear)
    CLI->>CLI: parse flags, validate args
    CLI->>Client: GET ClusterVersion
    Client->>API: GET /clusterversions/{name}
    API-->>Client: return ClusterVersion (includes spec.desiredUpdate.acceptRisks)
    Client-->>CLI: return cv
    CLI->>CLI: compute new acceptRisks (getAcceptRisks)
    alt changes required
        CLI->>Client: PATCH ClusterVersion (JSON Merge Patch)
        Client->>API: PATCH /clusterversions/{name}
        API-->>Client: patched cv
        Client-->>CLI: success
        CLI->>User: print updated acceptRisks
    else no changes
        CLI->>User: print "no changes"
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 18.18% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Test code violates multiple requirements: e2e test assumes pristine cluster state and forcibly clears AcceptRisks instead of preserving original state; uses [Serial] in name without g.Serial decorator; lacks context deadlines; helper function assertions missing failure messages; environment variable handling inconsistent across Output/Outputs/Background methods.	Preserve/restore original acceptRisks state in BeforeEach/AfterEach; add g.Serial decorator; use context with deadline instead of context.TODO(); add failure messages to all assertions; centralize environment variable construction in buildEnv() helper applied consistently across all methods.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'OTA-1548: set up accepted risks' directly references the Jira ticket and describes the main feature added: setting up accepted risks functionality for cluster upgrades.
Stable And Deterministic Test Names	✅ Passed	All test names are static strings with no generated components, dynamic identifiers, timestamps, UUIDs, or values that change between runs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

134-136: Placeholder logic pending API update.

The hardcoded fake risks bypass actual ClusterVersion data. Ensure this is tracked for completion once the o/api dependency is updated.

Would you like me to open an issue to track this TODO?

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between f68dc90 and 42ccc9a.

📒 Files selected for processing (2)

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧬 Code graph analysis (2)

pkg/cli/admin/upgrade/accept/accept.go (1)

pkg/cli/admin/upgrade/upgrade.go (1)

• New (56-132)

pkg/cli/admin/upgrade/upgrade.go (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

• New (29-57)

🔇 Additional comments (1)

pkg/cli/admin/upgrade/upgrade.go (1)

28-28: LGTM!

The import and feature gate wiring follow the established pattern used for the status and rollback subcommands.

Also applies to: 126-128

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hongkailiu
Once this PR has been reviewed and has the lgtm label, please assign atiratree for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hongkailiu]

I will wait a bit on

• e2e utilities from https://github.com/openshift/oc/pull/2181/files#diff-c3b02e1c6c92fc59f6b49a20a38dbf177d8bf4189579639ab6e08a329b85cf59
• bump o/api from the team.

[hongkailiu]

Cluster bot: launch 4.22.0-0.nightly aws,techpreview. Note that the new accept cmd probably wont work with a cluster in 4.21. But i have not tested myself.

Testing results with 583aa51:

CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc                   
go build -mod=vendor -tags 'include_gcs include_oss containers_image_openpgp gssapi' -ldflags "-X github.com/openshift/oc/pkg/version.versionFromGit="v4.2.0-alpha.0-2854-g072f397" -X github.com/openshift/oc/pkg/version.commitFromGit="072f397b9" -X github.com/openshift/oc/pkg/version.gitTreeState="dirty" -X github.com/openshift/oc/pkg/version.buildDate="2026-01-26T02:45:16Z" -X k8s.io/component-base/version.gitMajor="1" -X k8s.io/component-base/version.gitMinor="34" -X k8s.io/component-base/version.gitVersion="v1.34.1" -X k8s.io/component-base/version.gitCommit="072f397b9" -X k8s.io/component-base/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/component-base/version.gitTreeState="clean" -X k8s.io/client-go/pkg/version.gitVersion="v4.2.0-alpha.0-2854-g072f397" -X k8s.io/client-go/pkg/version.gitCommit="072f397b9" -X k8s.io/client-go/pkg/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/client-go/pkg/version.gitTreeState="dirty"" github.com/openshift/oc/cmd/oc

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$  OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear                  
info: Accept risks are []
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate      
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4 --force --allow-explicit-upgrade --allow-upgrade-with-warnings
warning: The requested upgrade image is not one of the available updates. You have used --allow-explicit-upgrade for the update to proceed anyway
warning: --force overrides cluster verification of your supplied release image and waives any update precondition failures. Only use this if you are testing unsigned release images or you are working around a known bug in the cluster-version operator and you have verified the authenticity of the provided image yourself.
Requested update to release image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: true
image: quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
version: ''
$ ✗ oc adm upgrade status                                            
Unable to fetch alerts, ignoring alerts in 'Update Health':  no token is currently in use for this session
= Control Plane =
Assessment:      Progressing
Target Version:  4.22.0-ec.1 (from 4.22.0-0.nightly-2026-01-24-213011)
...

So we showed that the patchDesiredUpdate function keeps the cv.spec.desiredUpdate.acceptRisks intact.

oc/pkg/cli/admin/upgrade/upgrade.go

Line 688 in 90d7ae6

func patchDesiredUpdate(ctx context.Context, update *configv1.Update, client configv1client.Interface,

[JianLi-RH]

Some invalid behavior need your confirm:

[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade accept -SomeInfrastructureThing --replace
error: unknown shorthand flag: 'S' in -SomeInfrastructureThing
See 'oc adm upgrade accept --help' for usage.
[jianl@jianl-thinkpadt14gen4 422]$ 
[jianl@jianl-thinkpadt14gen4 422]$ 
[jianl@jianl-thinkpadt14gen4 422]$ 
[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade accept "-SomeInfrastructureThing" --replace
error: unknown shorthand flag: 'S' in -SomeInfrastructureThing
See 'oc adm upgrade accept --help' for usage.
[jianl@jianl-thinkpadt14gen4 422]$ 
[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade accept '-SomeInfrastructureThing' --replace
error: unknown shorthand flag: 'S' in -SomeInfrastructureThing
See 'oc adm upgrade accept --help' for usage.
[jianl@jianl-thinkpadt14gen4 422]$ 

[hongkailiu]

[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade accept -SomeInfrastructureThing --replace
error: unknown shorthand flag: 'S' in -SomeInfrastructureThing

You found a design flaw. We should use riskA- to remove, instead of -riskA. I will fix it tomorrow.

$ oc label -h | grep remov -A3
  # Update pod 'foo' by removing a label named 'bar' if it exists
  # Does not require the --overwrite flag
  oc label pods foo bar-

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

• New Features

• Added a CLI command to manage accepting conditional update risks.

• Improvements

• Upgrade flow now preserves accepted risks when constructing or clearing updates.

• Rollback command is now visible in the CLI.

• Tests

• Added unit tests covering risk-add/remove/replace/clear behaviors.

• Chores

• Updated dependencies.

• Style

• Expanded describer exceptions for additional API group/version.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[hongkailiu]

$ git --no-pager log --pretty=oneline -1
ddb58895eb8d4ee9fc6edfa6a5b492139e51e0ec (HEAD -> accept-cmd) Use risk- for removal instead of -risk
$ CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear
info: Accept risks are []
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear
info: Accept risks are not changed
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB,riskC
info: Accept risks are [riskA, riskB, riskC]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB --replace
info: Accept risks are [riskA, riskB]
$ oc get clusterversion version -o yaml | yq -y .spec
channel: simple
clusterID: 250943dd-e3b5-4010-b554-bf67572256d4
desiredUpdate:
  acceptRisks:
    - name: riskA
    - name: riskB
  architecture: ''
  force: false
  image: quay.io/openshift-release-dev/ocp-release@sha256:00000000000000000000000000000000000000000000000000000000003d5ef1
  version: 4.22.1
overrides:
  - group: config.openshift.io
    kind: ClusterImagePolicy
    name: openshift
    namespace: ''
    unmanaged: true
upstream: https://fauxinnati-fauxinnati.apps.ota-stage.q2z4.p1.openshiftapps.com/api/upgrades_info/graph
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB-
info: Accept risks are [riskA]
$ oc get clusterversion version -o yaml | yq -y .spec
channel: simple
clusterID: 250943dd-e3b5-4010-b554-bf67572256d4
desiredUpdate:
  acceptRisks:
    - name: riskA
  architecture: ''
  force: false
  image: quay.io/openshift-release-dev/ocp-release@sha256:00000000000000000000000000000000000000000000000000000000003d5ef1
  version: 4.22.1
overrides:
  - group: config.openshift.io
    kind: ClusterImagePolicy
    name: openshift
    namespace: ''
    unmanaged: true
upstream: https://fauxinnati-fauxinnati.apps.ota-stage.q2z4.p1.openshiftapps.com/api/upgrades_info/graph

[coderabbitai]

♻️ Duplicate comments (2)

pkg/cli/admin/upgrade/accept/accept.go (2)

154-154: ⚠️ Potential issue | 🟠 Major

Propagate Run(ctx) context to the patch request.

Line [154] uses context.TODO(), so command cancellation/timeouts won’t reach the API patch call.

✅ Proposed fix

-		if err := patchDesiredUpdate(context.TODO(), acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
+		if err := patchDesiredUpdate(ctx, acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
 			return err
 		}

#!/bin/bash
# Verify there are no remaining patch calls that drop caller context in this file
rg -nP 'patchDesiredUpdate\(context\.TODO\(' pkg/cli/admin/upgrade/accept/accept.go

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` at line 154, The patch call uses
context.TODO() which drops the caller's Run(ctx) cancellation/timeout; change
the call to pass the incoming context (use the Run(ctx) parameter) instead of
context.TODO() so the API patch request inherits caller cancellation. Update the
invocation of patchDesiredUpdate(...) in accept.go to use the ctx variable from
Run(ctx) and ensure any helper wrappers (patchDesiredUpdate) accept and forward
that context if not already.

---

49-49: ⚠️ Potential issue | 🟡 Minor

Fix user-facing typo in help text.

Line [49] says “excepted risks”; this should be “accepted risks”.

✏️ Proposed fix

-		Passing --clear removes all existing excepted risks.
+		Passing --clear removes all existing accepted risks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` at line 49, Update the user-facing
help text for the --clear flag: find the help/usage string that currently reads
"Passing --clear removes all existing excepted risks." (the --clear flag's
description in the accept command) and change "excepted risks" to "accepted
risks" so it reads "Passing --clear removes all existing accepted risks." Ensure
only the typo in the flag description is changed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@pkg/cli/admin/upgrade/accept/accept.go`:
- Line 154: The patch call uses context.TODO() which drops the caller's Run(ctx)
cancellation/timeout; change the call to pass the incoming context (use the
Run(ctx) parameter) instead of context.TODO() so the API patch request inherits
caller cancellation. Update the invocation of patchDesiredUpdate(...) in
accept.go to use the ctx variable from Run(ctx) and ensure any helper wrappers
(patchDesiredUpdate) accept and forward that context if not already.
- Line 49: Update the user-facing help text for the --clear flag: find the
help/usage string that currently reads "Passing --clear removes all existing
excepted risks." (the --clear flag's description in the accept command) and
change "excepted risks" to "accepted risks" so it reads "Passing --clear removes
all existing accepted risks." Ensure only the typo in the flag description is
changed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7975d16a-f314-43b5-908f-12d70d662137

📥 Commits

Reviewing files that changed from the base of the PR and between 2153086 and ddb5889.

📒 Files selected for processing (2)

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/rollback/rollback.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/cli/admin/upgrade/rollback/rollback.go

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

• New Features

• Added a CLI command to manage accepting conditional update risks.

• Improvements

• Upgrade flow now preserves accepted risks when constructing or clearing updates.

• Rollback command is now visible in the CLI.

• Tests

• Added unit tests covering add/remove/replace/clear risk behaviors.

• Chores

• Updated dependencies.

• Style

• Expanded describer exceptions for an additional API group/version.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

♻️ Duplicate comments (3)

pkg/cli/admin/upgrade/upgrade.go (1)

269-271: ⚠️ Potential issue | 🔴 Critical

Guard cv.Spec.DesiredUpdate before reading AcceptRisks (panic risk).

Both reads dereference cv.Spec.DesiredUpdate without a nil check. Clusters with no desired update can hit a nil-pointer panic.

Proposed fix

-		if update != nil {
-			update.AcceptRisks = cv.Spec.DesiredUpdate.AcceptRisks
-		}
+		if cv.Spec.DesiredUpdate != nil {
+			update.AcceptRisks = append([]configv1.AcceptRisk(nil), cv.Spec.DesiredUpdate.AcceptRisks...)
+		}
...
-		update.AcceptRisks = cv.Spec.DesiredUpdate.AcceptRisks
+		if cv.Spec.DesiredUpdate != nil {
+			update.AcceptRisks = append([]configv1.AcceptRisk(nil), cv.Spec.DesiredUpdate.AcceptRisks...)
+		}

Also applies to: 411-411

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/upgrade.go` around lines 269 - 271, The code reads
cv.Spec.DesiredUpdate.AcceptRisks without guarding cv.Spec.DesiredUpdate which
can cause a nil-pointer panic; update the logic around the assignment to first
check that cv.Spec != nil and cv.Spec.DesiredUpdate != nil before reading
AcceptRisks (e.g., only set update.AcceptRisks =
cv.Spec.DesiredUpdate.AcceptRisks when cv.Spec.DesiredUpdate != nil), and apply
the same nil-check pattern to the other occurrence that reads
cv.Spec.DesiredUpdate.AcceptRisks (the second spot noted in the review).

pkg/cli/admin/upgrade/accept/accept.go (2)

154-155: ⚠️ Potential issue | 🟠 Major

Use ctx in patch call instead of context.TODO().

Run(ctx) receives caller context, but the patch call discards it. This prevents cancellation/timeout propagation.

Proposed fix

-		if err := patchDesiredUpdate(context.TODO(), acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
+		if err := patchDesiredUpdate(ctx, acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
 			return err
 		}

#!/bin/bash
# Verify whether patch call in accept.Run uses context.TODO instead of ctx.
rg -n --type=go 'patchDesiredUpdate\(context\.TODO\(\)' pkg/cli/admin/upgrade/accept/accept.go
rg -n --type=go 'func \(o \*options\) Run\(ctx context\.Context\)' pkg/cli/admin/upgrade/accept/accept.go

Expected result:

• First command returns a match (current issue present).
• Second command confirms Run(ctx) exists, so ctx should be threaded through.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` around lines 154 - 155, The call to
patchDesiredUpdate is using context.TODO() which discards the caller context;
change the call in the Run(ctx context.Context) method to pass the received ctx
instead of context.TODO() so cancellation/timeouts propagate (update the call to
patchDesiredUpdate(ctx, acceptRisks, o.Client.ConfigV1().ClusterVersions(),
"version")). Locate the call to patchDesiredUpdate in the options.Run (or
accept.Run) function and replace context.TODO() with the ctx parameter.

---

49-49: ⚠️ Potential issue | 🟡 Minor

Typo in user-facing help text.

“excepted risks” should be “accepted risks”.

Proposed fix

-		Passing --clear removes all existing excepted risks.
+		Passing --clear removes all existing accepted risks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` at line 49, There's a typo in the
user-facing help text in accept.go: change the phrase "excepted risks" to
"accepted risks" in the help/description string associated with the --clear flag
(look for the string "Passing --clear removes all existing excepted risks"
inside accept.go, likely in the command description or flag help for the Accept
command or NewAcceptCmd); update that literal to "Passing --clear removes all
existing accepted risks".

🧹 Nitpick comments (1)

pkg/helpers/describe/describer_test.go (1)

136-136: Please document why this group-version is exempted.

Adding a new entry to MissingDescriberGroupCoverageExceptions broadens the test allowlist. Add a short inline reason (or issue link) next to this entry so future reviewers know this is intentional.

Proposed tweak

-	{Group: "apiextensions.openshift.io", Version: "v1alpha1"},
+	{Group: "apiextensions.openshift.io", Version: "v1alpha1"}, // intentional temporary exception; see <issue/link>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/helpers/describe/describer_test.go` at line 136, The test allowlist entry
{Group: "apiextensions.openshift.io", Version: "v1alpha1"} in
MissingDescriberGroupCoverageExceptions needs an inline comment explaining why
it's exempted; update the test by adding a brief justification (e.g., "exempt
due to X reason" or an issue/PR link) directly next to that entry so future
reviewers understand the intentional omission and can reassess it later.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@pkg/cli/admin/upgrade/accept/accept.go`:
- Around line 154-155: The call to patchDesiredUpdate is using context.TODO()
which discards the caller context; change the call in the Run(ctx
context.Context) method to pass the received ctx instead of context.TODO() so
cancellation/timeouts propagate (update the call to patchDesiredUpdate(ctx,
acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version")). Locate the call
to patchDesiredUpdate in the options.Run (or accept.Run) function and replace
context.TODO() with the ctx parameter.
- Line 49: There's a typo in the user-facing help text in accept.go: change the
phrase "excepted risks" to "accepted risks" in the help/description string
associated with the --clear flag (look for the string "Passing --clear removes
all existing excepted risks" inside accept.go, likely in the command description
or flag help for the Accept command or NewAcceptCmd); update that literal to
"Passing --clear removes all existing accepted risks".

In `@pkg/cli/admin/upgrade/upgrade.go`:
- Around line 269-271: The code reads cv.Spec.DesiredUpdate.AcceptRisks without
guarding cv.Spec.DesiredUpdate which can cause a nil-pointer panic; update the
logic around the assignment to first check that cv.Spec != nil and
cv.Spec.DesiredUpdate != nil before reading AcceptRisks (e.g., only set
update.AcceptRisks = cv.Spec.DesiredUpdate.AcceptRisks when
cv.Spec.DesiredUpdate != nil), and apply the same nil-check pattern to the other
occurrence that reads cv.Spec.DesiredUpdate.AcceptRisks (the second spot noted
in the review).

---

Nitpick comments:
In `@pkg/helpers/describe/describer_test.go`:
- Line 136: The test allowlist entry {Group: "apiextensions.openshift.io",
Version: "v1alpha1"} in MissingDescriberGroupCoverageExceptions needs an inline
comment explaining why it's exempted; update the test by adding a brief
justification (e.g., "exempt due to X reason" or an issue/PR link) directly next
to that entry so future reviewers understand the intentional omission and can
reassess it later.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 76cca185-dc7d-432e-bb5c-1d7c68b00c93

📥 Commits

Reviewing files that changed from the base of the PR and between ddb5889 and a599f81.

⛔ Files ignored due to path filters (105)

• go.sum is excluded by !**/*.sum
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_feature.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_scheduling.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimageref.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/osimagestreamreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagebundlestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimageref.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/pinnedimageref.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/internalreleaseimage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/osimagestream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollerspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (6)

• go.mod
• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/accept/accept_test.go
• pkg/cli/admin/upgrade/rollback/rollback.go
• pkg/cli/admin/upgrade/upgrade.go
• pkg/helpers/describe/describer_test.go

🚧 Files skipped from review as they are similar to previous changes (2)

• go.mod
• pkg/cli/admin/upgrade/accept/accept_test.go

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

• New Features

• Added a CLI command to manage accepting conditional update risks.

• CLI can set per-command environment variables for test commands.

• Improvements

• Upgrade flow now preserves accepted risks when constructing or clearing updates.

• Rollback command is now visible in the CLI.

• Feature-gate wiring added for the new accept command.

• Tests

• Added unit tests for add/remove/replace/clear risk logic and new end-to-end tests.

• Chores

• Updated dependencies.

• Style

• Expanded describer exceptions for an additional API group/version.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

test/e2e/util.go (1)

153-159: Snapshot addEnvVars in Run() to prevent mutation leaks across commands.

addEnvVars is stored by reference in CLICommand. Later calls to EnvVar() on the CLI instance mutate the map, affecting all previously created CLICommand instances that share the reference.

♻️ Proposed fix

+func copyEnvVars(in map[string]string) map[string]string {
+	if in == nil {
+		return nil
+	}
+	out := make(map[string]string, len(in))
+	for k, v := range in {
+		out[k] = v
+	}
+	return out
+}
+
 func (c *CLI) Run(verb string) *CLICommand {
 	return &CLICommand{
 		cli:        c,
 		verb:       verb,
 		args:       []string{},
-		addEnvVars: c.addEnvVars,
+		addEnvVars: copyEnvVars(c.addEnvVars),
 	}
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/e2e/util.go` around lines 153 - 159, The Run method is storing
CLI.addEnvVars by reference into the new CLICommand (causing later CLI.EnvVar
mutations to leak into existing commands); update CLI.Run to snapshot/copy the
addEnvVars map when creating the CLICommand so each command gets its own map
copy (shallow copy of map[string]string) and continue using that copy in
CLICommand; reference the CLI.Run function, the CLICommand struct and the
addEnvVars/EnvVar symbols when making this change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/accept.go`:
- Around line 25-47: BeforeEach/AfterEach currently force AcceptRisks to
empty/nil, which can overwrite pre-existing cluster state; change the setup to
capture and preserve the original state and restore it on teardown. In
BeforeEach (function BeforeEach) read cv via configClient.ClusterVersions().Get
and store a copy of cv.Spec.DesiredUpdate.AcceptRisks (e.g., originalAcceptRisks
or originalCV variable) including handling nil DesiredUpdate, then assert
without mutating the cluster. In AfterEach, fetch cv again, create a DeepCopy,
set backup.Spec.DesiredUpdate.AcceptRisks back to the saved originalAcceptRisks
(restoring nil vs non-nil exactly), and Update via
configClient.ClusterVersions().Update to restore the prior value instead of
always setting nil/empty. Ensure the preserved variable is accessible to both
BeforeEach and AfterEach and handle cases where DesiredUpdate is nil when
restoring.
- Line 49: The test uses g.It("can operate accept risks [Serial]", ...) but
lacks the g.Serial decorator, so it can run in parallel and interfere with the
BeforeEach/AfterEach that mutate ClusterVersion.Spec.DesiredUpdate.AcceptRisks;
update the g.It invocation to include g.Serial as a decorator (e.g., pass
g.Serial alongside g.Label("tech-preview")) so the test is flagged serial;
ensure the modified g.It still wraps the same func and that BeforeEach/AfterEach
and any references to ClusterVersion remain unchanged.

In `@test/e2e/util.go`:
- Around line 145-159: The environment construction for CLI commands is
inconsistent: CLICommand.Run initializes addEnvVars but Output() applies them
while Outputs() and Background() do not, and Output() can clobber the inherited
environment by appending to a nil execCmd.Env when kubeconfig is empty. Fix by
centralizing env building (e.g., a helper used by Output(), Outputs(), and
Background()) so addEnvVars is always applied; when building execCmd.Env, start
from os.Environ() (or existing execCmd.Env if non-nil) and then append the
addEnvVars entries (respecting kubeconfig handling) to avoid dropping parent
env. Ensure changes reference CLICommand, Run(), Output(), Outputs(),
Background(), and execCmd.Env/kubeconfig so reviewers can locate the updates.

---

Nitpick comments:
In `@test/e2e/util.go`:
- Around line 153-159: The Run method is storing CLI.addEnvVars by reference
into the new CLICommand (causing later CLI.EnvVar mutations to leak into
existing commands); update CLI.Run to snapshot/copy the addEnvVars map when
creating the CLICommand so each command gets its own map copy (shallow copy of
map[string]string) and continue using that copy in CLICommand; reference the
CLI.Run function, the CLICommand struct and the addEnvVars/EnvVar symbols when
making this change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9297b7a4-ba5f-4c19-9805-5baff6250208

📥 Commits

Reviewing files that changed from the base of the PR and between a599f81 and 9f20077.

📒 Files selected for processing (2)

• test/e2e/accept.go
• test/e2e/util.go

[openshift-ci]

@hongkailiu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[wking]

#2219 is working through the Kube 1.35 and OCP-API vendor bump that's blocking us here :)