CCXDEV-15776: install config update#1229
Open
opokornyy wants to merge 4 commits intoopenshift:masterfrom
Open
Conversation
openshift-ci-robot
added
the
jira/valid-reference
Contributor
|
@opokornyy: This pull request references CCXDEV-15776 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: opokornyy The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Signed-off-by: Ondrej Pokorny <opokorny@redhat.com>
Signed-off-by: Ondrej Pokorny <opokorny@redhat.com>
This commit updates the install-config gatherer to reflect the newly added fields and the changed structure of the configuration. Signed-off-by: Ondrej Pokorny <opokorny@redhat.com>
Signed-off-by: Ondrej Pokorny <opokorny@redhat.com>
opokornyy
force-pushed
the
CCXDEV-15776-install-config
branch
from
5c5238f to
cd1f038
Compare
|
@opokornyy: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Contributor
Author
|
@coderabbitai full review |
✅ Actions performedFull review triggered. |
WalkthroughThe PR updates Go toolchain and dependencies across Kubernetes, OpenShift, Prometheus, and auxiliary modules. It refactors anonymization logic in cluster config gathering by introducing helper functions for platform-specific credentials masking. Test coverage expands to verify anonymization across multiple platform types, and test expectations are adjusted to reflect metadata format changes. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes ✨ Finishing touches
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.5.0)Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In `@go.mod`:
- Around line 9-161: The dependency update introduces many new modules including
a pre-release openshift installer (github.com/openshift/installer
v1.4.21-rc2...) and needs a vuln scan; run govulncheck ./... across the repo,
review the report for any findings, and if any vulnerabilities or unacceptable
risks are found pin or rollback offending modules (especially the symbol
github.com/openshift/installer) to a known stable release version or update to a
vetted upstream stable tag; update go.mod accordingly and re-run go mod tidy and
govulncheck until clean, then document the decision in the PR.
- Around line 3-5: Update the go version directives to valid releases: replace
the "go" directive value (currently "1.24.6") with "1.25.7" and update the
"toolchain" line (currently "go1.24.10") to "go1.26.0" so the module uses
officially released Go versions.
In `@pkg/gatherers/clusterconfig/cluster_config_v1_config_map.go`:
- Around line 75-81: The loop over installConfig.BareMetal.Hosts assumes each
element is non-nil and directly dereferences .BMC, which can panic; update the
loop in the cluster_config_v1_config_map logic to check each host for nil before
accessing Host.BMC (e.g., for i := range installConfig.BareMetal.Hosts { if
installConfig.BareMetal.Hosts[i] == nil { continue } ... }) and also consider
guarding Host.BMC for nil before calling anonymize.String on
Username/Password/Address to avoid nil dereference.
Comment on lines
+3
to
+5
| go 1.24.6 | ||
|
|
||
| toolchain go1.24.10 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify Go toolchain versions from official releases
echo "=== Checking official Go releases for 1.24.x versions ==="
# Get all available Go versions (limit to avoid truncation)
curl -s https://go.dev/dl/?mode=json | jq -r '.[].version' | grep -E "go1\.24" | sort -V | head -20Repository: openshift/insights-operator
Length of output: 128
🏁 Script executed:
#!/bin/bash
# Alternative method to check Go releases
echo "=== Direct curl test ==="
curl -s "https://go.dev/dl/?mode=json" | head -c 200
echo -e "\n\n=== Checking Go version format validity ==="
# Go versions follow pattern go1.X.Y or go1.X
# 1.24.6 and 1.24.10 follow valid format
# Let's check if we can find any information about Go 1.24 release schedule
echo "Note: Go 1.24 releases may be beyond current release history"
echo "Go version format check: go1.24.6 and go1.24.10 follow valid Go version schema"
echo ""
echo "Checking local Go documentation patterns..."
# Check if these could be valid future releases
echo "1.24.6 format: valid (1.X.Y format)"
echo "1.24.10 format: valid (1.X.Y format)"Repository: openshift/insights-operator
Length of output: 599
🏁 Script executed:
#!/bin/bash
# Check for specific Go 1.24.x versions
echo "=== All Go 1.24.x versions available ==="
curl -s "https://go.dev/dl/?mode=json" | jq -r '.[] | select(.version | startswith("go1.24")) | .version' | sort -V
echo ""
echo "=== Checking for specific versions: 1.24.6 and 1.24.10 ==="
curl -s "https://go.dev/dl/?mode=json" | jq -r '.[] | select(.version == "go1.24.6" or .version == "go1.24.10") | .version'
echo ""
echo "=== Go version range context ==="
curl -s "https://go.dev/dl/?mode=json" | jq -r '.[0:5] | .[] | .version'Repository: openshift/insights-operator
Length of output: 223
Update Go versions to use currently available releases.
The specified Go versions 1.24.6 and toolchain go1.24.10 do not exist in official Go releases. Current stable versions are 1.25.7 and 1.26.0. Update both the go directive and toolchain to use valid, available versions.
🤖 Prompt for AI Agents
In `@go.mod` around lines 3 - 5, Update the go version directives to valid
releases: replace the "go" directive value (currently "1.24.6") with "1.25.7"
and update the "toolchain" line (currently "go1.24.10") to "go1.26.0" so the
module uses officially released Go versions.
Comment on lines
+9
to
161
| github.com/evanphx/json-patch v5.9.11+incompatible | ||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da | ||
| github.com/openshift/api v0.0.0-20251009160459-595e66a09a84 | ||
| github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42 | ||
| github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee | ||
| github.com/openshift/client-go v0.0.0-20251010083004-63fa63caf7d0 | ||
| github.com/openshift/installer v0.9.0-master.0.20191219195746-103098955ced | ||
| github.com/openshift/library-go v0.0.0-20250818065802-cf8518058622 | ||
| github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 | ||
| github.com/openshift/installer v1.4.21-rc2.0.20260205115605-acb34201ac99 | ||
| github.com/openshift/library-go v0.0.0-20251107090138-0de9712313a5 | ||
| github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 | ||
| github.com/prometheus-operator/prometheus-operator/pkg/client v0.65.2 | ||
| github.com/prometheus/client_golang v1.22.0 | ||
| github.com/spf13/cobra v1.8.1 | ||
| github.com/spf13/pflag v1.0.5 | ||
| github.com/stretchr/testify v1.10.0 | ||
| github.com/prometheus/client_golang v1.23.2 | ||
| github.com/spf13/cobra v1.10.1 | ||
| github.com/spf13/pflag v1.0.10 | ||
| github.com/stretchr/testify v1.11.1 | ||
| github.com/xeipuuv/gojsonschema v1.2.0 | ||
| golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 | ||
| golang.org/x/net v0.38.0 | ||
| golang.org/x/time v0.9.0 | ||
| k8s.io/api v0.33.2 | ||
| k8s.io/apiextensions-apiserver v0.33.2 | ||
| k8s.io/apimachinery v0.33.2 | ||
| k8s.io/client-go v0.33.2 | ||
| k8s.io/component-base v0.33.2 | ||
| golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 | ||
| golang.org/x/net v0.49.0 | ||
| golang.org/x/time v0.13.0 | ||
| k8s.io/api v0.34.1 | ||
| k8s.io/apiextensions-apiserver v0.34.1 | ||
| k8s.io/apimachinery v0.34.1 | ||
| k8s.io/client-go v0.34.1 | ||
| k8s.io/component-base v0.34.1 | ||
| k8s.io/klog/v2 v2.130.1 | ||
| k8s.io/utils v0.0.0-20241210054802-24370beab758 | ||
| k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d | ||
| sigs.k8s.io/node-feature-discovery/api/nfd v0.18.0 | ||
| sigs.k8s.io/yaml v1.4.0 | ||
| sigs.k8s.io/yaml v1.6.0 | ||
| ) | ||
|
|
||
| require ( | ||
| cel.dev/expr v0.19.1 // indirect | ||
| cel.dev/expr v0.24.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect | ||
| github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect | ||
| github.com/NYTimes/gziphandler v1.1.1 // indirect | ||
| github.com/antlr4-go/antlr/v4 v4.13.0 // indirect | ||
| github.com/PaesslerAG/gval v1.0.0 // indirect | ||
| github.com/PaesslerAG/jsonpath v0.1.1 // indirect | ||
| github.com/antlr4-go/antlr/v4 v4.13.1 // indirect | ||
| github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect | ||
| github.com/asaskevich/govalidator/v11 v11.0.2-0.20250122183457-e11347878e23 // indirect | ||
| github.com/beorn7/perks v1.0.1 // indirect | ||
| github.com/cenkalti/backoff/v4 v4.3.0 // indirect | ||
| github.com/cenkalti/backoff/v5 v5.0.3 // indirect | ||
| github.com/cespare/xxhash/v2 v2.3.0 // indirect | ||
| github.com/coreos/go-semver v0.3.1 // indirect | ||
| github.com/coreos/go-systemd/v22 v22.5.0 // indirect | ||
| github.com/coreos/go-systemd/v22 v22.6.0 // indirect | ||
| github.com/coreos/ignition/v2 v2.24.0 // indirect | ||
| github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687 // indirect | ||
| github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect | ||
| github.com/emicklei/go-restful/v3 v3.11.0 // indirect | ||
| github.com/emicklei/go-restful/v3 v3.12.2 // indirect | ||
| github.com/evanphx/json-patch/v5 v5.9.11 // indirect | ||
| github.com/felixge/fgprof v0.9.4 // indirect | ||
| github.com/felixge/httpsnoop v1.0.4 // indirect | ||
| github.com/fsnotify/fsnotify v1.7.0 // indirect | ||
| github.com/fxamacker/cbor/v2 v2.7.0 // indirect | ||
| github.com/go-logr/logr v1.4.2 // indirect | ||
| github.com/fsnotify/fsnotify v1.9.0 // indirect | ||
| github.com/fxamacker/cbor/v2 v2.9.0 // indirect | ||
| github.com/go-logr/logr v1.4.3 // indirect | ||
| github.com/go-logr/stdr v1.2.2 // indirect | ||
| github.com/go-openapi/jsonpointer v0.21.0 // indirect | ||
| github.com/go-openapi/jsonreference v0.20.2 // indirect | ||
| github.com/go-openapi/swag v0.23.0 // indirect | ||
| github.com/go-logr/zapr v1.3.0 // indirect | ||
| github.com/go-openapi/analysis v0.23.0 // indirect | ||
| github.com/go-openapi/errors v0.22.1 // indirect | ||
| github.com/go-openapi/jsonpointer v0.21.1 // indirect | ||
| github.com/go-openapi/jsonreference v0.21.0 // indirect | ||
| github.com/go-openapi/loads v0.22.0 // indirect | ||
| github.com/go-openapi/spec v0.21.0 // indirect | ||
| github.com/go-openapi/strfmt v0.23.0 // indirect | ||
| github.com/go-openapi/swag v0.23.1 // indirect | ||
| github.com/go-openapi/validate v0.24.0 // indirect | ||
| github.com/gogo/protobuf v1.3.2 // indirect | ||
| github.com/golang/protobuf v1.5.4 // indirect | ||
| github.com/google/btree v1.1.3 // indirect | ||
| github.com/google/cel-go v0.23.2 // indirect | ||
| github.com/google/gnostic-models v0.6.9 // indirect | ||
| github.com/google/cel-go v0.26.0 // indirect | ||
| github.com/google/gnostic-models v0.7.0 // indirect | ||
| github.com/google/go-cmp v0.7.0 // indirect | ||
| github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect | ||
| github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect | ||
| github.com/google/uuid v1.6.0 // indirect | ||
| github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect | ||
| github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect | ||
| github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect | ||
| github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
| github.com/imdario/mergo v0.3.7 // indirect | ||
| github.com/inconshreveable/mousetrap v1.1.0 // indirect | ||
| github.com/josharian/intern v1.0.0 // indirect | ||
| github.com/json-iterator/go v1.1.12 // indirect | ||
| github.com/kdomanski/iso9660 v0.2.1 // indirect | ||
| github.com/kylelemons/godebug v1.1.0 // indirect | ||
| github.com/mailru/easyjson v0.7.7 // indirect | ||
| github.com/mailru/easyjson v0.9.0 // indirect | ||
| github.com/metal3-io/baremetal-operator/apis v0.4.0 // indirect | ||
| github.com/metal3-io/baremetal-operator/pkg/hardwareutils v0.4.0 // indirect | ||
| github.com/mitchellh/mapstructure v1.5.0 // indirect | ||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
| github.com/modern-go/reflect2 v1.0.2 // indirect | ||
| github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect | ||
| github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect | ||
| github.com/nutanix-cloud-native/prism-go-client v0.5.0 // indirect | ||
| github.com/oklog/ulid v1.3.1 // indirect | ||
| github.com/onsi/gomega v1.39.0 // indirect | ||
| github.com/pkg/errors v0.9.1 // indirect | ||
| github.com/pkg/profile v1.7.0 // indirect | ||
| github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect | ||
| github.com/prometheus/client_model v0.6.1 // indirect | ||
| github.com/prometheus/common v0.62.0 // indirect | ||
| github.com/prometheus/procfs v0.15.1 // indirect | ||
| github.com/prometheus/client_model v0.6.2 // indirect | ||
| github.com/prometheus/common v0.66.1 // indirect | ||
| github.com/prometheus/procfs v0.19.2 // indirect | ||
| github.com/robfig/cron v1.2.0 // indirect | ||
| github.com/sirupsen/logrus v1.9.3 // indirect | ||
| github.com/stoewer/go-strcase v1.3.0 // indirect | ||
| github.com/stretchr/objx v0.5.2 // indirect | ||
| github.com/vincent-petithory/dataurl v1.0.0 // indirect | ||
| github.com/x448/float16 v0.8.4 // indirect | ||
| github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect | ||
| github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect | ||
| go.etcd.io/etcd/api/v3 v3.5.21 // indirect | ||
| go.etcd.io/etcd/client/pkg/v3 v3.5.21 // indirect | ||
| go.etcd.io/etcd/client/v3 v3.5.21 // indirect | ||
| go.opentelemetry.io/auto/sdk v1.1.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect | ||
| go.opentelemetry.io/otel v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/metric v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/sdk v1.33.0 // indirect | ||
| go.opentelemetry.io/otel/trace v1.33.0 // indirect | ||
| go.opentelemetry.io/proto/otlp v1.4.0 // indirect | ||
| go.etcd.io/etcd/api/v3 v3.6.4 // indirect | ||
| go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect | ||
| go.etcd.io/etcd/client/v3 v3.6.4 // indirect | ||
| go.mongodb.org/mongo-driver v1.17.3 // indirect | ||
| go.opentelemetry.io/auto/sdk v1.2.1 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect | ||
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect | ||
| go.opentelemetry.io/otel v1.39.0 // indirect | ||
| go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 // indirect | ||
| go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 // indirect | ||
| go.opentelemetry.io/otel/metric v1.39.0 // indirect | ||
| go.opentelemetry.io/otel/sdk v1.39.0 // indirect | ||
| go.opentelemetry.io/otel/trace v1.39.0 // indirect | ||
| go.opentelemetry.io/proto/otlp v1.9.0 // indirect | ||
| go.uber.org/multierr v1.11.0 // indirect | ||
| go.uber.org/zap v1.27.0 // indirect | ||
| golang.org/x/crypto v0.36.0 // indirect | ||
| golang.org/x/oauth2 v0.27.0 // indirect | ||
| golang.org/x/sync v0.12.0 // indirect | ||
| golang.org/x/sys v0.31.0 // indirect | ||
| golang.org/x/term v0.30.0 // indirect | ||
| golang.org/x/text v0.23.0 // indirect | ||
| google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect | ||
| google.golang.org/grpc v1.68.1 // indirect | ||
| google.golang.org/protobuf v1.36.5 // indirect | ||
| go.yaml.in/yaml/v2 v2.4.3 // indirect | ||
| go.yaml.in/yaml/v3 v3.0.4 // indirect | ||
| golang.org/x/crypto v0.47.0 // indirect | ||
| golang.org/x/mod v0.32.0 // indirect | ||
| golang.org/x/oauth2 v0.32.0 // indirect | ||
| golang.org/x/sync v0.19.0 // indirect | ||
| golang.org/x/sys v0.40.0 // indirect | ||
| golang.org/x/term v0.39.0 // indirect | ||
| golang.org/x/text v0.33.0 // indirect | ||
| gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect | ||
| google.golang.org/grpc v1.77.0 // indirect | ||
| google.golang.org/protobuf v1.36.10 // indirect | ||
| gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect | ||
| gopkg.in/inf.v0 v0.9.1 // indirect | ||
| gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect | ||
| gopkg.in/yaml.v3 v3.0.1 // indirect | ||
| k8s.io/apiserver v0.33.2 // indirect | ||
| k8s.io/kms v0.33.2 // indirect | ||
| k8s.io/kube-aggregator v0.33.2 // indirect | ||
| k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect | ||
| sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect | ||
| sigs.k8s.io/controller-runtime v0.17.2 // indirect | ||
| k8s.io/apiserver v0.34.1 // indirect | ||
| k8s.io/kms v0.34.1 // indirect | ||
| k8s.io/kube-aggregator v0.34.1 // indirect | ||
| k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect | ||
| sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.0 // indirect | ||
| sigs.k8s.io/cluster-api v1.11.5 // indirect | ||
| sigs.k8s.io/cluster-api-provider-azure v1.22.0 // indirect | ||
| sigs.k8s.io/controller-runtime v0.22.1 // indirect | ||
| sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect | ||
| sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect | ||
| sigs.k8s.io/randfill v1.0.0 // indirect | ||
| sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect | ||
| sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect | ||
| ) |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Count direct dependencies in the provided snippet
echo "=== Analyzing go.mod dependencies ==="
echo ""
# Check if go.mod exists in repo
if [ -f "go.mod" ]; then
echo "Found go.mod file"
# Get go version
head -5 go.mod | grep "^go "
echo ""
# Count total lines and estimate dependencies
echo "File statistics:"
wc -l go.mod
echo ""
# Extract and count direct dependencies (no // indirect)
echo "Direct dependencies (from require block without indirect):"
grep -v "// indirect" go.mod | grep -E "^\s+(github|golang|k8s|sigs|google|go\.|cel\.|gopkg)" | wc -l
echo ""
# Extract and count indirect dependencies
echo "Indirect dependencies (marked with // indirect):"
grep "// indirect" go.mod | wc -l
echo ""
# Show go.mod require section summary
echo "Go.mod structure:"
grep -n "^require\|^)" go.mod | head -20
else
echo "go.mod not found in repository root"
fiRepository: openshift/insights-operator
Length of output: 338
🏁 Script executed:
#!/bin/bash
# Check the suggested verification tool
echo "=== Checking govulncheck availability and usage ==="
echo ""
# Check if govulncheck is mentioned in Go documentation
echo "govulncheck is a Go vulnerability scanner. Checking usage:"
echo ""
# Since we can't install packages easily, let's check for golang.org/x/vuln references
# and look for any vulnerability-related configs in the repo
if [ -f "go.sum" ]; then
echo "go.sum exists. Checking for vuln-related entries:"
grep -i vuln go.sum | head -10 || echo "No vuln entries found in go.sum"
else
echo "go.sum not found"
fi
echo ""
echo "Checking if there are CI/CD configs that might handle vulnerability checks:"
find . -maxdepth 2 -type f \( -name "*.yml" -o -name "*.yaml" -o -name ".gitignore" \) 2>/dev/null | head -20Repository: openshift/insights-operator
Length of output: 899
🏁 Script executed:
#!/bin/bash
# Check for obviously problematic versions or known issues
echo "=== Checking for specific version concerns ==="
echo ""
# Look at some key dependencies that are commonly scrutinized
if [ -f "go.mod" ]; then
echo "Key dependencies versions in go.mod:"
echo ""
# Kubernetes packages
echo "Kubernetes (k8s.io) versions:"
grep "^[[:space:]]*k8s.io/" go.mod | head -10
echo ""
# gRPC
echo "gRPC versions:"
grep "^[[:space:]]*google.golang.org/grpc" go.mod
echo ""
# OpenTelemetry
echo "OpenTelemetry versions:"
grep "^[[:space:]]*go.opentelemetry.io" go.mod | head -5
echo ""
# Check for any pre-release or old versions
echo "Pre-release or RC versions (if any):"
grep -E "rc|pre|alpha|beta" go.mod | head -10 || echo "None found"
fiRepository: openshift/insights-operator
Length of output: 1209
Verify security posture and release stability of updated dependencies.
The PR updates 150 dependencies (27 direct, 123 indirect) across multiple ecosystems. Ensure all packages are free from known vulnerabilities and address the presence of a pre-release version: github.com/openshift/installer v1.4.21-rc2.0.20260205115605-acb34201ac99.
Run govulncheck ./... to scan for known vulnerabilities. Confirm whether the RC version of openshift/installer should be pinned to a stable release before merging.
🤖 Prompt for AI Agents
In `@go.mod` around lines 9 - 161, The dependency update introduces many new
modules including a pre-release openshift installer
(github.com/openshift/installer v1.4.21-rc2...) and needs a vuln scan; run
govulncheck ./... across the repo, review the report for any findings, and if
any vulnerabilities or unacceptable risks are found pin or rollback offending
modules (especially the symbol github.com/openshift/installer) to a known stable
release version or update to a vetted upstream stable tag; update go.mod
accordingly and re-run go mod tidy and govulncheck until clean, then document
the decision in the PR.
Comment on lines
+75
to
81
| if installConfig.BareMetal != nil { | ||
| for i := range installConfig.BareMetal.Hosts { | ||
| installConfig.BareMetal.Hosts[i].BMC.Username = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Username) | ||
| installConfig.BareMetal.Hosts[i].BMC.Password = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Password) | ||
| installConfig.BareMetal.Hosts[i].BMC.Address = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Address) | ||
| } | ||
| } |
There was a problem hiding this comment.
Add nil check for BareMetal hosts to prevent potential panic.
If Hosts slice contains a nil pointer, accessing BMC will cause a nil pointer dereference.
Proposed fix
if installConfig.BareMetal != nil {
for i := range installConfig.BareMetal.Hosts {
+ if installConfig.BareMetal.Hosts[i] == nil {
+ continue
+ }
installConfig.BareMetal.Hosts[i].BMC.Username = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Username)
installConfig.BareMetal.Hosts[i].BMC.Password = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Password)
installConfig.BareMetal.Hosts[i].BMC.Address = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Address)
}
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| if installConfig.BareMetal != nil { | |
| for i := range installConfig.BareMetal.Hosts { | |
| installConfig.BareMetal.Hosts[i].BMC.Username = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Username) | |
| installConfig.BareMetal.Hosts[i].BMC.Password = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Password) | |
| installConfig.BareMetal.Hosts[i].BMC.Address = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Address) | |
| } | |
| } | |
| if installConfig.BareMetal != nil { | |
| for i := range installConfig.BareMetal.Hosts { | |
| if installConfig.BareMetal.Hosts[i] == nil { | |
| continue | |
| } | |
| installConfig.BareMetal.Hosts[i].BMC.Username = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Username) | |
| installConfig.BareMetal.Hosts[i].BMC.Password = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Password) | |
| installConfig.BareMetal.Hosts[i].BMC.Address = anonymize.String(installConfig.BareMetal.Hosts[i].BMC.Address) | |
| } | |
| } |
🤖 Prompt for AI Agents
In `@pkg/gatherers/clusterconfig/cluster_config_v1_config_map.go` around lines 75
- 81, The loop over installConfig.BareMetal.Hosts assumes each element is
non-nil and directly dereferences .BMC, which can panic; update the loop in the
cluster_config_v1_config_map logic to check each host for nil before accessing
Host.BMC (e.g., for i := range installConfig.BareMetal.Hosts { if
installConfig.BareMetal.Hosts[i] == nil { continue } ... }) and also consider
guarding Host.BMC for nil before calling anonymize.String on
Username/Password/Address to avoid nil dereference.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR updates the install-config gatherer to reflect the newly added fields and the changed structure of the configuration.
Categories
Sample Archive
NoneDocumentation
NoneUnit Tests
pkg/gatherers/clusterconfig/cluster_config_v1_config_map_test.gopkg/gatherers/clusterconfig/gather_mutating_webhook_configurations_test.gopkg/gatherers/clusterconfig/gather_validating_webhook_configurations_test.goPrivacy
Yes. There are no sensitive data in the newly collected information.
Changelog
Breaking Changes
No
References
https://issues.redhat.com/browse/CCXDEV-15776