[Draft] - bumping with o/api changes to reflect new capabilities

[miyadav]

bumping changes from my fork to add new capabilities .
WIP - OCPCLOUD-3368
/hold

Generated by - claude-opus-4-6(2.1.169)

Summary by CodeRabbit

• Bug Fixes
  • Cluster version capability reporting now respects feature gates, ensuring gated capabilities are excluded from reported results when their gates are not enabled.
• Chores
  • Updated module dependency resolution via an API dependency redirect.
• Tests
  • Refreshed CVO scenario expectations and expanded capability unit tests to validate feature-gate filtering and excluded-capability behavior.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

The PR adds feature-gate filtering to cluster version capabilities. A new FilterByFeatureGates export excludes capabilities whose required gates are not enabled. SetCapabilities now accepts enabledFeatureGates to exclude gated capabilities from Known/Enabled/ImplicitlyEnabled sets. Tests validate filtering behavior across gate-enabled and gate-disabled scenarios, the sync worker passes feature gates to capability computation, test scenarios use the filtering in initialization, and a module replacement redirects the API import.

Changes

Feature-gate filtering for cluster version capabilities

Layer / File(s)	Summary
Feature-gate capability mapping and filtering logic lib/capability/capability.go	Introduces featureGatedCapabilities map and gatedCapabilities helper to compute excluded capabilities, exports FilterByFeatureGates to filter capability slices, updates SetCapabilities to accept enabledFeatureGates and exclude gated capabilities from the Known set, and extends categorizeEnabledCapabilities to skip excluded capabilities while preserving implicitness behavior for non-excluded ones.
Comprehensive test coverage for feature-gate filtering lib/capability/capability_test.go	Adds allFeatureGates helper, refactors TestSetCapabilities and TestSetCapabilitiesWithImplicitlyEnabled to include enabledGates and gate-dependent expected values, adds "no gates enabled" test scenarios validating that gated capabilities are absent from both Known and Enabled, and introduces TestFilterByFeatureGates to verify filtering behavior when all gates are enabled versus no gates are enabled.
Sync worker and test scenario integration pkg/cvo/sync_worker.go, pkg/cvo/cvo_scenarios_test.go	SyncWorker.Update passes work.EnabledFeatureGates to SetCapabilities for feature-gate-aware capability computation. Test scenarios import the capability package and update sortedCaps and sortedKnownCaps initialization to use FilterByFeatureGates with an empty enabled-gates set.
API module dependency redirect go.mod	Adds replace directive to redirect github.com/openshift/api to github.com/miyadav/api at the specified pseudo-version.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.56% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title is vague and generic, using non-specific phrases like 'bumping with o/api changes' that don't clearly convey what the actual changes accomplish.	Revise the title to be more specific about the primary change, such as: 'Add feature-gated capability filtering support' or 'Implement capability filtering based on enabled feature gates'.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR uses standard Go testing (t.Run) with static, descriptive test names. No Ginkgo tests with dynamic identifiers found; all test names are stable and lack UUIDs, timestamps, or generated suffi...
Test Structure And Quality	✅ Passed	PR does not contain Ginkgo test code; modified tests use standard Go testing package with proper cleanup patterns, meaningful assertion messages, and single-responsibility test cases.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. All test modifications are standard Go unit tests (testing package), not Ginkgo e2e tests, so this check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. All modified test files use Go's standard testing package, not Ginkgo framework.
Topology-Aware Scheduling Compatibility	✅ Passed	The PR only modifies capability-filtering and feature-gate handling logic in CVO code. No scheduling constraints (affinity, anti-affinity, nodeSelector, replicas, tolerations, topology spread) are...
Ote Binary Stdout Contract	✅ Passed	All code changes are in library functions or test code with no stdout writes at process level. No main(), init(), TestMain(), or BeforeSuite() functions with logging violations were added or modified.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added. The only Ginkgo file modified is test/cvo/cvo_suite_test.go, which is just a test runner with no actual test cases. All 58 other test files are standard Go unit...
No-Weak-Crypto	✅ Passed	No weak cryptography found. PR contains no MD5, SHA1, DES, RC4, 3DES, Blowfish, or ECB usage. The single string comparison (container image digest) is not a secret/token requiring constant-time com...
Container-Privileges	✅ Passed	The PR contains hostNetwork: true in the CVO deployment manifest, which has explicit justification in comments explaining the operational necessity for the cluster version operator.
No-Sensitive-Data-In-Logs	✅ Passed	No new logging statements with sensitive data were introduced. The PR adds feature-gate capability filtering without exposing passwords, tokens, API keys, PII, session IDs, hostnames, or customer d...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: miyadav
Once this PR has been reviewed and has the lgtm label, please assign hongkailiu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 118: go.mod currently contains a local replace directive pointing
github.com/openshift/api to a personal fork (the replace line referencing
github.com/miyadav/api), which must be removed or updated before merging;
replace that directive with the official module (remove the replace or point to
github.com/openshift/api at the appropriate tagged release) only after
OpenShift/api PR `#2884` is merged and an upstream release containing the needed
changes exists, and verify the release includes the expected capability/license
provenance before switching the dependency back to upstream.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e5f16882-9423-42ae-bc77-b4b83e14eb44

📥 Commits

Reviewing files that changed from the base of the PR and between 810bfc1 and 9a6cea5.

⛔ Files ignored due to path filters (56)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-CustomNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-DevPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_networks-TechPreviewNoUpgrade.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/types_etcd.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 118: Remove the replace directive in go.mod that currently points to the
personal fork github.com/miyadav/api. Before proceeding, verify that
openshift/api PR `#2884` has been merged and published as an official release tag.
Update the require directive to pin to the official github.com/openshift/api
module at the appropriate release version tag instead of using a pseudo-version.
Delete the entire replace line that references the miyadav/api fork. This
ensures the project depends on the official upstream module rather than a
personal fork, eliminating the supply-chain security concern.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 64f2bc7f-b24f-4144-8c85-d7cd07a9655a

📥 Commits

Reviewing files that changed from the base of the PR and between 4349892 and 09b1000.

⛔ Files ignored due to path filters (6)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-OKD.crd.yaml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**, !**/zz_generated*
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

[miyadav]

/test images

[miyadav]

/retest-required

[openshift-ci]

@miyadav: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-agnostic-ovn	61b58f7	link	true	/test e2e-agnostic-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.