[DNM] Add support for CAPI bootimage updates on AWS by djoshy · Pull Request #6082 · openshift/machine-config-operator

djoshy · 2026-05-22T13:53:18Z

[DNM]

Summary by CodeRabbit

New Features
- Boot image controller now supports Cluster API MachineSets and MachineDeployments with dynamic watching and platform-specific reconciliation for AWS, Azure, GCP, and vSphere.
Bug Fixes
- Fixed vSphere template creation parameter handling.
Documentation
- Added comprehensive design document detailing Cluster API integration, lifecycle, and reconciliation behavior.
Chores
- Updated module dependencies and expanded controller RBAC to include Cluster API resources.

openshift-ci · 2026-05-22T13:53:23Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

openshift-merge-bot · 2026-05-22T13:53:25Z

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

coderabbitai · 2026-05-22T13:53:34Z

Walkthrough

This PR extends the boot-image controller to support Cluster API (CAPI) MachineSets and MachineDeployments, adding a dynamic client and dynamic informers (feature-gated), platform-specific reconciliation for AWS/Azure/GCP/vSphere (vSphere stub), RBAC additions, dependency upgrades, and a design document describing enrollment and reconciliation behavior.

Changes

CAPI Boot Image Controller Extension

Layer / File(s)	Summary
Dependency Updates and Dynamic Client Support `go.mod`, `internal/clients/builder.go`	Upgraded dependencies across modules and added `DynamicClientOrDie()` to the client builder for creating dynamic Kubernetes clients.
Client wiring at startup `cmd/machine-config-controller/start.go`, `internal/clients/builder.go`	Pass dynamic client into `bootimagecontroller.New(...)` by calling `ClientBuilder.DynamicClientOrDie(...)`.
RBAC ClusterRole Permissions `manifests/machineconfigcontroller/clusterrole.yaml`	Updated ClusterRole to include permissions for `cluster.x-k8s.io` machinesets/machinedeployments and `infrastructure.cluster.x-k8s.io` provider templates.
Controller Struct, Types, and Constants `pkg/controller/bootimage/boot_image_controller.go`	Added dynamic client/informer factory fields, CAPI listers/synced hooks, `capiBootImageState`, CAPI GVRs, `CAPINamespace`, and extended `New()` signature to accept a dynamic client.
Constructor and Informer Lifecycle Setup `pkg/controller/bootimage/boot_image_controller.go`	Wire CAPI dynamic informer factory and event handlers when `MachineAPIMigration` is enabled; refactor `Run()` to two-phase cache sync and add `wireCAPITemplateInformer()` to lazily wire platform-specific infra template informers.
CAPI Resource Event Handlers `pkg/controller/bootimage/boot_image_controller.go`	Added unstructured handlers for MachineSets and MachineDeployments that compare spec labels/annotations/ownerRefs to suppress redundant updates and enqueue reconciliation events.
CAPI MachineSet and MachineDeployment Reconciliation `pkg/controller/bootimage/capi_helpers.go`	Implemented `syncCAPIMachineSets`, `syncCAPIMachineSet`, hot-loop protection, deterministic infra template naming, and `patchCAPIMachineSet`; added a `syncCAPIMachineDeployment` placeholder.
CAPI Helper Functions `pkg/controller/bootimage/capi_helpers.go`	Added helpers for fetching cached infra templates, creating/patching infra templates via dynamic client, spec hashing, arch parsing, and unstructured-to-typed conversions.
Platform-Specific CAPI Boot Image Reconciliation `pkg/controller/bootimage/capi_platform_helpers.go`	Added AWS/Azure/GCP reconciliation logic that computes target images and returns updated unstructured infra templates when changes are needed; vSphere reconciliation is a stub.
MAPI Migration and Authority Handling `pkg/controller/bootimage/ms_helpers.go`, `pkg/controller/bootimage/boot_image_controller.go`	Feature-gated early-exit for MachineSets authoritative to CAPI (or migrating) so they are removed from MAPI tracking and don’t block skew enforcement; gated CAPI reconciliation in `synchronizeAll`.
Design Documentation `docs/BootImageCAPIDesign.md`	New design doc describing required API changes, immutable infra template update model, enrollment semantics, skew handling, platform field mappings, and feature-gate decisions.
Minor docs/comments and vSphere fix `pkg/controller/bootimage/platform_helpers.go`, `pkg/controller/bootimage/vsphere_helpers.go`	Clarified `patchSkipped` semantics and fixed passing OVF import params by pointer.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

pablintino
rwsu

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title references AWS but the changeset implements CAPI boot image support across multiple platforms (AWS, Azure, GCP, vSphere) with only one platform fully operational.	Update the title to reflect the broader scope, such as '[DNM] Add support for CAPI bootimage updates' or '[DNM] Add Cluster API boot image controller support' to accurately represent the multi-platform implementation.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 86.67% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo tests were added or modified in this PR. The custom check for stable/deterministic Ginkgo test names is not applicable to the changes made.
Test Structure And Quality	✅ Passed	No test files were added/modified in this PR. The check evaluates Ginkgo test structure & quality; since there are no test files to assess, the check is not applicable and passes by default.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. The check is not applicable as it only applies when new tests with Describe(), It(), Context(), When() patterns are introduced.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds no new Ginkgo e2e tests—all 11 modified files are production code, manifests, or documentation. SNO compatibility check does not apply.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds CAPI boot image reconciliation logic without introducing topology-breaking scheduling constraints or manifests.
Ote Binary Stdout Contract	✅ Passed	All logging uses klog configured to stderr via flag.Set("logtostderr", "true") before any logging. No direct stdout writes, fmt.Print*, or log.Print calls in modified process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests (It(), Describe(), Context(), When(), etc.) were added in this PR. The changes consist of production controller code, documentation, and configuration files only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci · 2026-05-22T13:53:44Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: djoshy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [djoshy]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 8

🧹 Nitpick comments (1)

pkg/controller/bootimage/capi_helpers.go (1)
43-78: ⚡ Quick win

Clean up or restore the commented-out selector logic.

The commented-out block (lines 43-65) appears to be the intended implementation for selector-based filtering. Currently listing all MachineSets with labels.Everything() may not be the desired behavior. For a draft PR this is understandable, but before merge this should be resolved.

Additionally, the state cleanup at lines 73-78 only runs when len(objs) == 0. This means if individual MachineSets are deleted, their entries in ctrl.capiBootImageState will persist indefinitely, causing a gradual memory leak.
💡 Suggested fix for state cleanup

After iterating through all objects, remove stale entries from the state map:
// After the for loop ends (after line 108), add:
currentMSNames := sets.New[string]()
for _, obj := range objs {
    currentMSNames.Insert(obj.GetName())
}
for k := range ctrl.capiBootImageState {
    if !currentMSNames.Has(k) {
        delete(ctrl.capiBootImageState, k)
    }
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/bootimage/capi_helpers.go` around lines 43 - 78, The current
code bypasses the commented selector logic (the mcop fetch and
getMachineResourceSelectorFromMachineManagers call) and lists all MachineSets
with ctrl.capiMachineSetLister.List(labels.Everything()), and it only clears
ctrl.capiBootImageState when no objs exist which leaves stale entries when
individual MachineSets are removed. Restore the selector-based filtering by
reintroducing the mcop lookup and use
getMachineResourceSelectorFromMachineManagers (as in the commented block) to
build a selector for ctrl.capiMachineSetLister.List; additionally, after
processing the returned objs compute the current set of MachineSet names and
remove any keys from ctrl.capiBootImageState that are not present (or if you
keep the global listing approach, at minimum add this stale-entry cleanup),
referencing ctrl.capiBootImageState, ctrl.capiMachineSetLister.List, and
getMachineResourceSelectorFromMachineManagers so deletions do not leak state.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 61-67: The fenced code block containing the snippet with
"MachineDeployment", "MachineSet", "spec.template.spec.infrastructureRef" and
"AWSMachineTemplate" needs a language tag to satisfy Markdown linting (MD040);
edit the fence opening from ``` to include a tag such as "text" (e.g., ```text)
so the block becomes a labeled code fence.

In `@go.mod`:
- Line 189: Replace the vulnerable indirect module versions in go.mod by bumping
github.com/sigstore/fulcio and github.com/docker/docker to patched releases
(upgrade the fulcio entry and the docker entry to the latest secure versions),
then update any affected transitive dependencies: run `go get
github.com/sigstore/fulcio@<patched-version>` and `go get
github.com/docker/docker@<patched-version>` (use the vendor/registry to pick
appropriate patched tags), run `go mod tidy` to prune and regenerate go.sum, and
run the test suite/build to verify no breakage; ensure the go.mod entry for
github.com/sigstore/fulcio and github.com/docker/docker reflect the new versions
before committing.

In `@pkg/controller/bootimage/boot_image_controller.go`:
- Line 330: Guard against a nil PlatformStatus before dereferencing: update the
code that reads platform := infra.Status.PlatformStatus.Type to first check that
infra.Status.PlatformStatus is non-nil (and infra.Status if necessary) and
handle the nil case by using a safe default (e.g., empty string or explicit
default platform) or returning early; ensure the check occurs in the same
function where platform is read so any downstream logic that expects platform
handles the default consistently.
- Around line 518-521: The delete handlers deleteCAPIMachineSet and
deleteCAPIMachineDeployment must guard against informer tombstones: check if obj
is a cache.DeletedFinalStateUnknown and, if so, extract the tombstone.Obj before
asserting its type; otherwise handle obj directly. Only proceed to cast to
*unstructured.Unstructured if the extracted value is of that type, otherwise
log/return silently. After safely obtaining the *unstructured.Unstructured,
continue with the existing logic (e.g., klog.Infof and
ctrl.enqueueEvent("CAPIMachineSetDeleted") / appropriate event).

In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 307-344: The patchCAPIMachineSet function currently fails
unrecoverably when creating newTemplate succeeds but the subsequent MachineSet
patch fails; modify the create call handling in patchCAPIMachineSet so that if
ctrl.dynamicClient.Resource(...).Create(...) returns an "AlreadyExists" error
(use apierrors "k8s.io/apimachinery/pkg/api/errors"), treat it as non-fatal and
continue to the patch step (optionally log that the template already exists),
while other create errors still return; ensure you import apierrors and keep the
rest of the function flow (json.Marshal patch, Patch call on capiMachineSetGVR,
logging) unchanged so retries can succeed without manual cleanup.

In `@pkg/controller/bootimage/capi_platform_helpers.go`:
- Around line 278-284: The vSphere branch in
reconcileVSphereCAPIMachineInfraTemplate currently returns (false, false, nil,
nil) which signals "no-op / healthy" even though it's unimplemented; change the
final return to indicate the patch was skipped (set the patchSkipped boolean to
true) — e.g. return false, true, nil, nil — or alternatively return a clear
error (fmt.Errorf("vSphere machine template reconciliation not implemented for
%s", currentTemplate.GetName())) until support is implemented; update the return
at the end of reconcileVSphereCAPIMachineInfraTemplate (after converting into
vsphereTemplate) to use one of these two options.
- Around line 50-63: In checkCAPIMachineSet, avoid dereferencing
infra.Status.PlatformStatus.Type when PlatformStatus may be nil: add a guard
that checks infra != nil and infra.Status.PlatformStatus != nil before the
switch, and if nil log/return early (same semantics as the existing default
case) — return false, false, nil, nil and a log like "Skipping CAPI MachineSet
%s, missing PlatformStatus" using msName so the controller doesn't panic; then
proceed to the existing switch that uses infra.Status.PlatformStatus.Type to
dispatch to reconcileAWSCAPIMachineInfraTemplate,
reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate,
and reconcileVSphereCAPIMachineInfraTemplate.
- Around line 238-240: The code builds newBootImage by indexing
streamData.Architectures[arch].Images.Gcp directly, which can cause a
nil-pointer panic if the architecture key or Images/Gcp block is missing; update
the code around newBootImage (where fmt.Sprintf is called) to first validate
that streamData.Architectures contains the arch key and that .Images and
.Images.Gcp are non-nil (or have required fields) before accessing Project/Name,
and if missing gracefully skip this arch or return an error/log message instead
of dereferencing a nil pointer.

---

Nitpick comments:
In `@pkg/controller/bootimage/capi_helpers.go`:
- Around line 43-78: The current code bypasses the commented selector logic (the
mcop fetch and getMachineResourceSelectorFromMachineManagers call) and lists all
MachineSets with ctrl.capiMachineSetLister.List(labels.Everything()), and it
only clears ctrl.capiBootImageState when no objs exist which leaves stale
entries when individual MachineSets are removed. Restore the selector-based
filtering by reintroducing the mcop lookup and use
getMachineResourceSelectorFromMachineManagers (as in the commented block) to
build a selector for ctrl.capiMachineSetLister.List; additionally, after
processing the returned objs compute the current set of MachineSet names and
remove any keys from ctrl.capiBootImageState that are not present (or if you
keep the global listing approach, at minimum add this stale-entry cleanup),
referencing ctrl.capiBootImageState, ctrl.capiMachineSetLister.List, and
getMachineResourceSelectorFromMachineManagers so deletions do not leak state.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 96c04bd2-59ba-4898-ba0d-51d5b6b350cd

📥 Commits

Reviewing files that changed from the base of the PR and between 9bd4e4f and 725623d.

⛔ Files ignored due to path filters (289)

go.sum is excluded by !**/*.sum
vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (11)

cmd/machine-config-controller/start.go
docs/BootImageCAPIDesign.md
go.mod
internal/clients/builder.go
manifests/machineconfigcontroller/clusterrole.yaml
pkg/controller/bootimage/boot_image_controller.go
pkg/controller/bootimage/capi_helpers.go
pkg/controller/bootimage/capi_platform_helpers.go
pkg/controller/bootimage/ms_helpers.go
pkg/controller/bootimage/platform_helpers.go
pkg/controller/bootimage/vsphere_helpers.go

coderabbitai · 2026-05-22T14:02:05Z

+```
+MachineDeployment
+  spec.template.spec.infrastructureRef → AWSMachineTemplate (contains AMI ID)
+
+MachineSet
+  spec.template.spec.infrastructureRef → AWSMachineTemplate (same pattern)
+```


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced code block.

Line 61 uses an unlabeled fence; this typically fails MD040. Please use something like ```text for that snippet.

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 61-61: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/BootImageCAPIDesign.md` around lines 61 - 67, The fenced code block containing the snippet with "MachineDeployment", "MachineSet", "spec.template.spec.infrastructureRef" and "AWSMachineTemplate" needs a language tag to satisfy Markdown linting (MD040); edit the fence opening from ``` to include a tag such as "text" (e.g., ```text) so the block becomes a labeled code fence.

coderabbitai · 2026-05-22T14:02:05Z

GHSA-59jp-pj84-45mr

 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/sigstore/fulcio v1.6.6 // indirect


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Verify the exact versions currently pinned rg -n 'github.com/sigstore/fulcio|github.com/docker/docker' go.mod # Query OSV for known vulns on pinned versions cat <<'JSON' | curl -s https://api.osv.dev/v1/querybatch -d `@-` | jq . { "queries": [ { "package": {"ecosystem":"Go","name":"github.com/sigstore/fulcio"}, "version":"v1.6.6" }, { "package": {"ecosystem":"Go","name":"github.com/docker/docker"}, "version":"v28.3.3+incompatible" } ] } JSON

Repository: openshift/machine-config-operator

Length of output: 1559

Update vulnerable dependencies in go.mod before merge.

go.mod pins vulnerable versions (both indirect):

github.com/sigstore/fulcio v1.6.6 (line 189): GHSA-59jp-pj84-45mr, GHSA-f83f-xpx7-ffpw, GO-2025-4193, GO-2026-4311

github.com/docker/docker v28.3.3+incompatible (line 279): GHSA-pxq6-2prw-chj9, GHSA-rg2x-37c3-w2rh, GHSA-vp62-88p7-qqf5, GHSA-x744-4wpc-v9h2, GHSA-x86f-5xw2-fm2r, GO-2026-4883, GO-2026-4887

Bump these modules (and any affected transitive deps) to patched versions and re-run go mod tidy as needed.

🧰 Tools

🪛 OSV Scanner (2.3.8)

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio allocates excessive memory during token parsing in github.com/sigstore/fulcio

(GO-2025-4193)

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass in github.com/sigstore/fulcio

(GO-2026-4311)

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

(GHSA-59jp-pj84-45mr)

[HIGH] 189-189: github.com/sigstore/fulcio 1.6.6: Fulcio allocates excessive memory during token parsing

(GHSA-f83f-xpx7-ffpw)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` at line 189, Replace the vulnerable indirect module versions in go.mod by bumping github.com/sigstore/fulcio and github.com/docker/docker to patched releases (upgrade the fulcio entry and the docker entry to the latest secure versions), then update any affected transitive dependencies: run `go get github.com/sigstore/fulcio@<patched-version>` and `go get github.com/docker/docker@<patched-version>` (use the vendor/registry to pick appropriate patched tags), run `go mod tidy` to prune and regenerate go.sum, and run the test suite/build to verify no breakage; ensure the go.mod entry for github.com/sigstore/fulcio and github.com/docker/docker reflect the new versions before committing.

coderabbitai · 2026-05-22T14:02:05Z

+	if err != nil {
+		return fmt.Errorf("failed to get infrastructure object: %w", err)
+	}
+	platform := infra.Status.PlatformStatus.Type


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Guard against nil PlatformStatus before dereferencing.

Line 330 can panic if infra.Status.PlatformStatus is nil during early cluster bring-up or transient cache states.

Suggested fix

- platform := infra.Status.PlatformStatus.Type + if infra.Status.PlatformStatus == nil { + return fmt.Errorf("infrastructure status.platformStatus is nil") + } + platform := infra.Status.PlatformStatus.Type

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/boot_image_controller.go` at line 330, Guard against a nil PlatformStatus before dereferencing: update the code that reads platform := infra.Status.PlatformStatus.Type to first check that infra.Status.PlatformStatus is non-nil (and infra.Status if necessary) and handle the nil case by using a safe default (e.g., empty string or explicit default platform) or returning early; ensure the check occurs in the same function where platform is read so any downstream logic that expects platform handles the default consistently.

coderabbitai · 2026-05-22T14:02:05Z

+func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
+	ms := obj.(*unstructured.Unstructured)
+	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
+	ctrl.enqueueEvent("CAPIMachineSetDeleted")


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail # Confirm delete handlers currently assume direct unstructured assertions rg -n -C3 'func $ctrl \*Controller$ deleteCAPI(MachineSet|MachineDeployment)\(' pkg/controller/bootimage/boot_image_controller.go # Confirm tombstone handling is currently absent in this file rg -n 'DeletedFinalStateUnknown' pkg/controller/bootimage/boot_image_controller.go

Repository: openshift/machine-config-operator

Length of output: 936

🏁 Script executed:

#!/bin/bash set -euo pipefail file="pkg/controller/bootimage/boot_image_controller.go" # Show the full delete handlers around the referenced lines sed -n '500,575p' "$file" | nl -ba # Check for any tombstone handling in this file (don't fail if not found) rg -n 'DeletedFinalStateUnknown' "$file" || true rg -n 'tombstone|DeletedFinalState|cache\.Deleted' "$file" || true # Ensure we see any DeleteFunc registrations nearby (helps confirm obj type assumptions) rg -n 'DeleteFunc' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 120

🏁 Script executed:

#!/bin/bash set -euo pipefail file="pkg/controller/bootimage/boot_image_controller.go" # Print the relevant section with line numbers via cat -n (nl isn't available) sed -n '500,575p' "$file" | cat -n # Tombstone handling checks rg -n 'DeletedFinalStateUnknown' "$file" || true rg -n 'tombstone|DeletedFinalState|cache\.Deleted' "$file" || true # Check delete handler registrations / signatures nearby rg -n 'DeleteFunc' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 4411

🏁 Script executed:

#!/bin/bash set -euo pipefail file="pkg/controller/bootimage/boot_image_controller.go" # Check whether client-go cache is already imported/used rg -n 'k8s\.io/client-go/tools/cache' "$file" || true rg -n '\bcache\.' "$file" || true

Repository: openshift/machine-config-operator

Length of output: 1477

Handle informer tombstones in deleteCAPIMachineSet/deleteCAPIMachineDeployment delete handlers.

Both handlers directly cast obj to *unstructured.Unstructured; shared informer DeleteFunc can deliver cache.DeletedFinalStateUnknown, which would panic on the type assertion.

Suggested fix

func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) { - ms := obj.(*unstructured.Unstructured) + ms, ok := obj.(*unstructured.Unstructured) + if !ok { + tombstone, ok := obj.(cache.DeletedFinalStateUnknown) + if !ok { + klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj) + return + } + var castOK bool + ms, castOK = tombstone.Obj.(*unstructured.Unstructured) + if !castOK { + klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj) + return + } + } klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName()) ctrl.enqueueEvent("CAPIMachineSetDeleted") } func (ctrl *Controller) deleteCAPIMachineDeployment(obj interface{}) { - md := obj.(*unstructured.Unstructured) + md, ok := obj.(*unstructured.Unstructured) + if !ok { + tombstone, ok := obj.(cache.DeletedFinalStateUnknown) + if !ok { + klog.V(4).Infof("Unexpected object type in deleteCAPIMachineDeployment: %T", obj) + return + } + var castOK bool + md, castOK = tombstone.Obj.(*unstructured.Unstructured) + if !castOK { + klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineDeployment: %T", tombstone.Obj) + return + } + } klog.Infof("CAPI MachineDeployment %s deleted, reconciling enrolled machine resources", md.GetName()) ctrl.enqueueEvent("CAPIMachineDeploymentDeleted") }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {

ms := obj.(*unstructured.Unstructured)

klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())

ctrl.enqueueEvent("CAPIMachineSetDeleted")

func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {

ms, ok := obj.(*unstructured.Unstructured)

if !ok {

tombstone, ok := obj.(cache.DeletedFinalStateUnknown)

if !ok {

klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)

return

}

var castOK bool

ms, castOK = tombstone.Obj.(*unstructured.Unstructured)

if !castOK {

klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj)

return

}

}

klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())

ctrl.enqueueEvent("CAPIMachineSetDeleted")

}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/boot_image_controller.go` around lines 518 - 521, The delete handlers deleteCAPIMachineSet and deleteCAPIMachineDeployment must guard against informer tombstones: check if obj is a cache.DeletedFinalStateUnknown and, if so, extract the tombstone.Obj before asserting its type; otherwise handle obj directly. Only proceed to cast to *unstructured.Unstructured if the extracted value is of that type, otherwise log/return silently. After safely obtaining the *unstructured.Unstructured, continue with the existing logic (e.g., klog.Infof and ctrl.enqueueEvent("CAPIMachineSetDeleted") / appropriate event).

coderabbitai · 2026-05-22T14:02:06Z

+// patchCAPIMachineSet creates a new infrastructure template with the given name and patches
+// the MachineSet's infrastructureRef to point at it.
+func (ctrl *Controller) patchCAPIMachineSet(ms *clusterv1.MachineSet, newTemplate *unstructured.Unstructured, platform osconfigv1.PlatformType, newTemplateName string) error {
+	templateGVR, err := capiInfraTemplateGVR(platform)
+	if err != nil {
+		return err
+	}
+	newTemplate.SetName(newTemplateName)
+	newTemplate.SetResourceVersion("")
+	newTemplate.SetUID("")
+
+	_, err = ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(context.TODO(), newTemplate, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err)
+	}
+
+	patch := map[string]any{
+		"spec": map[string]any{
+			"template": map[string]any{
+				"spec": map[string]any{
+					"infrastructureRef": map[string]any{
+						"name": newTemplateName,
+					},
+				},
+			},
+		},
+	}
+	patchBytes, err := json.Marshal(patch)
+	if err != nil {
+		return fmt.Errorf("unable to marshal patch for CAPI MachineSet %s: %w", ms.Name, err)
+	}
+	_, err = ctrl.dynamicClient.Resource(capiMachineSetGVR).Namespace(ms.Namespace).Patch(context.TODO(), ms.Name, types.MergePatchType, patchBytes, metav1.PatchOptions{})
+	if err != nil {
+		return fmt.Errorf("unable to patch CAPI MachineSet %s: %w", ms.Name, err)
+	}
+	klog.Infof("Successfully patched CAPI MachineSet %s to use infrastructure template %s", ms.Name, newTemplateName)
+	return nil
+}


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Partial failure can leave system in unrecoverable state.

If template creation succeeds (line 318) but the MachineSet patch fails (line 338):

The new template exists but is orphaned

On retry, newInfraTemplateName generates the same deterministic name

The Create call fails with "already exists"

The MachineSet is never patched

This leaves the reconciliation in a stuck state requiring manual intervention.

🔧 Proposed fix: handle "already exists" on create

_, err = ctrl.dynamicClient.Resource(templateGVR).Namespace(ms.Namespace).Create(context.TODO(), newTemplate, metav1.CreateOptions{}) if err != nil { + if !apierrors.IsAlreadyExists(err) { + return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err) + } + klog.V(4).Infof("Infrastructure template %s already exists, proceeding with MachineSet patch", newTemplateName) - return fmt.Errorf("failed to create new infrastructure template %s: %w", newTemplateName, err) }

Add the import:

import apierrors "k8s.io/apimachinery/pkg/api/errors"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/capi_helpers.go` around lines 307 - 344, The patchCAPIMachineSet function currently fails unrecoverably when creating newTemplate succeeds but the subsequent MachineSet patch fails; modify the create call handling in patchCAPIMachineSet so that if ctrl.dynamicClient.Resource(...).Create(...) returns an "AlreadyExists" error (use apierrors "k8s.io/apimachinery/pkg/api/errors"), treat it as non-fatal and continue to the patch step (optionally log that the template already exists), while other create errors still return; ensure you import apierrors and keep the rest of the function flow (json.Marshal patch, Patch call on capiMachineSetGVR, logging) unchanged so retries can succeed without manual cleanup.

coderabbitai · 2026-05-22T14:02:06Z

+func checkCAPIMachineSet(infra *osconfigv1.Infrastructure, msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
+	switch infra.Status.PlatformStatus.Type {
+	case osconfigv1.AWSPlatformType:
+		return reconcileAWSCAPIMachineInfraTemplate(infra, msName, currentTemplate, configMap, arch)
+	case osconfigv1.AzurePlatformType:
+		return reconcileAzureCAPIMachineInfraTemplate(msName, currentTemplate, configMap, arch)
+	case osconfigv1.GCPPlatformType:
+		return reconcileGCPCAPIMachineInfraTemplate(msName, currentTemplate, configMap, arch)
+	case osconfigv1.VSpherePlatformType:
+		return reconcileVSphereCAPIMachineInfraTemplate(msName, currentTemplate, configMap, arch)
+	default:
+		klog.Infof("Skipping CAPI MachineSet %s, unsupported platform %s", msName, infra.Status.PlatformStatus.Type)
+		return false, false, nil, nil
+	}


⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Guard PlatformStatus before dispatching.

checkCAPIMachineSet dereferences infra.Status.PlatformStatus.Type unconditionally. If the Infrastructure status is still incomplete, this panics the controller before the AWS-specific nil check at Line 76 can run.

Proposed fix

func checkCAPIMachineSet(infra *osconfigv1.Infrastructure, msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) { + if infra == nil || infra.Status.PlatformStatus == nil { + return false, false, nil, fmt.Errorf("infrastructure platform status is nil") + } + switch infra.Status.PlatformStatus.Type {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 50 - 63, In checkCAPIMachineSet, avoid dereferencing infra.Status.PlatformStatus.Type when PlatformStatus may be nil: add a guard that checks infra != nil and infra.Status.PlatformStatus != nil before the switch, and if nil log/return early (same semantics as the existing default case) — return false, false, nil, nil and a log like "Skipping CAPI MachineSet %s, missing PlatformStatus" using msName so the controller doesn't panic; then proceed to the existing switch that uses infra.Status.PlatformStatus.Type to dispatch to reconcileAWSCAPIMachineInfraTemplate, reconcileAzureCAPIMachineInfraTemplate, reconcileGCPCAPIMachineInfraTemplate, and reconcileVSphereCAPIMachineInfraTemplate.

coderabbitai · 2026-05-22T14:02:06Z

+	newBootImage := fmt.Sprintf("projects/%s/global/images/%s",
+		streamData.Architectures[arch].Images.Gcp.Project,
+		streamData.Architectures[arch].Images.Gcp.Name)


⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Validate the stream architecture entry before building the GCP image path.

This indexes streamData.Architectures[arch].Images.Gcp directly. A missing arch entry or missing GCP image block turns this into a nil-pointer panic instead of a clean skip/error.

Proposed fix

- newBootImage := fmt.Sprintf("projects/%s/global/images/%s", - streamData.Architectures[arch].Images.Gcp.Project, - streamData.Architectures[arch].Images.Gcp.Name) + streamArch, err := streamData.GetArchitecture(arch) + if err != nil { + return false, false, nil, err + } + if streamArch.Images.Gcp == nil { + klog.Infof("Skipping CAPI MachineSet %s, GCP stream image is not available for arch %s", msName, arch) + return false, true, nil, nil + } + newBootImage := fmt.Sprintf("projects/%s/global/images/%s", + streamArch.Images.Gcp.Project, + streamArch.Images.Gcp.Name)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 238 - 240, The code builds newBootImage by indexing streamData.Architectures[arch].Images.Gcp directly, which can cause a nil-pointer panic if the architecture key or Images/Gcp block is missing; update the code around newBootImage (where fmt.Sprintf is called) to first validate that streamData.Architectures contains the arch key and that .Images and .Images.Gcp are non-nil (or have required fields) before accessing Project/Name, and if missing gracefully skip this arch or return an error/log message instead of dereferencing a nil pointer.

coderabbitai · 2026-05-22T14:02:06Z

+func reconcileVSphereCAPIMachineInfraTemplate(msName string, currentTemplate *unstructured.Unstructured, configMap *corev1.ConfigMap, arch string) (bool, bool, *unstructured.Unstructured, error) {
+	vsphereTemplate := &capvv1beta1.VSphereMachineTemplate{}
+	if err := kruntime.DefaultUnstructuredConverter.FromUnstructured(currentTemplate.Object, vsphereTemplate); err != nil {
+		return false, false, nil, fmt.Errorf("failed to convert VSphereMachineTemplate %s: %w", currentTemplate.GetName(), err)
+	}
+	klog.V(4).Infof("CAPI MachineSet %s: vSphere boot image reconciliation not yet implemented", msName)
+	return false, false, nil, nil


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don't treat the vSphere path as reconciled while it's unimplemented.

Returning (false, false, nil, nil) here tells the caller there's nothing to do, so migrated vSphere MachineSets will appear healthy even though this path never updates them. Return patchSkipped=true or a clear error until support lands.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pkg/controller/bootimage/capi_platform_helpers.go` around lines 278 - 284, The vSphere branch in reconcileVSphereCAPIMachineInfraTemplate currently returns (false, false, nil, nil) which signals "no-op / healthy" even though it's unimplemented; change the final return to indicate the patch was skipped (set the patchSkipped boolean to true) — e.g. return false, true, nil, nil — or alternatively return a clear error (fmt.Errorf("vSphere machine template reconciliation not implemented for %s", currentTemplate.GetName())) until support is implemented; update the return at the end of reconcileVSphereCAPIMachineInfraTemplate (after converting into vsphereTemplate) to use one of these two options.

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (1)

docs/BootImageCAPIDesign.md (1)
61-67: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced code block.

The fenced code block at line 61 lacks a language specifier, which violates MD040 linting rules. Since this block shows CAPI resource structure (not executable code), use ```yaml or ```text as appropriate.
📝 Proposed fix
-```
+```text
 MachineDeployment
   spec.template.spec.infrastructureRef → AWSMachineTemplate (contains AMI ID)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/BootImageCAPIDesign.md` around lines 61 - 67, The fenced code block
showing CAPI resource structure (MachineDeployment, MachineSet,
spec.template.spec.infrastructureRef → AWSMachineTemplate) needs a language tag
to satisfy MD040; update the block to use a non-executable tag such as ```text
(or ```yaml) so the block becomes e.g. ```text followed by the existing lines
referencing MachineDeployment, spec.template.spec.infrastructureRef →
AWSMachineTemplate and MachineSet, then close the fence.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 79-91: The doc currently claims provider template types
(AWSMachineTemplate, AzureMachineTemplate, GCPMachineTemplate,
VSphereMachineTemplate and sigs.k8s.io/cluster-api/api/v1beta1
MachineSet/MachineDeployment) are vendored and accessed via typed
informers/listers, but the implementation uses the dynamic client and
unstructured->typed conversions; update the design to be consistent by removing
the vendor list and replacing the "Vendored API Types" section with a clear
description of the dynamic client approach (reading GVRs at runtime, using
dynamic.Interface, converting unstructured to typed structs), and then edit the
other mentions of "typed lister" / "typed client" (the references around the
template operations) so they describe using the dynamic client and conversion
flow instead of typed informers/clients so all mentions (including the sentence
that currently states templates are not vendored) match the implemented
dynamic-client approach.

In `@go.mod`:
- Around line 67-72: The go.mod lists cluster-api v1.13.2 and controller-runtime
v0.23.3 which expect k8s.io/* v0.35.x (CAPI release pins v0.35.3) but this repo
uses k8s.io/* v0.35.4; run a full local CI check (go mod tidy, go build ./...,
go test ./..., and your project's CI) to confirm nothing breaks with k8s.io/*
v0.35.4, and if tests fail update go.mod to pin k8s.io/* to v0.35.3 (or add a
replace) or bump controller-runtime/cluster-api to compatible versions; check
modules named cluster-api, controller-runtime and k8s.io/* in go.mod when making
the change.

---

Duplicate comments:
In `@docs/BootImageCAPIDesign.md`:
- Around line 61-67: The fenced code block showing CAPI resource structure
(MachineDeployment, MachineSet, spec.template.spec.infrastructureRef →
AWSMachineTemplate) needs a language tag to satisfy MD040; update the block to
use a non-executable tag such as ```text (or ```yaml) so the block becomes e.g.
```text followed by the existing lines referencing MachineDeployment,
spec.template.spec.infrastructureRef → AWSMachineTemplate and MachineSet, then
close the fence.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9b2e2215-a703-4243-a18b-7b4c8baf93ec

📥 Commits

Reviewing files that changed from the base of the PR and between 725623d and e2bb05b.

⛔ Files ignored due to path filters (289)

go.sum is excluded by !**/*.sum
vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/token.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/bearer/token_cache.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/identity.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/auth/scheme_id.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/changelog-template.json is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/context/suppress_expired.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/document.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/document/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/local-mod-replace.sh is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/logging/logger.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/metrics/metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/metrics/nop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/eventstream_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/ordered_group.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/stack.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/stack_values.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_build.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_deserialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_finalize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_initialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/middleware/step_serialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/modman.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/properties.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/from_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/gen_scalars.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/ptr/to_ptr.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/time/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/nop.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/tracing/tracing.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/auth.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/auth_schemes.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/checksum_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/headerlist.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/host.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/interceptor.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/interceptor_middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/internal/io/safe.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/md5_checksum.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_close_response_body.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_content_length.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_headers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_http_logging.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_metadata.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/middleware_min_proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/properties.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/request.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/response.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/time.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/transport/http/user_agent.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/aws/smithy-go/validation.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/exponential.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v4/tries.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/backoff.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/exponential.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/ticker.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cenkalti/backoff/v5/timer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/sign/ed25519/point.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/cloudflare/circl/sign/sign.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/methods.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/journal/journal.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/journal/journal_unix.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/deserialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/go-systemd/v22/unit/serialize.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/translate/translate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_4/types/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/directory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/file.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/mode.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/v3_5/types/url.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/coreos/ignition/v2/config/validate/validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/certpool.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/docker/go-connections/tlsconfig/config_client_ciphers.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/fatih/color/color_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/.editorconfig is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/decode_hooks.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/flake.lock is excluded by !**/*.lock, !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/flake.nix is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-viper/mapstructure/v2/mapstructure.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/golangci/plugin-module-register/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/env.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/folding.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/program.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/templates/authoring.tmpl is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/cel/validator.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/common/types/pb/type.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/cel-go/ext/native.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2.proto is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/openapiv2_protoopaque.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_appengine.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_others.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/mattn/go-colorable/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/builder.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/cat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/concat.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/cat/sql.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/chain.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/errors.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/helper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/inspect.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/multi_error.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool_above_1_24.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/pool_below_1_24.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/retry.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/errors/utils.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/LICENSE is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/conditional.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/field.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/global.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/inspector.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lc.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/buffered.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/colorized.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/json.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/memory.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/multi.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/slog.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lh/text.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/ll.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lx/lx.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/lx/ns.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/ll/middleware.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/.gitignore is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/.travis.yml is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/README.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/README_LEGACY.md is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/config.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/csv.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/deprecated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/option.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/pkg/twwarp/wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/pkg/twwidth/width.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/blueprint.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/colorized.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/html.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/junction.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/markdown.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/ocean.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/renderer/svg.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/table.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/table_with_color.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tablewriter.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/cell.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/deprecated.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/fn.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/mapper.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/preset.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/olekukonko/tablewriter/tw/renderer.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (7)

docs/BootImageCAPIDesign.md
go.mod
manifests/machineconfigcontroller/clusterrole.yaml
pkg/controller/bootimage/boot_image_controller.go
pkg/controller/bootimage/capi_helpers.go
pkg/controller/bootimage/capi_platform_helpers.go
pkg/controller/bootimage/vsphere_helpers.go

coderabbitai · 2026-05-22T18:26:41Z

+## Access Strategy: Vendored API Types
+
+The preferred approach is to vendor the API packages from the core CAPI repo and each provider repo. Provider repos expose a dedicated `api/` package that is much lighter than the full controller machinery, keeping the transitive dependency footprint manageable.
+
+Packages to vendor:
+- `sigs.k8s.io/cluster-api/api/v1beta1` — core `MachineSet` and `MachineDeployment` types
+- `sigs.k8s.io/cluster-api-provider-aws/api/v1beta2` — `AWSMachineTemplate`
+- `sigs.k8s.io/cluster-api-provider-azure/api/v1beta1` — `AzureMachineTemplate`
+- `sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1` — `GCPMachineTemplate`
+- `sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1` — `VSphereMachineTemplate`
+
+Using typed structs gives compile-time safety and avoids hardcoding field path strings. Typed informers and listers replace the dynamic informer factory approach. The dependency footprint of the `api/` packages should be validated when vendoring.
+


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Resolve critical inconsistency between typed and dynamic client approaches.

The "Access Strategy: Vendored API Types" section (lines 79-91) states that infrastructure template types (AWSMachineTemplate, AzureMachineTemplate, etc.) will be vendored and accessed via typed informers/listers/clients. Lines 150 and 156 reinforce this, referencing "typed lister from the vendored provider API package" and "typed client" for template operations.

However, line 185 explicitly contradicts this: "The infrastructure template types... are not vendored in MCO. The GVR for each template is read at runtime... this is why the dynamic client is used rather than typed structs."

The review stack context confirms the implementation uses dynamic client and unstructured->typed conversions, which aligns with line 185, not lines 79-91.

This inconsistency would seriously mislead implementers. Either:

Update lines 79-91 to remove provider template packages from the vendor list and describe the dynamic client approach, OR

Update line 185 if the templates are actually vendored and typed clients are used.

Lines 150 and 156 should then be updated to match whichever approach is actually implemented.

Also applies to: 150-150, 156-156, 185-186

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/BootImageCAPIDesign.md` around lines 79 - 91, The doc currently claims provider template types (AWSMachineTemplate, AzureMachineTemplate, GCPMachineTemplate, VSphereMachineTemplate and sigs.k8s.io/cluster-api/api/v1beta1 MachineSet/MachineDeployment) are vendored and accessed via typed informers/listers, but the implementation uses the dynamic client and unstructured->typed conversions; update the design to be consistent by removing the vendor list and replacing the "Vendored API Types" section with a clear description of the dynamic client approach (reading GVRs at runtime, using dynamic.Interface, converting unstructured to typed structs), and then edit the other mentions of "typed lister" / "typed client" (the references around the template operations) so they describe using the dynamic client and conversion flow instead of typed informers/clients so all mentions (including the sentence that currently states templates are not vendored) match the implemented dynamic-client approach.

coderabbitai · 2026-05-22T18:26:41Z

+	sigs.k8s.io/cluster-api v1.13.2
+	sigs.k8s.io/cluster-api-provider-aws/v2 v2.11.1
+	sigs.k8s.io/cluster-api-provider-azure v1.24.1
+	sigs.k8s.io/cluster-api-provider-gcp v1.12.0
+	sigs.k8s.io/cluster-api-provider-vsphere v1.16.1
+	sigs.k8s.io/controller-runtime v0.23.3


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

What are the latest stable versions of sigs.k8s.io/cluster-api and cluster-api-provider-aws, cluster-api-provider-azure, cluster-api-provider-gcp, cluster-api-provider-vsphere as of May 2026? Are cluster-api v1.13.2, provider-aws v2.11.1, provider-azure v1.24.1, provider-gcp v1.12.0, and provider-vsphere v1.16.1 compatible with Kubernetes v0.35.4 and controller-runtime v0.23.3?

💡 Result:

Latest stable versions as of 2026-05-22 (from the official release tags / default modules): - sigs.k8s.io/cluster-api: v1.13.0 [1] - cluster-api-provider-aws: v2.11.1 [2] - cluster-api-provider-azure: v1.24.1 [3] - cluster-api-provider-gcp: v1.12.0 [4] - cluster-api-provider-vsphere: v1.16.1 [5] Compatibility with Kubernetes v0.35.4 and controller-runtime v0.23.3 (for the given versions you listed): - Kubernetes v0.35.4: Not applicable as written. Kubernetes versions are normally expressed as v1.xx.y, not v0.xx.y. What is relevant in this ecosystem is that Cluster API v1.13 was bumped to k8s.io/* v0.35.3 → v0.35.4 and controller-runtime v0.23.3 (i.e., these are Go module versions used by the components), as noted in the v1.13.0 release notes [1]. - controller-runtime v0.23.3: The relevant signal for compatibility is that Cluster API v1.13 includes controller-runtime v0.23.3 (dependency bump) [1]. Answering the practical compatibility question (your listed set): - The specified versions (cluster-api v1.13.2, provider-aws v2.11.1, provider-azure v1.24.1, provider-gcp v1.12.0, provider-vsphere v1.16.1) align with the same controller-runtime v0.23 series used by Cluster API v1.13 (controller-runtime v0.23.3 is explicitly referenced in the v1.13 release notes) [1], and the providers selected are the latest stable versions published during May 2026 [2][3][4][5]. - However, I cannot confirm exact “v1.13.2 + each provider X.Y.Z is compatible with Kubernetes v1.35.4 and controller-runtime v0.23.3” from the sources retrieved: the provider pages I found in this pass describe compatibility with the corresponding Cluster API versions and Kubernetes versions supported by that Cluster API version, rather than explicitly enumerating the controller-runtime version or a specific Kubernetes patch version match for your exact combination [6][7]. Bottom line: - Latest stable versions (May 2026) are: cluster-api v1.13.0, provider-aws v2.11.1, provider-azure v1.24.1, provider-gcp v1.12.0, provider-vsphere v1.16.1. [1][2][3][4][5] - Controller-runtime v0.23.3 is consistent with Cluster API v1.13.x, since v1.13.0 bumps controller-runtime to v0.23.3. [1] - Exact compatibility with “Kubernetes v0.35.4” (as stated) cannot be verified because that version string doesn’t correspond to Kubernetes’ normal versioning, and the remaining compatibility information in retrieved provider sources is expressed in terms of Cluster API version compatibility and supported Kubernetes ranges, not a direct controller-runtime/Kubernetes patch-version handshake for your exact version set. [6][7]

Citations:

1: https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.13.0

2: https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases/tag/v2.11.1

3: https://pkg.go.dev/sigs.k8s.io/cluster-api-provider-azure

4: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/releases/tag/v1.12.0

5: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/releases/tag/v1.16.1

6: https://pkg.go.dev/sigs.k8s.io/cluster-api-provider-aws/v2

7: https://pkg.go.dev/sigs.k8s.io/cluster-api-provider-gcp

🌐 Web query:

cluster-api release tag v1.13.2 controller-runtime version and k8s.io v0.35.x bump notes

💡 Result:

Cluster API release tag v1.13.2 (released 2026-05-13) uses controller-runtime v0.23.3 and bumps all k8s.io/* dependencies to v0.35.x (specifically k8s.io/* v0.35.3, as part of the v1.13 series dependency bump). [1][2] Evidence: - The v1.13.0 release notes state a dependency bump to controller-runtime v0.23 and k8s.io/* v0.35, and list the exact k8s.io/* versions as v0.35.3 and controller-runtime as v0.23.3. [2] - The controller-runtime Go docs show controller-runtime v0.23.1 is paired with k8s.io/* v0.35 (and list k8s.io/* v0.35.0 component versions for that controller-runtime version), supporting the controller-runtime/k8s.io coupling used for the v0.23 line. [3] So, for “v1.13.2 controller-runtime version and k8s.io v0.35.x bump notes”, the relevant bump is: - controller-runtime: v0.23.3 [2] - k8s.io/*: bumped to v0.35.x, concretely v0.35.3 (k8s.io/api, apimachinery, client-go, etc.). [2]

Citations:

1: https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.13.2

2: https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.13.0

3: https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.23.1

🌐 Web query:

sigs.k8s.io/cluster-api latest release patch within v1.13 (is v1.13.2 the latest on 2026-05-22?)

💡 Result:

Yes. On 2026-05-22, the latest Cluster API v1.13 patch release is v1.13.2 (and it was released on 2026-05-13). [1][2] Evidence: - The upstream GitHub releases page lists v1.13.2 as the latest release. [2] - The v1.13.2 release tag page shows it as a v1.13.x patch release (v1.13.2). [1] So, within the v1.13 series, v1.13.2 is the latest patch release you should target on 2026-05-22.

Citations:

1: https://github.com/kubernetes-sigs/cluster-api/releases/tag/v1.13.2

2: https://github.com/kubernetes-sigs/cluster-api

🏁 Script executed:

#!/bin/bash set -euo pipefail # Print go.mod lines that reference Kubernetes module versions and controller-runtime rg -n --no-heading 'k8s\.io/|controller-runtime' go.mod

Repository: openshift/machine-config-operator

Length of output: 6079

CAPI deps are current and mutually aligned; verify k8s.io patch-level mismatch

The versions in go.mod are on the latest releases for the CAPI v1.13 line (cluster-api v1.13.2; providers: aws v2.11.1, azure v1.24.1, gcp v1.12.0, vsphere v1.16.1). cluster-api v1.13.2 also matches controller-runtime v0.23.3 and is designed for the k8s.io/* v0.35.x dependency set (pinned to v0.35.3 in that release). This repo uses k8s.io/* v0.35.4, so ensure the build/tests pass with that patch bump.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` around lines 67 - 72, The go.mod lists cluster-api v1.13.2 and controller-runtime v0.23.3 which expect k8s.io/* v0.35.x (CAPI release pins v0.35.3) but this repo uses k8s.io/* v0.35.4; run a full local CI check (go mod tidy, go build ./..., go test ./..., and your project's CI) to confirm nothing breaks with k8s.io/* v0.35.4, and if tests fail update go.mod to pin k8s.io/* to v0.35.3 (or add a replace) or bump controller-runtime/cluster-api to compatible versions; check modules named cluster-api, controller-runtime and k8s.io/* in go.mod when making the change.

djoshy added 3 commits May 22, 2026 09:17

bootimage: skip MachineSets migrated to CAPI

1ebb4a8

bootimage: add comments to patchSkipped

c9cc69a

bootimage: add CAPI callbacks

5375d59

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 22, 2026

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 22, 2026

coderabbitai Bot reviewed May 22, 2026

View reviewed changes

djoshy added 3 commits May 22, 2026 14:15

bootimage: add AWS callbacks

643d4a7

design doc

5fa9602

vendor bump for CAPI resources

e2bb05b

djoshy force-pushed the bootimage-mapi-to-capi branch from 725623d to e2bb05b Compare May 22, 2026 18:15

coderabbitai Bot reviewed May 22, 2026

View reviewed changes

-func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
-	ms := obj.(*unstructured.Unstructured)
-	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
-	ctrl.enqueueEvent("CAPIMachineSetDeleted")
+func (ctrl *Controller) deleteCAPIMachineSet(obj interface{}) {
+	ms, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			klog.V(4).Infof("Unexpected object type in deleteCAPIMachineSet: %T", obj)
+			return
+		}
+		var castOK bool
+		ms, castOK = tombstone.Obj.(*unstructured.Unstructured)
+		if !castOK {
+			klog.V(4).Infof("Unexpected tombstone object type in deleteCAPIMachineSet: %T", tombstone.Obj)
+			return
+		}
+	}
+	klog.Infof("CAPI MachineSet %s deleted, reconciling enrolled machine resources", ms.GetName())
+	ctrl.enqueueEvent("CAPIMachineSetDeleted")
+}

Conversation

djoshy commented May 22, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

openshift-ci Bot commented May 22, 2026

Uh oh!

openshift-merge-bot Bot commented May 22, 2026

Uh oh!

coderabbitai Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Suggested reviewers

❌ Failed checks (1 warning)

Uh oh!

openshift-ci Bot commented May 22, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot May 22, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

djoshy commented May 22, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 22, 2026 •

edited

Loading