MON-4578: Add new fields to ThanosQuerierConfig

[danielmellado]

Port ThanosQuerierConfig fields from the CMO ConfigMap API to the
ClusterMonitoring CRD. LogLevel reuses the existing LogLevel enum
(Error, Warn, Info, Debug). EnableRequestLogging and EnableCORS use
a new ThanosQuerierToggle string enum (Enabled, Disabled) following
the Kubernetes API convention of avoiding *bool fields.

Signed-off-by: Daniel Mellado dmellado@fedoraproject.org

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @danielmellado! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added three optional fields to ThanosQuerierConfig: logLevel (Error|Warn|Info|Debug), requestLogging (object with policy: AllRequests|NoRequests), and crossOriginRequestPolicy (AllowAll|DenyAll). Introduced string enum types RequestLoggingPolicy and CrossOriginRequestPolicy with exported constants. The ClusterMonitoring CRD schema now declares these properties (with defaults) and tests were added/updated to validate accepted values and explicit rejections for unsupported values.

Suggested reviewers

• JoelSpeed

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is related to the changeset but contains discrepancies: it mentions EnableRequestLogging, EnableCORS, and ThanosQuerierToggle enum, but the actual changes show requestLogging as a nested object with a policy field, crossOriginRequestPolicy as a direct enum field, and RequestLoggingPolicy/CrossOriginRequestPolicy enums instead.	Update the description to accurately reflect the implemented changes: requestLogging is a nested object with a policy field, not a toggle; crossOriginRequestPolicy is a separate enum field; and the enums are RequestLoggingPolicy and CrossOriginRequestPolicy, not ThanosQuerierToggle.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding new fields (logLevel, requestLogging, crossOriginRequestPolicy) to the ThanosQuerierConfig type.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in the PR are stable and deterministic. The 128 test cases have static, descriptive titles with no dynamic content such as UUIDs, timestamps, or generated identifiers.
Test Structure And Quality	✅ Passed	Tests follow repository patterns: single responsibility, proper setup/cleanup, consistent with existing codebase. Test framework issues predate this PR.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR. Changes are limited to type definitions, CRD schemas, and YAML-based validation test data (not Ginkgo test code).
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. Changes include CRD schema validation test cases (YAML), Go type definitions, and CRD manifests—not end-to-end tests affected by SNO compatibility.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds configuration fields to CRD API schema only. No deployment manifests, controller code, or scheduling constraints present.
Ote Binary Stdout Contract	✅ Passed	PR adds type definitions and YAML manifests only; no process-level stdout writes in executable code that would violate the OTE Binary Stdout Contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. The changes are: YAML declarative test cases for CRD validation, Go type definitions, and CRD manifest updates. The check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[danielmellado]

/test verify-deps

[openshift-ci-robot]

@danielmellado: This pull request references MON-4578 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Port ThanosQuerierConfig fields from the CMO ConfigMap API to the
ClusterMonitoring CRD. LogLevel reuses the existing LogLevel enum
(Error, Warn, Info, Debug). EnableRequestLogging and EnableCORS use
a new ThanosQuerierToggle string enum (Enabled, Disabled) following
the Kubernetes API convention of avoiding *bool fields.

Signed-off-by: Daniel Mellado dmellado@fedoraproject.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[danielmellado]

/retest-required

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml (1)

1505-1543: ⚡ Quick win

Consider adding a test for requestLogging with empty object.

The file includes tests for empty nested objects with required fields (e.g., lines 2280-2282 for systemd.collect: {} and lines 2290-2292 for netClass.collect: {}). Since requestLogging is a nested object with a required policy field, consider adding a similar test case to verify that requestLogging: {} is properly rejected with an error indicating the missing required field.

📋 Suggested test case

    - name: Should reject ThanosQuerierConfig with requestLogging empty object
      initial: |
        apiVersion: config.openshift.io/v1alpha1
        kind: ClusterMonitoring
        spec:
          thanosQuerierConfig:
            requestLogging: {}
      expectedError: "spec.thanosQuerierConfig.requestLogging: Invalid value"

This test should be added after line 1543 (after the invalid policy test) to maintain consistency with the pattern used for similar nested structures elsewhere in the file.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml`
around lines 1505 - 1543, Add a new test case that verifies an empty
requestLogging object is rejected: create a test named like "Should reject
ThanosQuerierConfig with requestLogging empty object" that sets
spec.thanosQuerierConfig.requestLogging: {} in the initial YAML and expects an
error indicating the invalid/missing required field (e.g., expectedError
containing "spec.thanosQuerierConfig.requestLogging: Invalid value" or similar).
Place this test immediately after the existing invalid-policy test so it follows
the other requestLogging validations and mirrors the pattern used for other
nested-required-field tests (see existing tests referencing requestLogging and
policy).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@config/v1alpha1/types_cluster_monitoring.go`:
- Around line 2480-2482: Update the type comment for
ThanosQuerierRequestLoggingConfig to explicitly document the kubebuilder
validation marker `+kubebuilder:validation:MinProperties=1` by stating that the
struct requires at least one of its fields to be set; mention optionality of
fields (if applicable) and that this constraint enforces at least one property
present when the config is provided so readers and generated docs reflect the
rule for ThanosQuerierRequestLoggingConfig.

---

Nitpick comments:
In
`@config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml`:
- Around line 1505-1543: Add a new test case that verifies an empty
requestLogging object is rejected: create a test named like "Should reject
ThanosQuerierConfig with requestLogging empty object" that sets
spec.thanosQuerierConfig.requestLogging: {} in the initial YAML and expects an
error indicating the invalid/missing required field (e.g., expectedError
containing "spec.thanosQuerierConfig.requestLogging: Invalid value" or similar).
Place this test immediately after the existing invalid-policy test so it follows
the other requestLogging validations and mirrors the pattern used for other
nested-required-field tests (see existing tests referencing requestLogging and
policy).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c6ef1740-3a27-44b6-8e96-cf4176e3fd58

📥 Commits

Reviewing files that changed from the base of the PR and between b6ab5b9 and d1fcdca.

⛔ Files ignored due to path filters (5)

• config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*

📒 Files selected for processing (3)

• config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml
• config/v1alpha1/types_cluster_monitoring.go
• payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document the MinProperties constraint explicitly.

ThanosQuerierRequestLoggingConfig has +kubebuilder:validation:MinProperties=1, but the type comment doesn’t explicitly state that at least one field must be set.

As per coding guidelines, "All kubebuilder validation markers must be documented in the field's comment, including field optionality, length constraints, value constraints, and advanced validation rules".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@config/v1alpha1/types_cluster_monitoring.go` around lines 2480 - 2482, Update
the type comment for ThanosQuerierRequestLoggingConfig to explicitly document
the kubebuilder validation marker `+kubebuilder:validation:MinProperties=1` by
stating that the struct requires at least one of its fields to be set; mention
optionality of fields (if applicable) and that this constraint enforces at least
one property present when the config is provided so readers and generated docs
reflect the rule for ThanosQuerierRequestLoggingConfig.

[everettraven]

Aside from one minor comment, this LGTM.

[coderabbitai]

🧹 Nitpick comments (1)

config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml (1)

1505-1543: ⚡ Quick win

Add a missing rejection case for requestLogging: {}.

This covers valid and invalid enum values, but not the required-field path where policy is omitted. Adding that case protects the requestLogging.policy required contract.

🧪 Proposed test addition

     - name: Should reject ThanosQuerierConfig with invalid requestLogging policy
       initial: |
         apiVersion: config.openshift.io/v1alpha1
         kind: ClusterMonitoring
         spec:
           thanosQuerierConfig:
             requestLogging:
               policy: "InvalidValue"
       expectedError: 'spec.thanosQuerierConfig.requestLogging.policy: Unsupported value: "InvalidValue": supported values: "AllRequests", "NoRequests"'
+    - name: Should reject ThanosQuerierConfig with requestLogging missing policy
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          thanosQuerierConfig:
+            requestLogging: {}
+      expectedError: 'spec.thanosQuerierConfig.requestLogging'

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml`
around lines 1505 - 1543, The test suite for ClusterMonitoring is missing a
rejection case when thanosQuerierConfig.requestLogging is provided but omits the
required field requestLogging.policy; add a new test case (similar to the other
entries) named something like "Should reject ThanosQuerierConfig with missing
requestLogging.policy" that uses an initial manifest with
spec.thanosQuerierConfig.requestLogging: {} and sets expectedError to indicate
the required field is missing (e.g.,
'spec.thanosQuerierConfig.requestLogging.policy: Required value: must be
specified'); place this alongside the existing tests for requestLogging to
ensure the required-field validation for requestLogging.policy is covered.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml`:
- Around line 1505-1543: The test suite for ClusterMonitoring is missing a
rejection case when thanosQuerierConfig.requestLogging is provided but omits the
required field requestLogging.policy; add a new test case (similar to the other
entries) named something like "Should reject ThanosQuerierConfig with missing
requestLogging.policy" that uses an initial manifest with
spec.thanosQuerierConfig.requestLogging: {} and sets expectedError to indicate
the required field is missing (e.g.,
'spec.thanosQuerierConfig.requestLogging.policy: Required value: must be
specified'); place this alongside the existing tests for requestLogging to
ensure the required-field validation for requestLogging.policy is covered.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3f44a2c7-5afb-4b1d-bd5d-0019b8d14a51

📥 Commits

Reviewing files that changed from the base of the PR and between d1fcdca and 0ed3b01.

⛔ Files ignored due to path filters (5)

• config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/zz_generated*
• config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*

📒 Files selected for processing (3)

• config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml
• config/v1alpha1/types_cluster_monitoring.go
• payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml

[everettraven]

/test verify

[everettraven]

Verify check looked to fail on an unrelated issue. If it fails for a similar reason, this PR may need to be rebased on the latest master changes to pick up a change.

[openshift-ci]

@danielmellado: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.