[wip]OTA-1548: set up accepted risks

[hongkailiu]

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

Release Notes

• New Features

  • Added a new command to accept conditional update risks for cluster upgrades.

• Improvements

  • Enhanced upgrade flow to preserve accepted risks during cluster update operations.
  • Rollback command is now visible in the CLI.

• Chores

  • Updated underlying dependencies.

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Adds a new hidden Cobra subcommand to manage ClusterVersion accepted update risks, wires it behind a feature gate, propagates AcceptRisks handling into upgrade logic, updates dependencies, exposes unit tests for risk computation, and makes minor CLI and describer test adjustments.

Changes

Cohort / File(s)	Summary
Accept Risk Command pkg/cli/admin/upgrade/accept/accept.go, pkg/cli/admin/upgrade/accept/accept_test.go	New hidden Cobra subcommand implementing add/remove/replace/clear semantics for ClusterVersion.spec.desiredUpdate.acceptRisks, with client interface, options/Complete/Run flow, JSON Merge patch helper, validation, and unit tests for getAcceptRisks.
Upgrade CLI integration & AcceptRisks propagation pkg/cli/admin/upgrade/upgrade.go	Feature-gated wiring to add the new accept command; codepaths updated to propagate and preserve AcceptRisks when constructing, applying, or cancelling updates (patch payloads adjusted).
CLI visibility change pkg/cli/admin/upgrade/rollback/rollback.go	Removed Hidden: true from rollback command — rollback command is now visible.
Tests / Describer exceptions pkg/helpers/describe/describer_test.go	Added an exception entry for {Group:"apiextensions.openshift.io", Version:"v1alpha1"} in MissingDescriberGroupCoverageExceptions.
Dependencies go.mod	Updated versions for github.com/openshift/api and github.com/openshift/client-go in the require block.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI as "oc upgrade accept\n(Cobra cmd)"
    participant Client as "ClusterVersion client"
    participant API as "Kubernetes API / ClusterVersion"

    User->>CLI: invoke command (+/-/risk tokens, --replace/--clear)
    CLI->>CLI: parse flags, validate args (mutual exclusivity, tokens)
    CLI->>Client: GET ClusterVersion
    Client->>API: Fetch cv
    API-->>Client: cv with spec.desiredUpdate.acceptRisks
    Client-->>CLI: return cv
    CLI->>CLI: compute new acceptRisks (getAcceptRisks)
    alt changes needed
        CLI->>Client: PATCH ClusterVersion (JSON Merge Patch)
        Client->>API: apply patch
        API-->>Client: patched cv
        Client-->>CLI: success
        CLI->>User: print new acceptRisks summary
    else no changes
        CLI->>User: print "no changes" message
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Test assertions use cmp.Diff(actual, expected) instead of cmp.Diff(expected, actual), inverting diff output relative to (-want +got) label, violating meaningful failure message requirement.	Change cmp.Diff call at lines 55-56 from cmp.Diff(actual, testCase.expected) to cmp.Diff(testCase.expected, actual) to align diff output with error message labels.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title '[wip]OTA-1548: set up accepted risks' clearly describes the main change—introducing the ability to set up and manage accepted risks for cluster updates via a new command.
Stable And Deterministic Test Names	✅ Passed	All test names in the added test file are stable and deterministic, using static string literals that clearly describe test scenarios.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

134-136: Placeholder logic pending API update.

The hardcoded fake risks bypass actual ClusterVersion data. Ensure this is tracked for completion once the o/api dependency is updated.

Would you like me to open an issue to track this TODO?

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between f68dc90 and 42ccc9a.

📒 Files selected for processing (2)

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧬 Code graph analysis (2)

pkg/cli/admin/upgrade/accept/accept.go (1)

pkg/cli/admin/upgrade/upgrade.go (1)

• New (56-132)

pkg/cli/admin/upgrade/upgrade.go (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

• New (29-57)

🔇 Additional comments (1)

pkg/cli/admin/upgrade/upgrade.go (1)

28-28: LGTM!

The import and feature gate wiring follow the established pattern used for the status and rollback subcommands.

Also applies to: 126-128

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hongkailiu
Once this PR has been reviewed and has the lgtm label, please assign atiratree for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hongkailiu]

I will wait a bit on

• e2e utilities from https://github.com/openshift/oc/pull/2181/files#diff-c3b02e1c6c92fc59f6b49a20a38dbf177d8bf4189579639ab6e08a329b85cf59
• bump o/api from the team.

[hongkailiu]

Cluster bot: launch 4.22.0-0.nightly aws,techpreview. Note that the new accept cmd probably wont work with a cluster in 4.21. But i have not tested myself.

Testing results with 583aa51:

CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc                   
go build -mod=vendor -tags 'include_gcs include_oss containers_image_openpgp gssapi' -ldflags "-X github.com/openshift/oc/pkg/version.versionFromGit="v4.2.0-alpha.0-2854-g072f397" -X github.com/openshift/oc/pkg/version.commitFromGit="072f397b9" -X github.com/openshift/oc/pkg/version.gitTreeState="dirty" -X github.com/openshift/oc/pkg/version.buildDate="2026-01-26T02:45:16Z" -X k8s.io/component-base/version.gitMajor="1" -X k8s.io/component-base/version.gitMinor="34" -X k8s.io/component-base/version.gitVersion="v1.34.1" -X k8s.io/component-base/version.gitCommit="072f397b9" -X k8s.io/component-base/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/component-base/version.gitTreeState="clean" -X k8s.io/client-go/pkg/version.gitVersion="v4.2.0-alpha.0-2854-g072f397" -X k8s.io/client-go/pkg/version.gitCommit="072f397b9" -X k8s.io/client-go/pkg/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/client-go/pkg/version.gitTreeState="dirty"" github.com/openshift/oc/cmd/oc

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$  OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear                  
info: Accept risks are []
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate      
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4 --force --allow-explicit-upgrade --allow-upgrade-with-warnings
warning: The requested upgrade image is not one of the available updates. You have used --allow-explicit-upgrade for the update to proceed anyway
warning: --force overrides cluster verification of your supplied release image and waives any update precondition failures. Only use this if you are testing unsigned release images or you are working around a known bug in the cluster-version operator and you have verified the authenticity of the provided image yourself.
Requested update to release image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: true
image: quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
version: ''
$ ✗ oc adm upgrade status                                            
Unable to fetch alerts, ignoring alerts in 'Update Health':  no token is currently in use for this session
= Control Plane =
Assessment:      Progressing
Target Version:  4.22.0-ec.1 (from 4.22.0-0.nightly-2026-01-24-213011)
...

So we showed that the patchDesiredUpdate function keeps the cv.spec.desiredUpdate.acceptRisks intact.

oc/pkg/cli/admin/upgrade/upgrade.go

Line 688 in 90d7ae6

func patchDesiredUpdate(ctx context.Context, update *configv1.Update, client configv1client.Interface,

[JianLi-RH]

We also need to provide users with help information but it seems there are no any info:

[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade --help | grep -i "accept"
[jianl@jianl-thinkpadt14gen4 422]$ 

[hongkailiu]

but it seems there are no

Try this?

OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept -h

[hongkailiu]

Tested with 254493c

launch 4.22.0-0.nightly aws,techpreview

$ CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc
$  oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskB, riskC, riskA]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear    
info: Accept risks are []
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear
info: Accept risks are not changed
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB,riskC
info: Accept risks are [riskA, riskB, riskC]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB --replace
info: Accept risks are [riskA, riskB]
$ oc git:(accept-cmd) oc get clusterversion version -o yaml | yq -y .spec                                  
clusterID: 47dcb252-4e3b-4eb8-97d7-64ec7dbe4ff4
desiredUpdate:
  acceptRisks:
    - name: riskA
    - name: riskB
  architecture: ''
  force: false
  image: ''
  version: ''
overrides:
  - group: config.openshift.io

[JianLi-RH]

I just noticed an issue that we do not show help info for accept command, same issue to rollback command.
I think both accept and rollback are sub-command to oc adm upgrade, like channel, recommend and status, we should describe them for help.

Right now there are descriptions for channel, recommend and status:

[jianl@jianl-thinkpadt14gen4 422]$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade --help | grep -A5 "Available Commands:"
Available Commands:
  channel       Set or clear the update channel
  recommend     Displays cluster update recommendations.
  status        Display the status of the current cluster version update or multi-arch migration

Options:
[jianl@jianl-thinkpadt14gen4 422]$ 

[JianLi-RH]

#2170 (comment)

@hongkailiu I mean we need a command help info, like what we have for channel, recommend and status, otherwise customer will not know there is subcommand in oc adm upgrade.

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Summary by CodeRabbit

Release Notes

• New Features

• Added a new command to accept conditional update risks for cluster upgrades.

• Improvements

• Enhanced upgrade flow to preserve accepted risks during cluster update operations.

• Rollback command is now visible in the CLI.

• Chores

• Updated underlying dependencies.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

pkg/cli/admin/upgrade/upgrade.go (1)

236-236: Use existing request context for the clear patch call.

At Line [236], using context.TODO() bypasses the ctx already established in this method. Prefer passing ctx for cancellation/deadline propagation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/upgrade.go` at line 236, The Patch call using
context.TODO() should use the existing request context for cancellation/deadline
propagation: replace the context.TODO() argument in
o.Client.ConfigV1().ClusterVersions().Patch(...) with the method's ctx variable
so the Patch operation honors the caller's context.

pkg/cli/admin/upgrade/accept/accept.go (1)

57-57: Remove commented-out command config.

At Line [57], stale commented code (//Hidden: true,) is confusing now that visibility is intentional.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` at line 57, Remove the stale
commented-out command configuration line "//Hidden:  true," from the accept
command definition to avoid confusion; locate the accept command (e.g., the
acceptCmd or NewAcceptCmd command/constructor in accept.go) and delete that
commented line so the command configuration contains only active fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/cli/admin/upgrade/accept/accept_test.go`:
- Around line 55-56: The test's diff argument order is inverted: change the
cmp.Diff call in the accept_test.go assertion from cmp.Diff(actual,
testCase.expected) to cmp.Diff(testCase.expected, actual) so the produced diff
matches the "(-want +got)" label; this affects the assertion around
getAcceptRisks() where variables actual and testCase.expected are compared using
cmp.Diff.

In `@pkg/cli/admin/upgrade/accept/accept.go`:
- Line 49: The long help text for the accept command contains a typo: change the
phrase "excepted risks" to "accepted risks" in the long description string (the
Long/LongHelp text associated with the accept command, e.g., in the acceptCmd
declaration or its help variable in accept.go) so the user-facing help displays
"accepted risks".
- Around line 155-156: The call to patchDesiredUpdate currently uses
context.TODO(), which prevents Run(ctx) cancellation/timeouts from propagating;
change the call to pass the incoming context (ctx) instead. Locate the
invocation of patchDesiredUpdate in the accept flow (the call using
patchDesiredUpdate(context.TODO(), acceptRisks,
o.Client.ConfigV1().ClusterVersions(), "version")) and replace the placeholder
context with the Run(ctx) parameter so patchDesiredUpdate receives the caller's
context; ensure any surrounding functions (e.g., Run(ctx)) keep ctx in scope and
thread it through to this call.

In `@pkg/cli/admin/upgrade/upgrade.go`:
- Around line 269-271: The code dereferences cv.Spec.DesiredUpdate.AcceptRisks
without guarding for nil; update the logic around the assignment to
update.AcceptRisks so you first check that cv.Spec != nil and
cv.Spec.DesiredUpdate != nil before reading AcceptRisks (and fall back to a safe
default, e.g. false, when DesiredUpdate is nil). Apply the same nil-check fix at
the other occurrence referencing cv.Spec.DesiredUpdate.AcceptRisks (the second
instance noted) so both reads are protected and cannot panic.

---

Nitpick comments:
In `@pkg/cli/admin/upgrade/accept/accept.go`:
- Line 57: Remove the stale commented-out command configuration line "//Hidden: 
true," from the accept command definition to avoid confusion; locate the accept
command (e.g., the acceptCmd or NewAcceptCmd command/constructor in accept.go)
and delete that commented line so the command configuration contains only active
fields.

In `@pkg/cli/admin/upgrade/upgrade.go`:
- Line 236: The Patch call using context.TODO() should use the existing request
context for cancellation/deadline propagation: replace the context.TODO()
argument in o.Client.ConfigV1().ClusterVersions().Patch(...) with the method's
ctx variable so the Patch operation honors the caller's context.

---

ℹ️ Review info

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 42ccc9a and 2153086.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (6)

• go.mod
• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/accept/accept_test.go
• pkg/cli/admin/upgrade/rollback/rollback.go
• pkg/cli/admin/upgrade/upgrade.go
• pkg/helpers/describe/describer_test.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix cmp.Diff argument order in failure output.

At Line [55], cmp.Diff(actual, testCase.expected) conflicts with the (-want +got) label and inverts diff semantics.

Proposed fix

-			if diff := cmp.Diff(actual, testCase.expected); diff != "" {
+			if diff := cmp.Diff(testCase.expected, actual); diff != "" {
 				t.Errorf("getAcceptRisks() mismatch (-want +got):\n%s", diff)
 			}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if diff := cmp.Diff(actual, testCase.expected); diff != "" {
	t.Errorf("getAcceptRisks() mismatch (-want +got):\n%s", diff)
	if diff := cmp.Diff(testCase.expected, actual); diff != "" {
	t.Errorf("getAcceptRisks() mismatch (-want +got):\n%s", diff)
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept_test.go` around lines 55 - 56, The test's
diff argument order is inverted: change the cmp.Diff call in the accept_test.go
assertion from cmp.Diff(actual, testCase.expected) to
cmp.Diff(testCase.expected, actual) so the produced diff matches the "(-want
+got)" label; this affects the assertion around getAcceptRisks() where variables
actual and testCase.expected are compared using cmp.Diff.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

User-facing typo in long help text.

At Line [49], “excepted risks” should be “accepted risks”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` at line 49, The long help text for
the accept command contains a typo: change the phrase "excepted risks" to
"accepted risks" in the long description string (the Long/LongHelp text
associated with the accept command, e.g., in the acceptCmd declaration or its
help variable in accept.go) so the user-facing help displays "accepted risks".

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use the passed context for patch calls.

At Line [155], context.TODO() ignores the caller context from Run(ctx), so cancellation/timeouts won’t propagate to the API call.

Proposed fix

-		if err := patchDesiredUpdate(context.TODO(), acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
+		if err := patchDesiredUpdate(ctx, acceptRisks, o.Client.ConfigV1().ClusterVersions(), "version"); err != nil {
 			return err
 		}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/accept/accept.go` around lines 155 - 156, The call to
patchDesiredUpdate currently uses context.TODO(), which prevents Run(ctx)
cancellation/timeouts from propagating; change the call to pass the incoming
context (ctx) instead. Locate the invocation of patchDesiredUpdate in the accept
flow (the call using patchDesiredUpdate(context.TODO(), acceptRisks,
o.Client.ConfigV1().ClusterVersions(), "version")) and replace the placeholder
context with the Run(ctx) parameter so patchDesiredUpdate receives the caller's
context; ensure any surrounding functions (e.g., Run(ctx)) keep ctx in scope and
thread it through to this call.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Guard cv.Spec.DesiredUpdate before reading AcceptRisks.

At Line [270] and Line [411], dereferencing cv.Spec.DesiredUpdate.AcceptRisks can panic when cv.Spec.DesiredUpdate == nil (valid state for clusters with no desired update set).

Proposed fix

-		if update != nil {
-			update.AcceptRisks = cv.Spec.DesiredUpdate.AcceptRisks
-		}
+		if cv.Spec.DesiredUpdate != nil {
+			update.AcceptRisks = append([]configv1.AcceptRisk(nil), cv.Spec.DesiredUpdate.AcceptRisks...)
+		}
...
-		update.AcceptRisks = cv.Spec.DesiredUpdate.AcceptRisks
+		if cv.Spec.DesiredUpdate != nil {
+			update.AcceptRisks = append([]configv1.AcceptRisk(nil), cv.Spec.DesiredUpdate.AcceptRisks...)
+		}

Also applies to: 411-411

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/cli/admin/upgrade/upgrade.go` around lines 269 - 271, The code
dereferences cv.Spec.DesiredUpdate.AcceptRisks without guarding for nil; update
the logic around the assignment to update.AcceptRisks so you first check that
cv.Spec != nil and cv.Spec.DesiredUpdate != nil before reading AcceptRisks (and
fall back to a safe default, e.g. false, when DesiredUpdate is nil). Apply the
same nil-check fix at the other occurrence referencing
cv.Spec.DesiredUpdate.AcceptRisks (the second instance noted) so both reads are
protected and cannot panic.

[hongkailiu]

$ git --no-pager log --pretty=oneline -1
506aaa41ab10afc01415cf65a4d5e1250953d4c8 (HEAD -> accept-cmd) Stop hiding rollback cmd

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true OC_ENABLE_CMD_UPGRADE_ROLLBACK=true ./oc adm upgrade -h | grep 'Available Commands:' -A 7
Available Commands:
  accept        Accept risks exposed to conditional updates.
  channel       Set or clear the update channel
  recommend     Displays cluster update recommendations.
  rollback      Rollback the cluster to the previous release.
  status        Display the status of the current cluster version update or multi-arch migration

Options:

$ OC_ENABLE_CMD_UPGRADE_ROLLBACK=true ./oc adm upgrade -h | grep 'Available Commands:' -A 7                                        
Available Commands:
  channel       Set or clear the update channel
  recommend     Displays cluster update recommendations.
  rollback      Rollback the cluster to the previous release.
  status        Display the status of the current cluster version update or multi-arch migration

Options:
    --allow-explicit-upgrade=false:

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade -h | grep 'Available Commands:' -A 7                                    
Available Commands:
  accept        Accept risks exposed to conditional updates.
  channel       Set or clear the update channel
  recommend     Displays cluster update recommendations.
  status        Display the status of the current cluster version update or multi-arch migration

Options:
    --allow-explicit-upgrade=false:

$ ./oc adm upgrade -h | grep 'Available Commands:' -A 7
Available Commands:
  channel       Set or clear the update channel
  recommend     Displays cluster update recommendations.
  status        Display the status of the current cluster version update or multi-arch migration

Options:
    --allow-explicit-upgrade=false:
        Upgrade even if the upgrade target is not listed in the available versions list.

Also did a search: Probable they are hidden because those cmd are deprecated and not yet removed from the code base. I knew it is the case for create_kubeconfig. So the users are not supposed to see them.

$ rg 'Hidden:' -g '!vendor/'
pkg/cli/serviceaccounts/newtoken.go
83:             Hidden:     true,

pkg/cli/serviceaccounts/create_kubeconfig.go
68:             Hidden:     true,

pkg/cli/serviceaccounts/subcommand.go
26:             Hidden:     true,

pkg/cli/serviceaccounts/gettoken.go
63:             Hidden:     true,

[openshift-ci]

@hongkailiu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	2153086	link	true	/test images
ci/prow/e2e-aws-oc-ote	2153086	link	false	/test e2e-aws-oc-ote
ci/prow/e2e-aws-ovn-upgrade	2153086	link	true	/test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn-serial-2of2	2153086	link	true	/test e2e-aws-ovn-serial-2of2
ci/prow/e2e-agnostic-ovn-cmd	2153086	link	true	/test e2e-agnostic-ovn-cmd
ci/prow/e2e-aws-ovn	2153086	link	true	/test e2e-aws-ovn
ci/prow/e2e-aws-ovn-serial-1of2	2153086	link	true	/test e2e-aws-ovn-serial-1of2
ci/prow/e2e-agent-compact-ipv4	2153086	link	false	/test e2e-agent-compact-ipv4
ci/prow/e2e-aws-oc-ote-serial	2153086	link	false	/test e2e-aws-oc-ote-serial

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.