OCPBUGS-74418: Introduce KMSEncryption feature gate by ardaguclu · Pull Request #2670 · openshift/api

ardaguclu · 2026-01-26T07:52:05Z

User description

This is manual backport of #2669

PR Type

Bug fix

Description

Relax KMS validation rule to allow nil KMSConfig when type is KMS
Update validation message to clarify kms config is only forbidden for non-KMS types
Modify test case to verify nil kms config is now accepted with KMS type
Regenerate all CRD manifests and OpenAPI specs with updated validation rules

Diagram Walkthrough

flowchart LR
  A["Old validation rule:<br/>KMS type requires kms config"] -->|"Relax constraint"| B["New validation rule:<br/>Only forbid kms config for non-KMS types"]
  B --> C["Updated test cases"]
  B --> D["Regenerated CRD manifests"]
  B --> E["Updated OpenAPI spec"]

File Walkthrough

Relevant files

Bug fix

1 files

types_apiserver.go `Update KMS validation rule to allow nil config`	+1/-1

Tests

1 files

KMSEncryptionProvider.yaml `Update test to verify nil kms config acceptance`	+10/-4

Configuration changes

7 files

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml `Regenerate CRD with updated validation rule`	+2/-4
0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml `Regenerate CRD with updated validation rule`	+2/-4
0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml `Regenerate CRD with updated validation rule`	+2/-4
KMSEncryptionProvider.yaml `Regenerate featuregated CRD with updated validation`	+2/-4
0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml `Regenerate payload CRD with updated validation rule`	+2/-4
0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml `Regenerate payload CRD with updated validation rule`	+2/-4
0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml `Regenerate payload CRD with updated validation rule`	+2/-4

Documentation

1 files

openapi.json `Remove feature gate reference from description`	+1/-1

openshift-ci-robot · 2026-01-26T07:52:08Z

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

openshift-ci-robot · 2026-01-26T07:52:10Z

@ardaguclu: This pull request references CNTRLPLANE-2241 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

This is manual backport of #2669

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2026-01-26T07:52:14Z

Hello @ardaguclu! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

coderabbitai · 2026-01-26T07:52:17Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b8dd3251-2c9e-4847-9f0a-ab6cf11af82f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci-robot · 2026-01-26T07:52:39Z

@ardaguclu: This pull request references CNTRLPLANE-2241 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

Details

In response to this:

User description

This is manual backport of #2669

PR Type

Bug fix

Description

Relax KMS validation rule to allow nil KMSConfig when type is KMS

Update validation message to clarify kms config is only forbidden for non-KMS types

Modify test case to verify nil kms config is now accepted with KMS type

Regenerate all CRD manifests and OpenAPI specs with updated validation rules

Diagram Walkthrough
flowchart LR
 A["Old validation rule: KMS type requires kms config"] -->|"Relax constraint"| B["New validation rule: Only forbid kms config for non-KMS types"]
 B --> C["Updated test cases"]
 B --> D["Regenerated CRD manifests"]
 B --> E["Updated OpenAPI spec"]
Loading
File Walkthrough

Relevant files
Bug fix
1 files

types_apiserver.go
Update KMS validation rule to allow nil config
+1/-1

Tests
1 files

KMSEncryptionProvider.yaml
Update test to verify nil kms config acceptance
+10/-4

Configuration changes
7 files

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

KMSEncryptionProvider.yaml
Regenerate featuregated CRD with updated validation
+2/-4

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

Documentation
1 files

openapi.json
Remove feature gate reference from description
+1/-1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

qodo-code-review · 2026-01-26T07:52:49Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Encryption misconfiguration Description: Relaxing the validation to allow `spec.encryption.type: KMS` with `spec.encryption.kms` unset may permit an encryption-at-rest misconfiguration (e.g., operator/controller behavior could fall back to a weaker/default provider or fail open), so reviewers should verify runtime behavior when KMS is selected but no KMS provider config is supplied. types_apiserver.go [178-178] Referred Code // +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="self.type != 'KMS' ? !has(self.kms) : true",message="kms config is forbidden when encryption type is not KMS" // +union
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Nil KMS edge case: The updated validation allows `type: KMS` with a missing `kms` configuration, which may lead to a runtime failure or unclear behavior unless downstream consumers explicitly handle the nil/empty KMS config case. Referred Code // +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="self.type != 'KMS' ? !has(self.kms) : true",message="kms config is forbidden when encryption type is not KMS" // +union Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Relaxed validation risk: By relaxing the schema rule to permit a nil `kms` config when `self.type` is `KMS`, the API may accept potentially insecure or non-functional encryption configurations unless other layers enforce completeness. Referred Code // +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="self.type != 'KMS' ? !has(self.kms) : true",message="kms config is forbidden when encryption type is not KMS" // +union Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

qodo-code-review · 2026-01-26T07:53:46Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Simplify KMS validation rule Simplify the CEL validation expression by replacing the ternary operator with a more direct logical OR. config/v1/types_apiserver.go [178] -// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="self.type != 'KMS' ? !has(self.kms) : true",message="kms config is forbidden when encryption type is not KMS" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="self.type == 'KMS' \|\| !has(self.kms)",message="kms config is forbidden when encryption type is not KMS" Apply / Chat Suggestion importance[1-10]: 4 __ Why: The suggestion correctly identifies that the CEL expression can be simplified to `self.type == 'KMS' \|\| !has(self.kms)`, which improves readability and maintainability.	Low
Update

ardaguclu · 2026-01-26T09:43:14Z

/cc @benluddy @bertinatto @p0lyn0mial

ardaguclu · 2026-01-26T11:50:57Z

/hold

openshift-ci-robot · 2026-01-26T14:19:47Z

@ardaguclu: This pull request references Jira Issue OCPBUGS-68343, which is invalid:

expected the bug to target the "4.21.0" version, but no target version was set
release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
expected Jira Issue OCPBUGS-68343 to depend on a bug targeting a version in 4.22.0 and in one of the following states: MODIFIED, ON_QA, VERIFIED, but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

User description

This is manual backport of #2669

PR Type

Bug fix

Description

Relax KMS validation rule to allow nil KMSConfig when type is KMS

Update validation message to clarify kms config is only forbidden for non-KMS types

Modify test case to verify nil kms config is now accepted with KMS type

Regenerate all CRD manifests and OpenAPI specs with updated validation rules

Diagram Walkthrough
flowchart LR
 A["Old validation rule: KMS type requires kms config"] -->|"Relax constraint"| B["New validation rule: Only forbid kms config for non-KMS types"]
 B --> C["Updated test cases"]
 B --> D["Regenerated CRD manifests"]
 B --> E["Updated OpenAPI spec"]
Loading
File Walkthrough

Relevant files
Bug fix
1 files

types_apiserver.go
Update KMS validation rule to allow nil config
+1/-1

Tests
1 files

KMSEncryptionProvider.yaml
Update test to verify nil kms config acceptance
+10/-4

Configuration changes
7 files

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

KMSEncryptionProvider.yaml
Regenerate featuregated CRD with updated validation
+2/-4

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

Documentation
1 files

openapi.json
Remove feature gate reference from description
+1/-1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-01-26T14:25:38Z

@ardaguclu: This pull request references Jira Issue OCPBUGS-74418, which is invalid:

expected the bug to target either version "4.21." or "openshift-4.21.", but it targets "4.22.0" instead
release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
expected dependent Jira Issue OCPBUGS-68343 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

User description

This is manual backport of #2669

PR Type

Bug fix

Description

Relax KMS validation rule to allow nil KMSConfig when type is KMS

Update validation message to clarify kms config is only forbidden for non-KMS types

Modify test case to verify nil kms config is now accepted with KMS type

Regenerate all CRD manifests and OpenAPI specs with updated validation rules

Diagram Walkthrough
flowchart LR
 A["Old validation rule: KMS type requires kms config"] -->|"Relax constraint"| B["New validation rule: Only forbid kms config for non-KMS types"]
 B --> C["Updated test cases"]
 B --> D["Regenerated CRD manifests"]
 B --> E["Updated OpenAPI spec"]
Loading
File Walkthrough

Relevant files
Bug fix
1 files

types_apiserver.go
Update KMS validation rule to allow nil config
+1/-1

Tests
1 files

KMSEncryptionProvider.yaml
Update test to verify nil kms config acceptance
+10/-4

Configuration changes
7 files

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

KMSEncryptionProvider.yaml
Regenerate featuregated CRD with updated validation
+2/-4

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

Documentation
1 files

openapi.json
Remove feature gate reference from description
+1/-1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

ardaguclu · 2026-01-26T14:26:25Z

/jira refresh

openshift-ci-robot · 2026-01-26T14:26:30Z

@ardaguclu: This pull request references Jira Issue OCPBUGS-74418, which is invalid:

expected dependent Jira Issue OCPBUGS-68343 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

ardaguclu · 2026-01-27T05:39:42Z

/hold cancel

openshift-ci-robot · 2026-03-04T08:44:00Z

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-hypershift
/test e2e-aws-ovn-hypershift-conformance
/test e2e-aws-ovn-techpreview
/test e2e-aws-serial-1of2
/test e2e-aws-serial-2of2
/test e2e-aws-serial-techpreview-1of2
/test e2e-aws-serial-techpreview-2of2
/test e2e-azure
/test e2e-gcp
/test e2e-upgrade
/test e2e-upgrade-out-of-change

openshift-ci · 2026-03-04T08:44:53Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ardaguclu · 2026-03-04T11:15:42Z

Unrelated
/retest

ardaguclu · 2026-03-04T11:38:49Z

/retest

ardaguclu · 2026-03-04T12:03:47Z

/verified by CI

p0lyn0mial · 2026-03-04T12:47:54Z

/verified by ci

openshift-ci-robot · 2026-03-04T12:48:05Z

@p0lyn0mial: This PR has been marked as verified by ci.

Details

In response to this:

/verified by ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

ardaguclu · 2026-03-04T13:02:08Z

/retest

wangke19 · 2026-03-04T14:01:36Z

/test e2e-aws-ovn-hypershift

qodo-code-review · 2026-03-04T14:01:42Z

PR-Agent: could not fine a component named e2e-aws-ovn-hypershift in a supported language in this PR.

openshift-ci · 2026-03-04T17:17:58Z

@ardaguclu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-crd-schema	`16be4b9`	link	true	`/test verify-crd-schema`
ci/prow/verify-crdify	`16be4b9`	link	true	`/test verify-crdify`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2026-03-04T17:22:58Z

@ardaguclu: Jira Issue OCPBUGS-74418: Some pull requests linked via external trackers have merged:

The following pull request, linked via external tracker, has not merged:

openshift/cluster-openshift-apiserver-operator#656 is open

All associated pull requests must be merged or unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-74418 has not been moved to the MODIFIED state.

This PR is marked as verified. If the remaining PRs listed above are marked as verified before merging, the issue will automatically be moved to VERIFIED after all of the changes from the PRs are available in an accepted nightly payload.

Details

In response to this:

User description

This is manual backport of #2669

PR Type

Bug fix

Description

Relax KMS validation rule to allow nil KMSConfig when type is KMS

Update validation message to clarify kms config is only forbidden for non-KMS types

Modify test case to verify nil kms config is now accepted with KMS type

Regenerate all CRD manifests and OpenAPI specs with updated validation rules

Diagram Walkthrough
flowchart LR
 A["Old validation rule: KMS type requires kms config"] -->|"Relax constraint"| B["New validation rule: Only forbid kms config for non-KMS types"]
 B --> C["Updated test cases"]
 B --> D["Regenerated CRD manifests"]
 B --> E["Updated OpenAPI spec"]
Loading
File Walkthrough

Relevant files
Bug fix
1 files

types_apiserver.go
Update KMS validation rule to allow nil config
+1/-1

Tests
1 files

KMSEncryptionProvider.yaml
Update test to verify nil kms config acceptance
+10/-4

Configuration changes
7 files

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate CRD with updated validation rule
+2/-4

KMSEncryptionProvider.yaml
Regenerate featuregated CRD with updated validation
+2/-4

0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml
Regenerate payload CRD with updated validation rule
+2/-4

Documentation
1 files

openapi.json
Remove feature gate reference from description
+1/-1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-merge-robot · 2026-03-12T00:57:42Z

Fix included in accepted release 4.21.0-0.nightly-2026-03-11-185944

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jan 26, 2026

openshift-ci bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 26, 2026

openshift-ci bot requested review from JoelSpeed and everettraven January 26, 2026 07:52

qodo-code-review bot added the Review effort 2/5 label Jan 26, 2026

openshift-ci bot requested review from benluddy, bertinatto and p0lyn0mial January 26, 2026 09:43

openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 26, 2026

ardaguclu changed the title ~~CNTRLPLANE-2241: Loosen KMS validation to allow nil KMSConfig~~ CNTRLPLANE-2241: Introduce KMSEncryption feature gate Jan 26, 2026

ardaguclu changed the title ~~CNTRLPLANE-2241: Introduce KMSEncryption feature gate~~ OCPBUGS-68343: Introduce KMSEncryption feature gate Jan 26, 2026

openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Jan 26, 2026

ardaguclu changed the title ~~OCPBUGS-68343: Introduce KMSEncryption feature gate~~ OCPBUGS-74418: Introduce KMSEncryption feature gate Jan 26, 2026

openshift-ci-robot mentioned this pull request Jan 26, 2026

OCPBUGS-68343: Introduce KMSEncryption feature gate #2669

Merged

ardaguclu force-pushed the loosen-kms-validation-4.21 branch from 1f7dfcd to 484390a Compare January 27, 2026 05:39

openshift-ci bot removed the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 27, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Mar 4, 2026

This was referenced Mar 4, 2026

[release-4.21] OCPBUGS-74418: Add KMS test scenarios openshift/cluster-kube-apiserver-operator#2054

Merged

[release-4.21] OCPBUGS-74418: Add KMS test scenarios openshift/cluster-authentication-operator#844

Merged

openshift-merge-bot bot merged commit b0658d2 into openshift:release-4.21 Mar 4, 2026
26 checks passed

ardaguclu deleted the loosen-kms-validation-4.21 branch March 4, 2026 17:30

ardaguclu mentioned this pull request Mar 11, 2026

WIP: Backport KMS TechPreview v1 API changes to 4.21 #2737

Closed

Conversation

ardaguclu commented Jan 26, 2026 • edited by qodo-code-review bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

User description

PR Type

Description

Diagram Walkthrough

File Walkthrough

Uh oh!

openshift-ci-robot commented Jan 26, 2026

Uh oh!

openshift-ci-robot commented Jan 26, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Jan 26, 2026

Uh oh!

coderabbitai bot commented Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Uh oh!

openshift-ci-robot commented Jan 26, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

User description

PR Type

Description

Diagram Walkthrough

File Walkthrough

Uh oh!

qodo-code-review bot commented Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

PR Compliance Guide 🔍

Uh oh!

qodo-code-review bot commented Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

PR Code Suggestions ✨

Uh oh!

ardaguclu commented Jan 26, 2026

Uh oh!

ardaguclu commented Jan 26, 2026

Uh oh!

openshift-ci-robot commented Jan 26, 2026

User description

PR Type

Description

Diagram Walkthrough

File Walkthrough

Uh oh!

openshift-ci-robot commented Jan 26, 2026

User description

PR Type

Description

Diagram Walkthrough

File Walkthrough

Uh oh!

ardaguclu commented Jan 26, 2026

Uh oh!

openshift-ci-robot commented Jan 26, 2026

Uh oh!

ardaguclu commented Jan 27, 2026

Uh oh!

openshift-ci-robot commented Mar 4, 2026

Uh oh!

openshift-ci bot commented Mar 4, 2026

Uh oh!

ardaguclu commented Mar 4, 2026

Uh oh!

ardaguclu commented Mar 4, 2026

Uh oh!

ardaguclu commented Mar 4, 2026

Uh oh!

p0lyn0mial commented Mar 4, 2026

Uh oh!

openshift-ci-robot commented Mar 4, 2026

Uh oh!

ardaguclu commented Mar 4, 2026

Uh oh!

wangke19 commented Mar 4, 2026

Uh oh!

qodo-code-review bot commented Mar 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ardaguclu commented Jan 26, 2026 •

edited by qodo-code-review bot

Loading

openshift-ci-robot commented Jan 26, 2026 •

edited by openshift-ci bot

Loading

coderabbitai bot commented Jan 26, 2026 •

edited

Loading

openshift-ci-robot commented Jan 26, 2026 •

edited by openshift-ci bot

Loading

qodo-code-review bot commented Jan 26, 2026 •

edited

Loading

qodo-code-review bot commented Jan 26, 2026 •

edited

Loading

qodo-code-review bot commented Mar 4, 2026 •

edited

Loading