Skip to content

HYPERFLEET-1202 - refactor: update Maestro adapter CEL to use template platform type#64

Draft
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-update-adapter-platform-type
Draft

HYPERFLEET-1202 - refactor: update Maestro adapter CEL to use template platform type#64
rafabene wants to merge 1 commit into
openshift-hyperfleet:mainfrom
rafabene:HYPERFLEET-1202-update-adapter-platform-type

Conversation

@rafabene

@rafabene rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

Test plan

  • E2E Maestro transport tests pass (depends on hyperfleet-e2e#138 merging together)

…e platform type

Update adapter task-config and ManifestWork template to reference
spec.platform.template instead of spec.platform.gcp, aligning with
the E2E cluster payloads that now use the api-spec-template typed
ClusterPlatformSpec.
@openshift-ci openshift-ci Bot requested review from ldornele and pnguyen44 July 2, 2026 19:47
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign vkareh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Two config files were modified to redirect platformType detection logic. The CEL precondition expression in adapter-task-config.yaml now checks spec.platform.template.subnets instead of spec.platform.gcp.subnets, with corresponding existence guards for the template object. The Go template conditional in adapter-task-resource-manifestwork.yaml now matches platformType == "template" instead of "gcp", changing which branch assigns the platform_tier value.

Estimated code review effort: 2 (Simple) | ~10 minutes

Changes

File Change
helmfile/configs/e2e/adapters/cl-maestro/adapter-task-config.yaml CEL precondition subnets path changed from gcp to template
helmfile/configs/e2e/adapters/cl-maestro/adapter-task-resource-manifestwork.yaml Go template conditional string changed from "gcp" to "template"

Security note: No dependency, CI/CD, IDE config, or .gitattributes files touched — no supply chain surface impacted in this diff. However, verify: mismatch between the CEL guard (checks spec.platform.template presence) and the manifestwork conditional (string match on platformType == "template") must be validated end-to-end — a stale or attacker-influenced platformType field not covered by both checks could cause silent branch misassignment of platform_tier (improper input validation, CWE-20). No CVE applicable; this is config-only logic, not code executing untrusted input directly.

Suggested labels: config, adapter, e2e

Suggested reviewers: cl-maestro adapter owners

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed No log statements in the two modified YAML files; no CWE-532 secret leakage risk found.
No Hardcoded Secrets ✅ Passed No hardcoded secrets, credentials, embedded creds, or long base64 literals in the touched YAML/templates; only template vars and config constants. CWE-798/CWE-321 not present.
No Weak Cryptography ✅ Passed PASS: The touched YAML templates contain no crypto primitives, ECB, SHA1-for-security, or secret comparisons (CWE-327/328/916).
No Injection Vectors ✅ Passed PASS: no CWE-89/78/79/502 sinks in the changed YAML; only static CEL/Go-template conditionals and field iteration.
No Privileged Containers ✅ Passed No privileged container flags or root settings appear in the changed YAML; only CEL/template logic changed (CWE-250).
No Pii Or Sensitive Data In Logs ✅ Passed PASS: The diff only edits YAML templates and adds no slog/logr/zap/fmt.Print statements or raw data logging; no CWE-532/CWE-200 exposure found.
Title check ✅ Passed The title matches the main change: switching the Maestro adapter from gcp to template platform type.
Description check ✅ Passed The description accurately describes the CEL and template changes and their dependency on the upstream payload update.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands.

@rafabene

rafabene commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

/retest

@rafabene rafabene marked this pull request as draft July 2, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant