SPLAT-2745: Changed vSphere cloud config to be read from openshift-config-managed

[vr4manta]

SPLAT-2745

Goal

Update the Machine API Operator (MAO) to use the new version of cloud config located in the openshift-config-managed namespace, and ensure the operator picks up the latest changes after any updates to the cluster Infrastructure spec.

Background / Problem

MAO currently consumes a cloud-config source that is being superseded by a new version published in openshift-config-managed. In addition, changes to Infrastructure.spec should trigger MAO to refresh/reconcile its effective cloud-config so it stays aligned with cluster-level infra settings.

Changes

• Changed vSphere cloud config to be read from openshift-config-managed

Summary by CodeRabbit

• Chores
  • Updated vSphere configuration loading to use a managed namespace approach, improving how OpenShift configuration is accessed and managed in vSphere environments.

[openshift-ci-robot]

@vr4manta: This pull request references SPLAT-2745 which is a valid jira issue.

Details

In response to this:

SPLAT-2745

Changes

• Changed vSphere cloud config to be read from openshift-config-managed

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

The vSphere actuator now reads OpenShift cloud config from a fixed managed ConfigMap (kube-cloud-config in openshift-config-managed) using the cloud.conf key. Infrastructure-based lookup and CloudConfig name/key validation were removed; tests and actuator wiring were updated to use the new constants and ConfigMap-driven flow.

Changes

Cloud Config Source Migration

Layer / File(s)	Summary
Constants & Data Shape pkg/controller/vsphere/util.go	Replaced OpenshiftConfigNamespace with OpenshiftConfigManagedNamespace (openshift-config-managed), OpenshiftConfigManagedConfigMap (kube-cloud-config), and OpenshiftConfigManagedCloudConfigKey (cloud.conf).
Core Logic pkg/controller/vsphere/util.go	getVSphereConfig now loads the fixed ConfigMap from the managed namespace and reads cloud.conf directly; removed Infrastructure lookup and CloudConfig name/key validation.
Wiring / Integration cmd/vsphere/main.go	Actuator initialization updated to pass vsphere.OpenshiftConfigManagedNamespace for the OpenShift config namespace parameter.
Tests / Test Harnesses pkg/controller/vsphere/*_test.go, pkg/controller/vsphere/reconciler_test.go	Test fixtures updated to create the managed ConfigMap with OpenshiftConfigManagedConfigMap and OpenshiftConfigManagedCloudConfigKey; infra object creation and infra-based wiring removed across multiple tests; fake clients now include the ConfigMap (and secrets) instead of Infrastructure.
Test Utilities pkg/controller/vsphere/util_test.go, pkg/controller/vsphere/machine_scope_test.go	Imports of OpenShift config API removed; tests simplified to use the managed ConfigMap and its key.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Ote Binary Stdout Contract	❌ Error	OTE Stdout Contract violation: fmt.Println in cmd/vsphere/main.go:113 writes plain text to stdout in main(), corrupting JSON expected by openshift-tests.	Change fmt.Println(version.String) to fmt.Fprintln(os.Stderr, version.String) to redirect to stderr.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: vSphere cloud config is now read from the openshift-config-managed namespace instead of the previous location, which is consistent with all file changes across the codebase.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Check not applicable: modified test files use Go's standard testing package, not Ginkgo. No Ginkgo test declarations found.
Test Structure And Quality	✅ Passed	Tests use table-driven patterns, proper defer cleanup, timeouts on Eventually calls, meaningful error messages, and consistent codebase patterns.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. All tests are Go unit tests using the standard testing package. The custom check only applies to new Ginkgo e2e tests and is not triggered here.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Check not applicable. PR modifies unit tests (func Test...) only, not Ginkgo e2e tests. No It(), Describe(), Context(), or When() tests were added.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies vSphere cloud configuration loading only. No scheduling constraints (affinity, node selectors, topology spread, etc.) are introduced. Check not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. All changes are to existing standard Go unit tests using testing.T package and Gomega assertions. The custom check is not applicable.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pkg/controller/vsphere/util.go (1)

55-63: ⚡ Quick win

Wrap ConfigMap read failures with object context.

Returning the raw c.Get error here loses which ConfigMap/namespace was attempted, which slows incident triage.

Proposed patch

 	if err := c.Get(context.Background(), cmName, cm); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get ConfigMap %s/%s: %w", cmName.Namespace, cmName.Name, err)
 	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/vsphere/util.go` around lines 55 - 63, The ConfigMap read
error from c.Get loses object context; update the error return in the block that
calls c.Get(context.Background(), cmName, cm) to wrap the original error with
the ConfigMap name and namespace (use cmName.Name or
OpenshiftConfigManagedConfigMap and cmName.Namespace/configNamespace) so callers
see "failed to get ConfigMap <name> in namespace <ns>: <err>" — modify the code
around cm, cmName and the c.Get call to return a wrapped error instead of the
raw err.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/controller/vsphere/util.go`:
- Around line 55-63: The ConfigMap read error from c.Get loses object context;
update the error return in the block that calls c.Get(context.Background(),
cmName, cm) to wrap the original error with the ConfigMap name and namespace
(use cmName.Name or OpenshiftConfigManagedConfigMap and
cmName.Namespace/configNamespace) so callers see "failed to get ConfigMap <name>
in namespace <ns>: <err>" — modify the code around cm, cmName and the c.Get call
to return a wrapped error instead of the raw err.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c2249583-be08-4c68-95da-74766ccc810f

📥 Commits

Reviewing files that changed from the base of the PR and between 3687798 and f3d2abf.

📒 Files selected for processing (2)

• cmd/vsphere/main.go
• pkg/controller/vsphere/util.go

[vr4manta]

/retest

[coderabbitai]

🧹 Nitpick comments (2)

pkg/controller/vsphere/util_test.go (1)

32-46: ⚡ Quick win

Add coverage for the new fallback and error paths.

This only exercises the happy path. The behavior change here is also in the empty-namespace fallback and the missing cloud.conf error, so a regression there would currently pass unnoticed.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/vsphere/util_test.go` around lines 32 - 46,
TestGetVSphereConfig currently only verifies the happy path; add unit tests to
cover the new fallback and error paths by creating additional test cases that
(1) simulate the empty-namespace fallback by invoking getVSphereConfig with an
empty namespace (or a configmap in a different namespace) and asserting it
returns the expected fallback behavior, and (2) simulate a missing cloud.conf by
building a fake client without OpenshiftConfigManagedCloudConfigKey (or with it
empty) and asserting getVSphereConfig returns the appropriate error; reference
the existing TestGetVSphereConfig, getVSphereConfig,
OpenshiftConfigManagedConfigMap, OpenshiftConfigManagedCloudConfigKey, and
openshiftConfigNamespaceForTest to locate and extend the tests.

pkg/controller/vsphere/util.go (1)

61-69: ⚡ Quick win

Include the ConfigMap identity in config-load errors.

After moving to a fixed managed ConfigMap, the raw Get error and the missing-key error no longer tell operators which namespace/name was attempted. Wrapping both with cmName.Namespace and cmName.Name will make missing RBAC/config/sync issues much easier to diagnose from logs.

♻️ Proposed diff

 	if err := c.Get(context.Background(), cmName, cm); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get vSphere cloud config ConfigMap %s/%s: %w", cmName.Namespace, cmName.Name, err)
 	}

 	cloudConfig, found := cm.Data[OpenshiftConfigManagedCloudConfigKey]
 	if !found {
-		return nil, fmt.Errorf("cloud-config ConfigMap has no %q key",
-			OpenshiftConfigManagedCloudConfigKey,
-		)
+		return nil, fmt.Errorf("vSphere cloud config ConfigMap %s/%s has no %q key",
+			cmName.Namespace,
+			cmName.Name,
+			OpenshiftConfigManagedCloudConfigKey,
+		)
 	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/vsphere/util.go` around lines 61 - 69, Wrap both the c.Get
error and the missing-key error with the ConfigMap identity to aid debugging:
when c.Get(context.Background(), cmName, cm) returns err, return a wrapped error
including cmName.Namespace and cmName.Name (use fmt.Errorf and %w to preserve
the original err), and when the key lookup for
OpenshiftConfigManagedCloudConfigKey fails, include cmName.Namespace and
cmName.Name in the returned fmt.Errorf message so operators can see which
ConfigMap was read (reference c.Get, cmName, cm, and
OpenshiftConfigManagedCloudConfigKey).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/controller/vsphere/util_test.go`:
- Around line 32-46: TestGetVSphereConfig currently only verifies the happy
path; add unit tests to cover the new fallback and error paths by creating
additional test cases that (1) simulate the empty-namespace fallback by invoking
getVSphereConfig with an empty namespace (or a configmap in a different
namespace) and asserting it returns the expected fallback behavior, and (2)
simulate a missing cloud.conf by building a fake client without
OpenshiftConfigManagedCloudConfigKey (or with it empty) and asserting
getVSphereConfig returns the appropriate error; reference the existing
TestGetVSphereConfig, getVSphereConfig, OpenshiftConfigManagedConfigMap,
OpenshiftConfigManagedCloudConfigKey, and openshiftConfigNamespaceForTest to
locate and extend the tests.

In `@pkg/controller/vsphere/util.go`:
- Around line 61-69: Wrap both the c.Get error and the missing-key error with
the ConfigMap identity to aid debugging: when c.Get(context.Background(),
cmName, cm) returns err, return a wrapped error including cmName.Namespace and
cmName.Name (use fmt.Errorf and %w to preserve the original err), and when the
key lookup for OpenshiftConfigManagedCloudConfigKey fails, include
cmName.Namespace and cmName.Name in the returned fmt.Errorf message so operators
can see which ConfigMap was read (reference c.Get, cmName, cm, and
OpenshiftConfigManagedCloudConfigKey).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c08c6b67-e586-4d52-aeaf-d8e28bd08b74

📥 Commits

Reviewing files that changed from the base of the PR and between f3d2abf and b385a53.

📒 Files selected for processing (6)

• cmd/vsphere/main.go
• pkg/controller/vsphere/actuator_test.go
• pkg/controller/vsphere/machine_scope_test.go
• pkg/controller/vsphere/reconciler_test.go
• pkg/controller/vsphere/util.go
• pkg/controller/vsphere/util_test.go

[damdo]

/hold

[damdo]

/approve
/lgtm

Let's run some testing

[damdo]

/test ?

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: damdo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [damdo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[damdo]

/test e2e-vsphere-operator
/test e2e-vsphere-ovn-upgrade
/test e2e-vsphere-ovn
/test e2e-vsphere-static-ovn
/test e2e-vsphere-ovn-multi-vcenter

[damdo]

/retest

[openshift-ci]

@vr4manta: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[vr4manta]

/verified by @vr4manta

[openshift-ci-robot]

@vr4manta: This PR has been marked as verified by @vr4manta.

Details

In response to this:

/verified by @vr4manta

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[damdo]

/unhold