Skip to content

CM-1039: Thread context.Context from Reconcile() through controller helpers#419

Open
sebrandon1 wants to merge 1 commit into
openshift:masterfrom
sebrandon1:ctx-consistency-rebase
Open

CM-1039: Thread context.Context from Reconcile() through controller helpers#419
sebrandon1 wants to merge 1 commit into
openshift:masterfrom
sebrandon1:ctx-consistency-rebase

Conversation

@sebrandon1

@sebrandon1 sebrandon1 commented May 6, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Member

Summary

  • Removes the stored ctx context.Context field from both istiocsr and trustmanager Reconciler structs
  • Threads context from Reconcile(ctx context.Context, ...) through every helper method call chain (37 files, ~90 call sites)
  • Tests pass context.Background() explicitly (semantically correct for test entrypoints)

Motivation

Both controllers stored a context.Context initialized once to context.Background() in New(). The Reconcile() method receives a proper request-scoped context from controller-runtime, but all helper methods used the stale struct field. This defeats cancellation and deadline propagation from the framework.

This supersedes #242, which attempted to standardize context usage by replacing context.Background() with context.TODO() everywhere — semantically backwards since context.TODO() signals "placeholder, haven't decided yet" while context.Background() is correct for top-level contexts.

Test plan

  • go test ./pkg/controller/istiocsr/... passes
  • go test ./pkg/controller/trustmanager/... passes
  • go build ./... succeeds
  • make lint shows only pre-existing issues (none introduced)
  • No remaining r.ctx references in either package

Summary by CodeRabbit

  • Refactor
    • Request-scoped contexts are now threaded through both reconciliation flows for improved cancellation, timeouts, and tracing.
    • Context-awareness added across IstioCSR and TrustManager reconciliation, including deployments, services, RBAC, service accounts, network policies, certificates, config maps, and webhooks.
    • Status updates, multi-instance decision logic, and cleanup operations now use the incoming context for more consistent updates and error handling.
    • Updated related helper signatures and tests to pass context explicitly.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 6, 2026
@openshift-ci-robot

openshift-ci-robot commented May 6, 2026
edited by openshift-ci Bot
Loading

Copy link
Copy Markdown

@sebrandon1: This pull request references CM-1039 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

  • Removes the stored ctx context.Context field from both istiocsr and trustmanager Reconciler structs
  • Threads context from Reconcile(ctx context.Context, ...) through every helper method call chain (37 files, ~90 call sites)
  • Tests pass context.Background() explicitly (semantically correct for test entrypoints)

Motivation

Both controllers stored a context.Context initialized once to context.Background() in New(). The Reconcile() method receives a proper request-scoped context from controller-runtime, but all helper methods used the stale struct field. This defeats cancellation and deadline propagation from the framework.

This supersedes #242, which attempted to standardize context usage by replacing context.Background() with context.TODO() everywhere — semantically backwards since context.TODO() signals "placeholder, haven't decided yet" while context.Background() is correct for top-level contexts.

Test plan

  • go test ./pkg/controller/istiocsr/... passes
  • go test ./pkg/controller/trustmanager/... passes
  • go build ./... succeeds
  • make lint shows only pre-existing issues (none introduced)
  • No remaining r.ctx references in either package

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented May 6, 2026
edited
Loading

Copy link
Copy Markdown

Walkthrough

Propagates Go contexts through IstioCSR and TrustManager controllers: removes stored reconciler context, adds ctx context.Context parameters to reconcile entrypoints, orchestration helpers, resource reconcilers, and utility/status functions, and updates all Kubernetes client calls to use the passed context.

Changes

Context propagation through controller reconciliation

Layer / File(s) Summary
Reconciler shape & constructors
pkg/controller/istiocsr/controller.go, pkg/controller/trustmanager/controller.go, pkg/controller/istiocsr/test_utils.go, pkg/controller/trustmanager/test_utils.go		 Removed ctx context.Context field from Reconciler types and stopped initializing a stored context in constructors and test helpers.
Reconcile entry points and delegation
pkg/controller/istiocsr/controller.go, pkg/controller/trustmanager/controller.go		 Updated Reconcile methods to accept incoming context and delegate to processReconcileRequest(ctx, ...) methods; threaded context through deletion paths and status condition updates.
Deployment reconciliation orchestration
pkg/controller/istiocsr/install_istiocsr.go, pkg/controller/trustmanager/install_trustmanager.go		 Updated reconcileIstioCSRDeployment and reconcileTrustManagerDeployment to accept context and propagate it through all createOrApply* calls and final status updates; added context-aware namespace validation helpers.
IstioCSR resource reconcilers
pkg/controller/istiocsr/{certificates,deployments,networkpolicies,rbacs,serviceaccounts,services}.go		 Threaded context through all resource reconciliation methods: updated method signatures to accept ctx, replaced r.ctx with passed context in all Kubernetes client operations (Exists, Get, Patch, Create, UpdateWithRetry, List, Delete), and propagated context through CA config map handling and issuer resolution.
TrustManager resource reconcilers
pkg/controller/trustmanager/{certificates,configmaps,deployments,rbacs,serviceaccounts,services,webhooks}.go		 Updated resource reconciliation method signatures to accept ctx and replaced all uses of stored r.ctx with the passed context in client operations; affected all createOrApply* methods for certificates, ConfigMaps, deployments, RBAC, service accounts, services, and webhooks.
Utilities and status updates
pkg/controller/istiocsr/utils.go, pkg/controller/trustmanager/utils.go		 Added ctx parameters to updateCondition, namespaceExists, disallowMultipleIstioCSRInstances (IstioCSR) and updateCondition, namespaceExists (TrustManager) to enable request-scoped context usage in status and existence checks.
All test updates
pkg/controller/istiocsr/*_test.go, pkg/controller/trustmanager/*_test.go		 Updated all test invocations to pass context.Background() as the first argument to context-aware functions; test setup, assertions, and expected behaviors remain unchanged.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

Suggested reviewers

  • swghosh
🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 10.34% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (14 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely summarizes the main change: threading context.Context from Reconcile() through controller helpers, which is the primary objective of this refactoring PR.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR uses standard Go testing framework, not Ginkgo. No test names contain dynamic information; all are static, descriptive strings. Test modifications only affect method invocation signatures, n...
Test Structure And Quality ✅ Passed Tests use standard Go testing (not Ginkgo). All modified tests are table-driven with t.Run, have meaningful assertion messages including context values, properly pass context.Background() at test e...
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e tests are added in this PR. Changes are limited to threading context.Context through controller implementations and updating existing unit test call sites. Check is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo e2e tests were added in this PR. The changes are limited to context propagation in controller code and updates to existing unit tests (standard Go testing package, not Ginkgo). The SN...
Topology-Aware Scheduling Compatibility ✅ Passed This PR is a context propagation refactoring that does not modify deployment specs, affinity/anti-affinity rules, topology constraints, nodeSelectors, tolerations, or replica counts. No scheduling...
Ote Binary Stdout Contract ✅ Passed PR contains only context refactoring with no new stdout writes. No main(), TestMain(), or suite setup functions exist in affected library packages.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests are added by this PR. The PR contains only refactoring changes to context propagation in existing unit tests (standard Go testing.T), with no new e2e test additions requirin...
No-Weak-Crypto ✅ Passed PR is purely a context propagation refactoring. No weak cryptography (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB) introduced, no custom crypto implementations, no unsafe secret comparisons detected.
Container-Privileges ✅ Passed PR contains only Go source code changes (context propagation in controller helpers), no container/K8s manifests; check does not apply.
No-Sensitive-Data-In-Logs ✅ Passed PR is a pure refactoring that threads context.Context through method calls. No new logging statements were added, and existing logs only expose benign Kubernetes metadata like resource names and ty...

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from mytreya-rh and swghosh May 6, 2026 17:14
@openshift-ci

openshift-ci Bot commented May 6, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign swghosh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai[bot]
coderabbitai Bot reviewed May 6, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/controller/istiocsr/utils.go (1)

481-486: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve the original reconciliation error in the aggregate.

When updateStatus fails, this branch currently returns the raw status-update error twice and drops prependErr. That hides the actual root cause whenever both operations fail.

Proposed fix 
 func (r *Reconciler) updateCondition(ctx context.Context, istiocsr *v1alpha1.IstioCSR, prependErr error) error {
 	if err := r.updateStatus(ctx, istiocsr); err != nil {
 		errUpdate := fmt.Errorf("failed to update %s/%s status: %w", istiocsr.GetNamespace(), istiocsr.GetName(), err)
 		if prependErr != nil {
-			return utilerrors.NewAggregate([]error{err, errUpdate})
+			return utilerrors.NewAggregate([]error{prependErr, errUpdate})
 		}
 		return errUpdate
 	}
 	return prependErr
 }
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/istiocsr/utils.go` around lines 481 - 486, The updateCondition
function currently aggregates the status-update error twice and discards the
original reconciliation error (prependErr); change the aggregation so that when
updateStatus fails you return an aggregate containing the original prependErr
and the constructed errUpdate (i.e., utilerrors.NewAggregate([]error{prependErr,
errUpdate})) so the root reconciliation error is preserved; keep the existing
behavior when prependErr is nil (return errUpdate or the single status error as
before). Reference: function updateCondition, call to r.updateStatus, variable
prependErr and errUpdate.
🧹 Nitpick comments (2)
pkg/controller/istiocsr/install_instiocsr_test.go (1)

116-125: ⚡ Quick win

Assert that the reconcile context is the one reaching client calls.

This only exercises the new signature today. If reconcileIstioCSRDeployment or one of its helpers regresses to context.Background(), these tests still pass because every fake ignores ctx. Passing a sentinel context here and checking it in one mocked Get/Create/UpdateWithRetry callback would lock in the behavior this PR is meant to preserve.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/istiocsr/install_instiocsr_test.go` around lines 116 - 125,
The test must assert the actual context passed into controller client calls:
create a sentinel context (e.g., ctx := context.WithValue(context.Background(),
"sentinel", true)) in the subtest before calling r.reconcileIstioCSRDeployment,
pass that ctx into the call instead of context.Background(), and configure one
of the fake client callbacks on fakes.FakeCtrlClient (Get or Create or
UpdateWithRetry) to check that the incoming ctx equals the sentinel (or contains
the sentinel value) and fail the test if not; update testReconciler usage in the
subtest to use this ctx and reference reconcileIstioCSRDeployment,
FakeCtrlClient, and istiocsr so the assertion locks the intended behavior.
pkg/controller/trustmanager/webhooks_test.go (1)

227-242: ⚡ Quick win

Verify that the provided context is forwarded to Exists/Patch.

Right now this just compiles against the new API. A future fallback to context.Background() inside createOrApplyValidatingWebhookConfiguration would still pass. Using a sentinel context here and asserting it inside one fake client callback would make the context-threading change testable.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/trustmanager/webhooks_test.go` around lines 227 - 242, The
test should verify the context is forwarded to the client methods: create a
sentinel context (e.g., ctxSentinel := context.WithValue(context.Background(),
"sentinel", struct{}{})), call r.createOrApplyValidatingWebhookConfiguration
with that ctxSentinel instead of context.Background(), and configure the fake
client (fakes.FakeCtrlClient) inside the test (via mock.ExistsStub and/or
mock.PatchStub) to assert the incoming ctx equals ctxSentinel (fail the test if
not) before returning; update the test case that exercises
createOrApplyValidatingWebhookConfiguration to set those stubs so Exists/Patch
receive and validate the sentinel context.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@pkg/controller/istiocsr/utils.go`:
- Around line 481-486: The updateCondition function currently aggregates the
status-update error twice and discards the original reconciliation error
(prependErr); change the aggregation so that when updateStatus fails you return
an aggregate containing the original prependErr and the constructed errUpdate
(i.e., utilerrors.NewAggregate([]error{prependErr, errUpdate})) so the root
reconciliation error is preserved; keep the existing behavior when prependErr is
nil (return errUpdate or the single status error as before). Reference: function
updateCondition, call to r.updateStatus, variable prependErr and errUpdate.

---

Nitpick comments:
In `@pkg/controller/istiocsr/install_instiocsr_test.go`:
- Around line 116-125: The test must assert the actual context passed into
controller client calls: create a sentinel context (e.g., ctx :=
context.WithValue(context.Background(), "sentinel", true)) in the subtest before
calling r.reconcileIstioCSRDeployment, pass that ctx into the call instead of
context.Background(), and configure one of the fake client callbacks on
fakes.FakeCtrlClient (Get or Create or UpdateWithRetry) to check that the
incoming ctx equals the sentinel (or contains the sentinel value) and fail the
test if not; update testReconciler usage in the subtest to use this ctx and
reference reconcileIstioCSRDeployment, FakeCtrlClient, and istiocsr so the
assertion locks the intended behavior.

In `@pkg/controller/trustmanager/webhooks_test.go`:
- Around line 227-242: The test should verify the context is forwarded to the
client methods: create a sentinel context (e.g., ctxSentinel :=
context.WithValue(context.Background(), "sentinel", struct{}{})), call
r.createOrApplyValidatingWebhookConfiguration with that ctxSentinel instead of
context.Background(), and configure the fake client (fakes.FakeCtrlClient)
inside the test (via mock.ExistsStub and/or mock.PatchStub) to assert the
incoming ctx equals ctxSentinel (fail the test if not) before returning; update
the test case that exercises createOrApplyValidatingWebhookConfiguration to set
those stubs so Exists/Patch receive and validate the sentinel context.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 23714fe0-8a1a-4c99-a548-c1d17e7437d7

📥 Commits

Reviewing files that changed from the base of the PR and between a2e7514 and df73b9f.

📒 Files selected for processing (37)
  • pkg/controller/istiocsr/certificates.go
  • pkg/controller/istiocsr/certificates_test.go
  • pkg/controller/istiocsr/controller.go
  • pkg/controller/istiocsr/controller_test.go
  • pkg/controller/istiocsr/deployments.go
  • pkg/controller/istiocsr/deployments_test.go
  • pkg/controller/istiocsr/install_instiocsr_test.go
  • pkg/controller/istiocsr/install_istiocsr.go
  • pkg/controller/istiocsr/networkpolicies.go
  • pkg/controller/istiocsr/rbacs.go
  • pkg/controller/istiocsr/rbacs_test.go
  • pkg/controller/istiocsr/serviceaccounts.go
  • pkg/controller/istiocsr/serviceaccounts_test.go
  • pkg/controller/istiocsr/services.go
  • pkg/controller/istiocsr/services_test.go
  • pkg/controller/istiocsr/test_utils.go
  • pkg/controller/istiocsr/utils.go
  • pkg/controller/trustmanager/certificates.go
  • pkg/controller/trustmanager/certificates_test.go
  • pkg/controller/trustmanager/configmaps.go
  • pkg/controller/trustmanager/configmaps_test.go
  • pkg/controller/trustmanager/controller.go
  • pkg/controller/trustmanager/controller_test.go
  • pkg/controller/trustmanager/deployments.go
  • pkg/controller/trustmanager/deployments_test.go
  • pkg/controller/trustmanager/install_trustmanager.go
  • pkg/controller/trustmanager/install_trustmanager_test.go
  • pkg/controller/trustmanager/rbacs.go
  • pkg/controller/trustmanager/rbacs_test.go
  • pkg/controller/trustmanager/serviceaccounts.go
  • pkg/controller/trustmanager/serviceaccounts_test.go
  • pkg/controller/trustmanager/services.go
  • pkg/controller/trustmanager/services_test.go
  • pkg/controller/trustmanager/test_utils.go
  • pkg/controller/trustmanager/utils.go
  • pkg/controller/trustmanager/webhooks.go
  • pkg/controller/trustmanager/webhooks_test.go
💤 Files with no reviewable changes (2)
  • pkg/controller/trustmanager/test_utils.go
  • pkg/controller/istiocsr/test_utils.go

@sebrandon1 sebrandon1 mentioned this pull request May 6, 2026
Closed
@sebrandon1 sebrandon1 force-pushed the ctx-consistency-rebase branch from df73b9f to 0dd33b8 Compare May 14, 2026 19:07
coderabbitai[bot]
coderabbitai Bot reviewed May 14, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
pkg/controller/trustmanager/configmaps_test.go (1)

321-321: ⚡ Quick win

Add one explicit context-propagation assertion in this test path.

Using context.Background() updates the call site, but it still doesn’t verify that the same context reaches Get/Exists/Patch. Add a case with context.WithValue(...) and assert the fake client callbacks receive that value to lock in the PR’s core behavior.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/trustmanager/configmaps_test.go` at line 321, Add a test case
that verifies context propagation to the client callbacks by replacing the call
using context.Background() with a variant that uses a context created by
context.WithValue(...) carrying a unique key/value and asserting the fake
client's Get/Exists/Patch callbacks see that same value; specifically, update
the test that calls r.createOrApplyDefaultCAPackageConfigMap(...) to invoke it
with the new ctx and modify the fake client callbacks (used in the test harness)
to check ctx.Value(...) matches the injected value so the assertion ensures
createOrApplyDefaultCAPackageConfigMap and its internal Get/Exists/Patch calls
propagate the exact context.
pkg/controller/istiocsr/install_instiocsr_test.go (1)

124-124: ⚡ Quick win

Assert context propagation here, not just the new signature.

This still passes if reconcileIstioCSRDeployment falls back to context.Background() somewhere downstream. Pass a sentinel context and assert one of the fake client callbacks sees it.

Suggested test shape 
+ type ctxKey struct{}
+ reqCtx := context.WithValue(context.Background(), ctxKey{}, "reconcile-test")
+
+ mock.CreateCalls(func(ctx context.Context, obj client.Object, option ...client.CreateOption) error {
+ 	if ctx.Value(ctxKey{}) != "reconcile-test" {
+ 		t.Fatalf("request context was not propagated")
+ 	}
+ 	return nil
+ })
+
- err := r.reconcileIstioCSRDeployment(context.Background(), istiocsr, true)
+ err := r.reconcileIstioCSRDeployment(reqCtx, istiocsr, true)
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/istiocsr/install_instiocsr_test.go` at line 124, Replace the
use of context.Background() in the test call to r.reconcileIstioCSRDeployment
with a sentinel context (e.g., ctx := context.WithValue(context.Background(),
"sentinelKey", "sentinel")) and update the fake client(s) used by
reconcileIstioCSRDeployment to capture the incoming ctx in their callback(s)
(the fake Create/Update/Delete/Get hooks or whatever fake client method you
already use) and assert the captured ctx carries the sentinel value; ensure the
test calls r.reconcileIstioCSRDeployment(ctx, true) and fails if the fake client
callback sees a different or nil context so you detect any fallback to
context.Background().
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/controller/istiocsr/install_instiocsr_test.go`:
- Line 124: Replace the use of context.Background() in the test call to
r.reconcileIstioCSRDeployment with a sentinel context (e.g., ctx :=
context.WithValue(context.Background(), "sentinelKey", "sentinel")) and update
the fake client(s) used by reconcileIstioCSRDeployment to capture the incoming
ctx in their callback(s) (the fake Create/Update/Delete/Get hooks or whatever
fake client method you already use) and assert the captured ctx carries the
sentinel value; ensure the test calls r.reconcileIstioCSRDeployment(ctx, true)
and fails if the fake client callback sees a different or nil context so you
detect any fallback to context.Background().

In `@pkg/controller/trustmanager/configmaps_test.go`:
- Line 321: Add a test case that verifies context propagation to the client
callbacks by replacing the call using context.Background() with a variant that
uses a context created by context.WithValue(...) carrying a unique key/value and
asserting the fake client's Get/Exists/Patch callbacks see that same value;
specifically, update the test that calls
r.createOrApplyDefaultCAPackageConfigMap(...) to invoke it with the new ctx and
modify the fake client callbacks (used in the test harness) to check
ctx.Value(...) matches the injected value so the assertion ensures
createOrApplyDefaultCAPackageConfigMap and its internal Get/Exists/Patch calls
propagate the exact context.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1eba83f8-e38a-4ef9-9e0e-8f29e2e077e3

📥 Commits

Reviewing files that changed from the base of the PR and between df73b9f and 0dd33b8.

📒 Files selected for processing (37)
  • pkg/controller/istiocsr/certificates.go
  • pkg/controller/istiocsr/certificates_test.go
  • pkg/controller/istiocsr/controller.go
  • pkg/controller/istiocsr/controller_test.go
  • pkg/controller/istiocsr/deployments.go
  • pkg/controller/istiocsr/deployments_test.go
  • pkg/controller/istiocsr/install_instiocsr_test.go
  • pkg/controller/istiocsr/install_istiocsr.go
  • pkg/controller/istiocsr/networkpolicies.go
  • pkg/controller/istiocsr/rbacs.go
  • pkg/controller/istiocsr/rbacs_test.go
  • pkg/controller/istiocsr/serviceaccounts.go
  • pkg/controller/istiocsr/serviceaccounts_test.go
  • pkg/controller/istiocsr/services.go
  • pkg/controller/istiocsr/services_test.go
  • pkg/controller/istiocsr/test_utils.go
  • pkg/controller/istiocsr/utils.go
  • pkg/controller/trustmanager/certificates.go
  • pkg/controller/trustmanager/certificates_test.go
  • pkg/controller/trustmanager/configmaps.go
  • pkg/controller/trustmanager/configmaps_test.go
  • pkg/controller/trustmanager/controller.go
  • pkg/controller/trustmanager/controller_test.go
  • pkg/controller/trustmanager/deployments.go
  • pkg/controller/trustmanager/deployments_test.go
  • pkg/controller/trustmanager/install_trustmanager.go
  • pkg/controller/trustmanager/install_trustmanager_test.go
  • pkg/controller/trustmanager/rbacs.go
  • pkg/controller/trustmanager/rbacs_test.go
  • pkg/controller/trustmanager/serviceaccounts.go
  • pkg/controller/trustmanager/serviceaccounts_test.go
  • pkg/controller/trustmanager/services.go
  • pkg/controller/trustmanager/services_test.go
  • pkg/controller/trustmanager/test_utils.go
  • pkg/controller/trustmanager/utils.go
  • pkg/controller/trustmanager/webhooks.go
  • pkg/controller/trustmanager/webhooks_test.go
💤 Files with no reviewable changes (2)
  • pkg/controller/trustmanager/test_utils.go
  • pkg/controller/istiocsr/test_utils.go
✅ Files skipped from review due to trivial changes (3)
  • pkg/controller/trustmanager/webhooks_test.go
  • pkg/controller/istiocsr/services_test.go
  • pkg/controller/trustmanager/deployments_test.go
🚧 Files skipped from review as they are similar to previous changes (21)
  • pkg/controller/trustmanager/certificates_test.go
  • pkg/controller/trustmanager/rbacs_test.go
  • pkg/controller/istiocsr/certificates.go
  • pkg/controller/trustmanager/services_test.go
  • pkg/controller/trustmanager/webhooks.go
  • pkg/controller/trustmanager/services.go
  • pkg/controller/istiocsr/serviceaccounts.go
  • pkg/controller/istiocsr/install_istiocsr.go
  • pkg/controller/istiocsr/networkpolicies.go
  • pkg/controller/istiocsr/controller_test.go
  • pkg/controller/trustmanager/deployments.go
  • pkg/controller/trustmanager/utils.go
  • pkg/controller/istiocsr/utils.go
  • pkg/controller/istiocsr/services.go
  • pkg/controller/trustmanager/serviceaccounts.go
  • pkg/controller/trustmanager/controller.go
  • pkg/controller/istiocsr/controller.go
  • pkg/controller/istiocsr/rbacs.go
  • pkg/controller/trustmanager/certificates.go
  • pkg/controller/istiocsr/certificates_test.go
  • pkg/controller/trustmanager/install_trustmanager.go

@sebrandon1

sebrandon1 commented May 18, 2026

Copy link
Copy Markdown
Member Author

/retest

@sebrandon1 sebrandon1 force-pushed the ctx-consistency-rebase branch from 0dd33b8 to 5074109 Compare May 29, 2026 15:51
@sebrandon1

sebrandon1 commented Jun 9, 2026

Copy link
Copy Markdown
Member Author

/retest

@sebrandon1
CM-1039: Thread context.Context from Reconcile() through controller h…
d76f529 
…elpers

Both istiocsr and trustmanager controllers stored a context.Context field
on their Reconciler struct, initialized once in New(). The Reconcile()
method receives a request-scoped context from controller-runtime but all
helper methods used the stale struct field instead. This defeats
cancellation and deadline propagation from the framework.

Remove the ctx field from both Reconciler structs and thread the context
parameter from Reconcile() through every helper method call chain.
@sebrandon1 sebrandon1 force-pushed the ctx-consistency-rebase branch from 5074109 to d76f529 Compare June 15, 2026 16:25
coderabbitai[bot]
coderabbitai Bot reviewed Jun 15, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
pkg/controller/istiocsr/utils.go (1)

481-486: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve the original reconcile error when status update also fails.

Line 485 aggregates err and errUpdate, but errUpdate already wraps err; prependErr is dropped. This hides the primary reconcile failure.

Suggested fix 
-		if prependErr != nil {
-			return utilerrors.NewAggregate([]error{err, errUpdate})
-		}
+		if prependErr != nil {
+			return utilerrors.NewAggregate([]error{prependErr, errUpdate})
+		}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/controller/istiocsr/utils.go` around lines 481 - 486, The updateCondition
method is dropping the prependErr (original reconcile error) when aggregating
errors. Currently, when a status update fails and prependErr is not nil, the
code returns an aggregate containing err and errUpdate, but errUpdate already
wraps err with fmt.Errorf using %w, resulting in duplicate error information and
loss of the original prependErr. Fix this by changing the NewAggregate call to
include prependErr and errUpdate in the slice instead of err and errUpdate, so
that the original reconcile failure is preserved in the returned error
aggregate.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@pkg/controller/istiocsr/utils.go`:
- Around line 481-486: The updateCondition method is dropping the prependErr
(original reconcile error) when aggregating errors. Currently, when a status
update fails and prependErr is not nil, the code returns an aggregate containing
err and errUpdate, but errUpdate already wraps err with fmt.Errorf using %w,
resulting in duplicate error information and loss of the original prependErr.
Fix this by changing the NewAggregate call to include prependErr and errUpdate
in the slice instead of err and errUpdate, so that the original reconcile
failure is preserved in the returned error aggregate.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 855c1f91-78d8-435a-a1c1-520cf93a003b

📥 Commits

Reviewing files that changed from the base of the PR and between 5074109 and d76f529.

📒 Files selected for processing (37)
  • pkg/controller/istiocsr/certificates.go
  • pkg/controller/istiocsr/certificates_test.go
  • pkg/controller/istiocsr/controller.go
  • pkg/controller/istiocsr/controller_test.go
  • pkg/controller/istiocsr/deployments.go
  • pkg/controller/istiocsr/deployments_test.go
  • pkg/controller/istiocsr/install_instiocsr_test.go
  • pkg/controller/istiocsr/install_istiocsr.go
  • pkg/controller/istiocsr/networkpolicies.go
  • pkg/controller/istiocsr/rbacs.go
  • pkg/controller/istiocsr/rbacs_test.go
  • pkg/controller/istiocsr/serviceaccounts.go
  • pkg/controller/istiocsr/serviceaccounts_test.go
  • pkg/controller/istiocsr/services.go
  • pkg/controller/istiocsr/services_test.go
  • pkg/controller/istiocsr/test_utils.go
  • pkg/controller/istiocsr/utils.go
  • pkg/controller/trustmanager/certificates.go
  • pkg/controller/trustmanager/certificates_test.go
  • pkg/controller/trustmanager/configmaps.go
  • pkg/controller/trustmanager/configmaps_test.go
  • pkg/controller/trustmanager/controller.go
  • pkg/controller/trustmanager/controller_test.go
  • pkg/controller/trustmanager/deployments.go
  • pkg/controller/trustmanager/deployments_test.go
  • pkg/controller/trustmanager/install_trustmanager.go
  • pkg/controller/trustmanager/install_trustmanager_test.go
  • pkg/controller/trustmanager/rbacs.go
  • pkg/controller/trustmanager/rbacs_test.go
  • pkg/controller/trustmanager/serviceaccounts.go
  • pkg/controller/trustmanager/serviceaccounts_test.go
  • pkg/controller/trustmanager/services.go
  • pkg/controller/trustmanager/services_test.go
  • pkg/controller/trustmanager/test_utils.go
  • pkg/controller/trustmanager/utils.go
  • pkg/controller/trustmanager/webhooks.go
  • pkg/controller/trustmanager/webhooks_test.go
💤 Files with no reviewable changes (2)
  • pkg/controller/istiocsr/test_utils.go
  • pkg/controller/trustmanager/test_utils.go
✅ Files skipped from review due to trivial changes (3)
  • pkg/controller/trustmanager/controller_test.go
  • pkg/controller/istiocsr/controller_test.go
  • pkg/controller/trustmanager/certificates_test.go
🚧 Files skipped from review as they are similar to previous changes (22)
  • pkg/controller/istiocsr/rbacs_test.go
  • pkg/controller/trustmanager/utils.go
  • pkg/controller/istiocsr/certificates_test.go
  • pkg/controller/istiocsr/services_test.go
  • pkg/controller/istiocsr/serviceaccounts_test.go
  • pkg/controller/trustmanager/serviceaccounts_test.go
  • pkg/controller/trustmanager/configmaps_test.go
  • pkg/controller/trustmanager/webhooks.go
  • pkg/controller/istiocsr/install_istiocsr.go
  • pkg/controller/trustmanager/rbacs_test.go
  • pkg/controller/trustmanager/services.go
  • pkg/controller/istiocsr/serviceaccounts.go
  • pkg/controller/istiocsr/networkpolicies.go
  • pkg/controller/istiocsr/install_instiocsr_test.go
  • pkg/controller/trustmanager/certificates.go
  • pkg/controller/trustmanager/deployments.go
  • pkg/controller/trustmanager/controller.go
  • pkg/controller/trustmanager/install_trustmanager.go
  • pkg/controller/trustmanager/serviceaccounts.go
  • pkg/controller/trustmanager/configmaps.go
  • pkg/controller/istiocsr/certificates.go
  • pkg/controller/istiocsr/controller.go

@openshift-ci

openshift-ci Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@sebrandon1: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mytreya-rh mytreya-rh Awaiting requested review from mytreya-rh

@swghosh swghosh Awaiting requested review from swghosh

Assignees

No one assigned

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sebrandon1 @openshift-ci-robot