Bump k8s.io/apimachinery from 0.34.1 to 0.35.2

[dependabot]

Bumps k8s.io/apimachinery from 0.34.1 to 0.35.2.

Commits

• 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
• e2a2dbc Bump golang.org/x/crypto to v0.45.0
• 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 52154f7 Update vendored dependencies
• 5a348c5 KEP-5471: Extend tolerations operators (#134665)
• 6f89492 Merge pull request #133648 from richabanker/merged-discovery
• c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
• 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

Release Notes

• New Features

  • Enhanced validation for DNS labels, Kubernetes label keys/values, UUIDs, and qualified names.
  • Improved OpenAPI model name generation for better API documentation.
  • Added string format validators for common resource naming patterns.
  • Introduced update constraint validation for immutability and value change detection.

• Chores

  • Updated k8s.io/apimachinery from v0.34.1 to v0.35.2.
  • Refactored protobuf interface dependencies and serialization support.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign sosiouxme for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

Updated Go toolchain to 1.25.0 and bumped k8s.io/apimachinery to v0.35.2; added OpenAPI model-name helpers and annotations, introduced many new validation helpers/format validators and generic update/limit validators, refactored protobuf serializers to internal interfaces, and added kube-openapi naming utilities and a Trie implementation.

Changes

Cohort / File(s)	Summary
Module & Modules File go.mod, vendor/modules.txt	Bumped module Go version to 1.25.0, removed explicit toolchain directive, updated k8s.io/apimachinery to v0.35.2, added indirect github.com/Masterminds/semver/v3 v3.4.0.
OpenAPI Model Name & Annotations vendor/.../zz_generated.model_name.go (multiple packages), vendor/.../generated.proto, vendor/.../doc.go	Added generated OpenAPIModelName() methods across many packages and added/adjusted +k8s:openapi-model-package annotations; removed an inapplicable +listType=atomic directive.
Protobuf / Serializer Refactor vendor/k8s.io/apimachinery/.../quantity_proto.go, .../serializer/protobuf/*.go, .../types_proto.go	Removed gogo/protobuf direct dependency; introduced small internal (un)marshaler and sizer interfaces; added Size() to Protobuf marshaller interfaces; updated encoding/decoding code paths.
Validation: content validators & helpers vendor/k8s.io/apimachinery/pkg/api/validate/content/*.go	Added DNS, C-identifier, decimal-integer, label key/value validators and error helpers (MaxLenError, EmptyError, RegexError); exposed LabelValueMaxLength constant.
Validation: format validators & API vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go, .../subfield.go, .../item.go, .../enum.go, .../kube.go, .../union.go, .../zeroorone.go	Added high-level strfmt validators (ShortName, LongName, UUID, Resource names, ExtendedResourceName, etc.); Subfield and SliceItem now accept equiv/match callbacks; Enum supports conditional exclusions via EnumExclusion; Union API changed to UnionMember form; updated examples/docs.
Validation: update/limits/options utilities vendor/k8s.io/apimachinery/pkg/api/validate/update.go, limits.go, options.go, each.go	Added UpdateConstraint (NoSet/NoUnset/NoModify) validators for value/pointer/reflect/struct variants, MaxLength/MaxItems helpers, IfOption conditional validator, and DirectEqualPtr pointer comparator.
ObjectMeta / name validation vendor/k8s.io/apimachinery/pkg/api/validation/generic.go, .../objectmeta.go, .../validation/validation.go	Added ValidateNameFuncWithErrors and option-based ValidateObjectMetaWithOpts APIs; migrated some label/name validations to content package and adjusted error origin strings (format=k8s-*).
Labels & Selectors vendor/k8s.io/apimachinery/pkg/labels/selector.go, .../validation/validation.go	Label validation now delegates to content validators; IsQualifiedName, IsValidLabelValue, IsCIdentifier exposed/aliased to content implementations; added IsDomainPrefixedKey helper.
Runtime & OpenAPI naming utilities vendor/k8s.io/apimachinery/pkg/runtime/scheme.go, vendor/k8s.io/kube-openapi/pkg/util/*.go	Respect OpenAPIModelNamer when deriving OpenAPI definition names; added ToRESTFriendlyName/ToCanonicalName, GetCanonicalTypeName, OpenAPIModelNamer/OpenAPICanonicalTypeNamer interfaces; added Trie for prefix lookup.
Sets / sorting vendor/k8s.io/apimachinery/pkg/util/sets/set.go	Replaced custom sortable type with slices.Sort via UnsortedList and slices.Sort.
Field error matching & helpers vendor/k8s.io/apimachinery/pkg/util/validation/field/*.go	Added NormalizationRule and ByFieldNormalized to normalize field paths when matching errors; enhanced duplicate detection and multi-match semantics; added ErrorList.PrefixDetail.
Minor formatting & comment updates vendor/k8s.io/apimachinery/pkg/api/errors/errors.go, .../resource/quantity.go, .../generated.proto, other doc files	Minor comment/formatting changes and added OpenAPI model-package comments in various doc/proto files.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~65 minutes

🚥 Pre-merge checks | ✅ 7

✅ Passed checks (7 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately summarizes the main change: bumping k8s.io/apimachinery from version 0.34.1 to 0.35.2, which is the primary objective reflected throughout all file summaries.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Go Error Handling	✅ Passed	The pull request demonstrates proper Go error handling patterns throughout the vendored code from k8s.io/apimachinery v0.35.2. Errors are appropriately wrapped with context using fmt.Errorf, no inappropriate panic() calls are present, nil pointer checks are implemented where necessary, and error values are properly accumulated and returned.
Sql Injection Prevention	✅ Passed	No SQL operations, database interactions, or SQL query construction found in modified files.
React: Use Styled Components For Excessive Css	✅ Passed	PR contains only Go module and vendor directory updates with no React component or frontend code modifications.
Single Responsibility And Clear Naming	✅ Passed	PR demonstrates strong adherence to single responsibility and clear naming with focused validators and logically organized packages.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/k8s.io/apimachinery-0.35.2

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (1)

vendor/modules.txt (1)

354-355: Verify k8s.io/* minor-version skew is intentional.

k8s.io/apimachinery is at v0.35.2 while k8s.io/api and k8s.io/client-go remain at v0.34.1. This 1-minor-version skew is present in both go.mod and vendor/modules.txt with no explanatory comments. The codebase actively uses both apimachinery utilities (wait, errors, sets) and client-go configuration together, and there is no CI validation or documentation confirming that this cross-version pairing is supported. Either align to a consistent minor version or add explicit documentation and test coverage validating the compatibility.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/modules.txt` around lines 354 - 355, The module version skew between
k8s.io/apimachinery (v0.35.2) and k8s.io/api + k8s.io/client-go (v0.34.1) must
be resolved: either align the minor versions in go.mod and vendor/modules.txt
(e.g., set apimachinery to v0.34.x or bump api and client-go to v0.35.x) and run
go mod tidy + vendor refresh, or add a clear comment in
go.mod/vendor/modules.txt and a small CI/test that exercises combined usage of
apimachinery utilities (wait, errors, sets) with client-go configuration to
validate compatibility; search for references to k8s.io/apimachinery,
k8s.io/api, and k8s.io/client-go to update version strings and ensure
build/tests pass before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 21-22: Update the Kubernetes client library versions in go.mod so
they match apimachinery v0.35.2: change k8s.io/client-go to v0.35.2 and bump
k8s.io/api to v0.35.2 (they currently differ: client-go v0.34.1 and api v0.34.1
while apimachinery is v0.35.2); after editing the k8s.io/client-go and
k8s.io/api module lines, run go get or go mod tidy (e.g., go get
k8s.io/client-go@v0.35.2 k8s.io/api@v0.35.2) to update the lockfile and ensure
all Kubernetes client modules are aligned.
- Line 3: Update the Go toolchain version in the go.mod file by changing the go
directive from "go 1.25.0" to "go 1.26.0" (i.e., replace the existing go
directive token), then run module maintenance and verification (e.g., go mod
tidy and the test suite/CI) to ensure no compatibility issues; if any
deprecated/changed APIs surface, fix usages accordingly.

In `@vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go`:
- Around line 205-209: The current check uses strings.Contains(val,
resourceDefaultNamespacePrefix) which can falsely reject values that merely
contain the substring; change that conditional to test for prefix ownership
instead (e.g., use strings.HasPrefix on val with resourceDefaultNamespacePrefix)
so only values that actually begin with the reserved domain prefix are rejected,
keeping the existing field.Invalid(fldPath, val, fmt.Sprintf(...)) behavior and
message.
- Around line 236-257: The switch in resourcesQualifiedName that inspects parts
:= strings.Split(s, "/") currently handles case 1 and 2 but lacks a default
branch, so inputs containing more than one '/' (e.g. "a/b/c") silently pass; add
a default branch in the switch to append a validation error (using field.Invalid
on fldPath with a clear message like "invalid format: too many '/' separators"
or "qualified name must contain at most one '/'") so such values are rejected;
reference the parts variable and the resourcesQualifiedName function when making
the change.

In `@vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.go`:
- Line 209: Fix the documentation typo in the comment that currently reads
"expception" by replacing it with "exception" (search for the comment containing
the phrase "expception to this is when it finds two errors which are exactly
identical" in error_matcher.go and update the misspelled word).

In `@vendor/k8s.io/kube-openapi/pkg/util/trie.go`:
- Line 56: Fix the minor doc typo in the comment for the HasPrefix method in
trie.go: change "returns true of v" to "returns true if v" in the comment above
HasPrefix so the documentation reads correctly.

In `@vendor/k8s.io/kube-openapi/pkg/util/util.go`:
- Line 73: Fix the typo in the package comment where "uniquely indentifying"
appears—replace "indentifying" with "identifying" so the sentence reads "for
uniquely identifying"; locate the comment near the OpenAPI canonical names
description (the line referencing "OpenAPI canonical names are Go type names
with full package path, for uniquely indentifying") and update the word only.

---

Nitpick comments:
In `@vendor/modules.txt`:
- Around line 354-355: The module version skew between k8s.io/apimachinery
(v0.35.2) and k8s.io/api + k8s.io/client-go (v0.34.1) must be resolved: either
align the minor versions in go.mod and vendor/modules.txt (e.g., set
apimachinery to v0.34.x or bump api and client-go to v0.35.x) and run go mod
tidy + vendor refresh, or add a clear comment in go.mod/vendor/modules.txt and a
small CI/test that exercises combined usage of apimachinery utilities (wait,
errors, sets) with client-go configuration to validate compatibility; search for
references to k8s.io/apimachinery, k8s.io/api, and k8s.io/client-go to update
version strings and ensure build/tests pass before merging.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 0b7ae02 and 193a8f0.

⛔ Files ignored due to path filters (11)

• go.sum is excluded by !**/*.sum
• vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.go is excluded by !**/*.pb.go
• vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (49)

• go.mod
• vendor/k8s.io/apimachinery/pkg/api/errors/errors.go
• vendor/k8s.io/apimachinery/pkg/api/resource/generated.proto
• vendor/k8s.io/apimachinery/pkg/api/resource/quantity.go
• vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go
• vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.go
• vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.go
• vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.go
• vendor/k8s.io/apimachinery/pkg/api/validate/content/errors.go
• vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.go
• vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.go
• vendor/k8s.io/apimachinery/pkg/api/validate/each.go
• vendor/k8s.io/apimachinery/pkg/api/validate/enum.go
• vendor/k8s.io/apimachinery/pkg/api/validate/immutable.go
• vendor/k8s.io/apimachinery/pkg/api/validate/item.go
• vendor/k8s.io/apimachinery/pkg/api/validate/limits.go
• vendor/k8s.io/apimachinery/pkg/api/validate/options.go
• vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go
• vendor/k8s.io/apimachinery/pkg/api/validate/subfield.go
• vendor/k8s.io/apimachinery/pkg/api/validate/union.go
• vendor/k8s.io/apimachinery/pkg/api/validate/update.go
• vendor/k8s.io/apimachinery/pkg/api/validate/zeroorone.go
• vendor/k8s.io/apimachinery/pkg/api/validation/generic.go
• vendor/k8s.io/apimachinery/pkg/api/validation/objectmeta.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.go
• vendor/k8s.io/apimachinery/pkg/labels/selector.go
• vendor/k8s.io/apimachinery/pkg/runtime/doc.go
• vendor/k8s.io/apimachinery/pkg/runtime/scheme.go
• vendor/k8s.io/apimachinery/pkg/runtime/serializer/protobuf/collections.go
• vendor/k8s.io/apimachinery/pkg/runtime/serializer/protobuf/protobuf.go
• vendor/k8s.io/apimachinery/pkg/runtime/types_proto.go
• vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.go
• vendor/k8s.io/apimachinery/pkg/util/intstr/generated.proto
• vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
• vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.go
• vendor/k8s.io/apimachinery/pkg/util/sets/set.go
• vendor/k8s.io/apimachinery/pkg/util/strategicpatch/meta.go
• vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.go
• vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.go
• vendor/k8s.io/apimachinery/pkg/util/validation/validation.go
• vendor/k8s.io/apimachinery/pkg/version/doc.go
• vendor/k8s.io/apimachinery/pkg/version/zz_generated.model_name.go
• vendor/k8s.io/kube-openapi/pkg/util/trie.go
• vendor/k8s.io/kube-openapi/pkg/util/util.go
• vendor/modules.txt

💤 Files with no reviewable changes (2)

• vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go
• vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

latest stable Go version February 2026

💡 Result:

As of February 2026, the latest stable Go release is Go 1.26.0, released 2026-02-10. [1], [2]

Sources: [1] go.dev downloads page (stable versions) • [2] Go official release history (go1.26.0 release date)

---

Consider updating to Go 1.26.0, the latest stable version.

Go 1.25.0 is available, but Go 1.26.0 was released on February 10, 2026 and is now the latest stable version. Review the release notes and evaluate whether upgrading is appropriate for your CI/CD pipelines and deployment targets.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, Update the Go toolchain version in the go.mod file by
changing the go directive from "go 1.25.0" to "go 1.26.0" (i.e., replace the
existing go directive token), then run module maintenance and verification
(e.g., go mod tidy and the test suite/CI) to ensure no compatibility issues; if
any deprecated/changed APIs surface, fix usages accordingly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n go.mod | head -30

Repository: openshift-eng/ship-status-dash

Length of output: 1251

---

🏁 Script executed:

# Search for k8s.io dependencies
rg "k8s.io/(client-go|apimachinery|api)" go.mod

Repository: openshift-eng/ship-status-dash

Length of output: 160

---

🌐 Web query:

k8s.io/client-go v0.34.1 k8s.io/apimachinery v0.35.2 compatibility

💡 Result:

k8s.io/client-go v0.34.1 and k8s.io/apimachinery v0.35.2 are not considered compatible to mix.

• Kubernetes staging libraries use aligned versioning: v0.x.y tags correspond to Kubernetes v1.x.y releases (so client-go v0.34.1 ↔ Kubernetes v1.34.1, while apimachinery v0.35.2 ↔ Kubernetes v1.35.2). Mixing minors (0.34 vs 0.35) is outside the intended matching scheme. [1]
• client-go expects its companion libraries (notably k8s.io/apimachinery and k8s.io/api) to be vendored / selected in correspondingly matching versions for correct operation. [2]
• apimachinery explicitly states it provides no compatibility guarantees and tracks Kubernetes. [3]

What to do:

• Prefer matching versions: upgrade client-go to v0.35.2, or downgrade apimachinery to v0.34.1 (and typically keep k8s.io/api aligned to the same v0.34.1 / v0.35.2 as well). [1][2]

Sources:
[1] Kubernetes client-go repo README (version tags mapping) (github.com)
[2] Kubernetes blog: client-go requires matching companion libs (kubernetes.io)
[3] apimachinery compatibility statement (chromium.googlesource.com)

Citations:

• 1: https://github.com/kubernetes/client-go?utm_source=openai
• 2: https://kubernetes.io/blog/2018/01/introducing-client-go-version-6/?utm_source=openai
• 3: https://chromium.googlesource.com/external/github.com/kubernetes/apimachinery/%2B/refs/tags/upstream/v0.35.2?utm_source=openai

---

Update k8s.io/client-go and k8s.io/api to v0.35.2 to match k8s.io/apimachinery.

k8s.io/apimachinery v0.35.2 and k8s.io/client-go v0.34.1 use mismatched minor versions. Kubernetes client libraries use aligned versioning where v0.x.y corresponds to Kubernetes v1.x.y, and mixing minor versions (0.34 vs 0.35) is outside the supported matching scheme. The client-go library explicitly requires companion libraries (apimachinery and api) to be in matching versions for correct operation. Update k8s.io/client-go to v0.35.2 and also bump k8s.io/api (currently v0.34.1) to v0.35.2 to maintain consistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 21 - 22, Update the Kubernetes client library versions
in go.mod so they match apimachinery v0.35.2: change k8s.io/client-go to v0.35.2
and bump k8s.io/api to v0.35.2 (they currently differ: client-go v0.34.1 and api
v0.34.1 while apimachinery is v0.35.2); after editing the k8s.io/client-go and
k8s.io/api module lines, run go get or go mod tidy (e.g., go get
k8s.io/client-go@v0.35.2 k8s.io/api@v0.35.2) to update the lockfile and ensure
all Kubernetes client modules are aligned.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check the file exists and examine lines 199-225 for context
if [ -f "vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go" ]; then
  sed -n '199,225p' vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go
else
  echo "File not found at expected location"
  # Try to locate it
  find . -name "strfmt.go" -type f 2>/dev/null
fi

Repository: openshift-eng/ship-status-dash

Length of output: 1386

---

🏁 Script executed:

# Also search for the definition of resourceDefaultNamespacePrefix
rg "resourceDefaultNamespacePrefix\s*=" vendor/k8s.io/apimachinery/pkg/api/validate/

Repository: openshift-eng/ship-status-dash

Length of output: 178

---

🏁 Script executed:

# Look at the function definition to understand context
rg -B 20 "strings.Contains\(val, resourceDefaultNamespacePrefix" vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go | head -40

Repository: openshift-eng/ship-status-dash

Length of output: 1191

---

Use prefix matching for reserved-domain rejection.

Line 207 uses strings.Contains(val, resourceDefaultNamespacePrefix), which can falsely reject valid values. For example, a domain like mykubernetes.io/resource contains the substring kubernetes.io/ but does not actually use the reserved kubernetes.io domain. The validation should only reject values that start with the reserved domain prefix.

🐛 Proposed fix

-	} else if strings.Contains(val, resourceDefaultNamespacePrefix) {
+	} else if strings.HasPrefix(val, resourceDefaultNamespacePrefix) {
 		allErrs = append(allErrs, field.Invalid(fldPath, val, fmt.Sprintf("must not have %q domain", resourceDefaultNamespacePrefix)))
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if !strings.Contains(val, "/") {
	allErrs = append(allErrs, field.Invalid(fldPath, val, "a name must be a domain-prefixed path, such as 'example.com/my-prop'"))
	} else if strings.Contains(val, resourceDefaultNamespacePrefix) {
	allErrs = append(allErrs, field.Invalid(fldPath, val, fmt.Sprintf("must not have %q domain", resourceDefaultNamespacePrefix)))
	}
	if !strings.Contains(val, "/") {
	allErrs = append(allErrs, field.Invalid(fldPath, val, "a name must be a domain-prefixed path, such as 'example.com/my-prop'"))
	} else if strings.HasPrefix(val, resourceDefaultNamespacePrefix) {
	allErrs = append(allErrs, field.Invalid(fldPath, val, fmt.Sprintf("must not have %q domain", resourceDefaultNamespacePrefix)))
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go` around lines 205 -
209, The current check uses strings.Contains(val,
resourceDefaultNamespacePrefix) which can falsely reject values that merely
contain the substring; change that conditional to test for prefix ownership
instead (e.g., use strings.HasPrefix on val with resourceDefaultNamespacePrefix)
so only values that actually begin with the reserved domain prefix are rejected,
keeping the existing field.Invalid(fldPath, val, fmt.Sprintf(...)) behavior and
message.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go | sed -n '230,280p'

Repository: openshift-eng/ship-status-dash

Length of output: 2542

---

Add default case to reject qualified resource names with more than one '/' separator.

The resourcesQualifiedName function at line 240 lacks a default branch, so inputs like a/b/c produce no validation error; downstream, ResourceFullyQualifiedName at line 275 only checks whether '/' exists, allowing these malformed values to pass. The TODO comment at lines 237-239 already flags this gap.

Proposed fix

 	switch len(parts) {
 	case 1:
 		allErrs = append(allErrs, validateCIdentifier(parts[0], resourceDeviceMaxLength, fldPath)...)
 	case 2:
 		if len(parts[0]) == 0 {
 			allErrs = append(allErrs, field.Invalid(fldPath, "", "prefix must not be empty"))
 		} else {
 			if len(parts[0]) > 63 {
 				allErrs = append(allErrs, field.TooLong(fldPath, parts[0], 63))
 			}
 			allErrs = append(allErrs, LongName(ctx, op, fldPath, &parts[0], nil).PrefixDetail("prefix: ")...)
 		}
 		if len(parts[1]) == 0 {
 			allErrs = append(allErrs, field.Invalid(fldPath, "", "name must not be empty"))
 		} else {
 			allErrs = append(allErrs, validateCIdentifier(parts[1], resourceDeviceMaxLength, fldPath)...)
 		}
+	default:
+		allErrs = append(allErrs, field.Invalid(fldPath, s, "must contain a single '/' separating prefix and name"))
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	parts := strings.Split(s, "/")
	// TODO: This validation and the corresponding handwritten validation validateQualifiedName in
	// pkg/apis/resource/validation/validation.go are not validating whether there are more than 1
	// slash. This should be fixed in both places.
	switch len(parts) {
	case 1:
	allErrs = append(allErrs, validateCIdentifier(parts[0], resourceDeviceMaxLength, fldPath)...)
	case 2:
	if len(parts[0]) == 0 {
	allErrs = append(allErrs, field.Invalid(fldPath, "", "prefix must not be empty"))
	} else {
	if len(parts[0]) > 63 {
	allErrs = append(allErrs, field.TooLong(fldPath, parts[0], 63))
	}
	allErrs = append(allErrs, LongName(ctx, op, fldPath, &parts[0], nil).PrefixDetail("prefix: ")...)
	}
	if len(parts[1]) == 0 {
	allErrs = append(allErrs, field.Invalid(fldPath, "", "name must not be empty"))
	} else {
	allErrs = append(allErrs, validateCIdentifier(parts[1], resourceDeviceMaxLength, fldPath)...)
	}
	}
	parts := strings.Split(s, "/")
	// TODO: This validation and the corresponding handwritten validation validateQualifiedName in
	// pkg/apis/resource/validation/validation.go are not validating whether there are more than 1
	// slash. This should be fixed in both places.
	switch len(parts) {
	case 1:
	allErrs = append(allErrs, validateCIdentifier(parts[0], resourceDeviceMaxLength, fldPath)...)
	case 2:
	if len(parts[0]) == 0 {
	allErrs = append(allErrs, field.Invalid(fldPath, "", "prefix must not be empty"))
	} else {
	if len(parts[0]) > 63 {
	allErrs = append(allErrs, field.TooLong(fldPath, parts[0], 63))
	}
	allErrs = append(allErrs, LongName(ctx, op, fldPath, &parts[0], nil).PrefixDetail("prefix: ")...)
	}
	if len(parts[1]) == 0 {
	allErrs = append(allErrs, field.Invalid(fldPath, "", "name must not be empty"))
	} else {
	allErrs = append(allErrs, validateCIdentifier(parts[1], resourceDeviceMaxLength, fldPath)...)
	}
	default:
	allErrs = append(allErrs, field.Invalid(fldPath, s, "must contain a single '/' separating prefix and name"))
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go` around lines 236 -
257, The switch in resourcesQualifiedName that inspects parts :=
strings.Split(s, "/") currently handles case 1 and 2 but lacks a default branch,
so inputs containing more than one '/' (e.g. "a/b/c") silently pass; add a
default branch in the switch to append a validation error (using field.Invalid
on fldPath with a clear message like "invalid format: too many '/' separators"
or "qualified name must contain at most one '/'") so such values are rejected;
reference the parts variable and the resourcesQualifiedName function when making
the change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor documentation typo.

"expception" should be "exception".

📝 Suggested fix

-// only exception to this is when it finds two errors which are exactly identical,
+// only exception to this is when it finds two errors which are exactly identical,

Note: The word "expception" on line 209 should be corrected to "exception".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/k8s.io/apimachinery/pkg/util/validation/field/error_matcher.go` at
line 209, Fix the documentation typo in the comment that currently reads
"expception" by replacing it with "exception" (search for the comment containing
the phrase "expception to this is when it finds two errors which are exactly
identical" in error_matcher.go and update the misspelled word).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor documentation typo.

The comment says "returns true of v" but should be "returns true if v".

📝 Suggested fix

-// HasPrefix returns true of v has any of the prefixes stored in this trie.
+// HasPrefix returns true if v has any of the prefixes stored in this trie.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// HasPrefix returns true of v has any of the prefixes stored in this trie.
	// HasPrefix returns true if v has any of the prefixes stored in this trie.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/k8s.io/kube-openapi/pkg/util/trie.go` at line 56, Fix the minor doc
typo in the comment for the HasPrefix method in trie.go: change "returns true of
v" to "returns true if v" in the comment above HasPrefix so the documentation
reads correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor documentation typo.

"indentifying" should be "identifying".

📝 Suggested fix

-// a model / Go type. If a Go type is vendored from another package, only the path after "/vendor/"
+// a model / Go type. If a Go type is vendored from another package, only the path after "/vendor/"

Line 73: "uniquely indentifying" should be "uniquely identifying".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// OpenAPI canonical names are Go type names with full package path, for uniquely indentifying
	// OpenAPI canonical names are Go type names with full package path, for uniquely identifying

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@vendor/k8s.io/kube-openapi/pkg/util/util.go` at line 73, Fix the typo in the
package comment where "uniquely indentifying" appears—replace "indentifying"
with "identifying" so the sentence reads "for uniquely identifying"; locate the
comment near the OpenAPI canonical names description (the line referencing
"OpenAPI canonical names are Go type names with full package path, for uniquely
indentifying") and update the word only.

[smg247]

/close

[openshift-ci]

@smg247: Closed this PR.

Details

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.