[wip]OTA-1548: set up accepted risks

[hongkailiu]

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

[openshift-ci-robot]

@hongkailiu: This pull request references OTA-1548 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

With OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true, a new command oc adm upgrade accept is enabled. It accepts comma-separated risks exposed to an OpenShift release [1].

The risks are stored in clusterversion/version's .specs.desiredUpdate.acceptRisks.

[1]. https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#understanding-clusterversion-conditiontypes_understanding-openshift-updates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

A new hidden Cobra subcommand is added to manage conditional update risks for clusters, supporting addition, removal, and replacement of accepted risk names via flags. The command is conditionally wired into the upgrade command tree via a feature gate, with no changes to existing public APIs.

Changes

Cohort / File(s)	Summary
Accept Risk Management Command pkg/cli/admin/upgrade/accept/accept.go	New file implementing a complete Cobra subcommand with clusterVersionInterface for Kubernetes interaction, options struct for flag and argument handling, Complete/Run execution flow, and patchDesiredUpdate helper for applying JSON patches to ClusterVersion spec. Supports --replace, --clear, --plus (prefix additions), and --minus (prefix removals) for risk management.
Command Tree Integration pkg/cli/admin/upgrade/upgrade.go	Adds import for accept package and conditionally wires accept.New(f, streams) into upgrade command tree when OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS feature gate is enabled. No changes to existing command signatures or wiring.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~28 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

134-136: Placeholder logic pending API update.

The hardcoded fake risks bypass actual ClusterVersion data. Ensure this is tracked for completion once the o/api dependency is updated.

Would you like me to open an issue to track this TODO?

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between f68dc90 and 42ccc9a.

📒 Files selected for processing (2)

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• pkg/cli/admin/upgrade/accept/accept.go
• pkg/cli/admin/upgrade/upgrade.go

🧬 Code graph analysis (2)

pkg/cli/admin/upgrade/accept/accept.go (1)

pkg/cli/admin/upgrade/upgrade.go (1)

• New (56-132)

pkg/cli/admin/upgrade/upgrade.go (1)

pkg/cli/admin/upgrade/accept/accept.go (1)

• New (29-57)

🔇 Additional comments (1)

pkg/cli/admin/upgrade/upgrade.go (1)

28-28: LGTM!

The import and feature gate wiring follow the established pattern used for the status and rollback subcommands.

Also applies to: 126-128

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Incorrect JSON merge patch path.

The patch creates a literal key "desiredUpdate.acceptRisks" instead of the nested path spec.desiredUpdate.acceptRisks. The ClusterVersion will not be updated correctly.

🔎 Proposed fix

-	patch := []byte(fmt.Sprintf(`{"spec":{"desiredUpdate.acceptRisks": %s}}`, acceptRisksJSON))
+	patch := []byte(fmt.Sprintf(`{"spec":{"desiredUpdate":{"acceptRisks": %s}}}`, acceptRisksJSON))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	patch := []byte(fmt.Sprintf(`{"spec":{"desiredUpdate.acceptRisks": %s}}`, acceptRisksJSON))
	patch := []byte(fmt.Sprintf(`{"spec":{"desiredUpdate":{"acceptRisks": %s}}}`, acceptRisksJSON))

🤖 Prompt for AI Agents

In pkg/cli/admin/upgrade/accept/accept.go around line 165, the current patch
uses a dotted key which produces a literal "desiredUpdate.acceptRisks" instead
of nesting under spec.desiredUpdate; change the patch payload to nest objects so
the JSON is {"spec":{"desiredUpdate":{"acceptRisks": <acceptRisksJSON>}}}
(ensure acceptRisksJSON is inserted raw, not quoted), or build the patch using a
small map/struct and marshal it to JSON to produce the correct nested path.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hongkailiu
Once this PR has been reviewed and has the lgtm label, please assign atiratree for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hongkailiu]

I will wait a bit on

• e2e utilities from https://github.com/openshift/oc/pull/2181/files#diff-c3b02e1c6c92fc59f6b49a20a38dbf177d8bf4189579639ab6e08a329b85cf59
• bump o/api from the team.

[hongkailiu]

Cluster bot: launch 4.22.0-0.nightly aws,techpreview. Note that the new accept cmd probably wont work with a cluster in 4.21. But i have not tested myself.

Testing results with 583aa51:

CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc                   
go build -mod=vendor -tags 'include_gcs include_oss containers_image_openpgp gssapi' -ldflags "-X github.com/openshift/oc/pkg/version.versionFromGit="v4.2.0-alpha.0-2854-g072f397" -X github.com/openshift/oc/pkg/version.commitFromGit="072f397b9" -X github.com/openshift/oc/pkg/version.gitTreeState="dirty" -X github.com/openshift/oc/pkg/version.buildDate="2026-01-26T02:45:16Z" -X k8s.io/component-base/version.gitMajor="1" -X k8s.io/component-base/version.gitMinor="34" -X k8s.io/component-base/version.gitVersion="v1.34.1" -X k8s.io/component-base/version.gitCommit="072f397b9" -X k8s.io/component-base/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/component-base/version.gitTreeState="clean" -X k8s.io/client-go/pkg/version.gitVersion="v4.2.0-alpha.0-2854-g072f397" -X k8s.io/client-go/pkg/version.gitCommit="072f397b9" -X k8s.io/client-go/pkg/version.buildDate="2026-01-26T02:45:14Z" -X k8s.io/client-go/pkg/version.gitTreeState="dirty"" github.com/openshift/oc/cmd/oc

$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$  OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear                  
info: Accept risks are []
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate      
architecture: ''
force: false
image: registry.build07.ci.openshift.org/ci-ln-gz13mrk/release@sha256:9cd1f1b0227f6f61ae6a921a12fedc1d89a73733a12ba2f2b98620c00e6b65cb
version: 4.22.0-0.nightly-2026-01-24-213011
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade --to-image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4 --force --allow-explicit-upgrade --allow-upgrade-with-warnings
warning: The requested upgrade image is not one of the available updates. You have used --allow-explicit-upgrade for the update to proceed anyway
warning: --force overrides cluster verification of your supplied release image and waives any update precondition failures. Only use this if you are testing unsigned release images or you are working around a known bug in the cluster-version operator and you have verified the authenticity of the provided image yourself.
Requested update to release image quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
$ oc get clusterversion version -o yaml | yq -y .spec.desiredUpdate          
acceptRisks:
  - name: riskA
  - name: riskB
architecture: ''
force: true
image: quay.io/openshift-release-dev/ocp-release@sha256:eea721e62d3a06a742adc3d10d9c430af061694d558da9a8d9a17c52a342ddd4
version: ''
$ ✗ oc adm upgrade status                                            
Unable to fetch alerts, ignoring alerts in 'Update Health':  no token is currently in use for this session
= Control Plane =
Assessment:      Progressing
Target Version:  4.22.0-ec.1 (from 4.22.0-0.nightly-2026-01-24-213011)
...

So we showed that the patchDesiredUpdate function keeps the cv.spec.desiredUpdate.acceptRisks intact.

oc/pkg/cli/admin/upgrade/upgrade.go

Line 688 in 90d7ae6

func patchDesiredUpdate(ctx context.Context, update *configv1.Update, client configv1client.Interface,

[JianLi-RH]

We also need to provide users with help information but it seems there are no any info:

[jianl@jianl-thinkpadt14gen4 422]$ ./oc adm upgrade --help | grep -i "accept"
[jianl@jianl-thinkpadt14gen4 422]$ 

[hongkailiu]

but it seems there are no

Try this?

OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept -h

[hongkailiu]

Tested with 254493c

launch 4.22.0-0.nightly aws,techpreview

$ CGO_CFLAGS="-I/opt/homebrew/opt/heimdal/include" make oc
$  oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskB, riskC, riskA]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear    
info: Accept risks are []
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept --clear
info: Accept risks are not changed
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB
info: Accept risks are [riskA, riskB]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB,riskC
info: Accept risks are [riskA, riskB, riskC]
$ oc git:(accept-cmd) OC_ENABLE_CMD_UPGRADE_ACCEPT_RISKS=true ./oc adm upgrade accept riskA,riskB --replace
info: Accept risks are [riskA, riskB]
$ oc git:(accept-cmd) oc get clusterversion version -o yaml | yq -y .spec                                  
clusterID: 47dcb252-4e3b-4eb8-97d7-64ec7dbe4ff4
desiredUpdate:
  acceptRisks:
    - name: riskA
    - name: riskB
  architecture: ''
  force: false
  image: ''
  version: ''
overrides:
  - group: config.openshift.io

[openshift-ci]

@hongkailiu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.