CNF-25115: Include supported values in validation error messages

[sebrandon1]

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Summary by CodeRabbit

• Improvements
  • Enhanced validation errors to include the complete list of supported values when invalid container arguments, environment variables, pod labels, or resource configurations are provided, helping you quickly identify correct options.

[openshift-ci-robot]

@sebrandon1: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ad7ac56e-3155-4a3f-b28b-780fc78d2abe

📥 Commits

Reviewing files that changed from the base of the PR and between 6d0d9e9 and 0d543d2.

📒 Files selected for processing (2)

• pkg/controller/certmanager/deployment_overrides_validation.go
• pkg/controller/certmanager/deployment_overrides_validation_test.go

✅ Files skipped from review due to trivial changes (1)

• pkg/controller/certmanager/deployment_overrides_validation_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/controller/certmanager/deployment_overrides_validation.go

---

Walkthrough

Validation errors in deployment_overrides_validation.go now append supported-value lists for unsupported container args, env vars, pod labels, and resources. The related hook tests are updated to expect the expanded error strings.

Changes

Validation message formatting

Layer / File(s)	Summary
Validation errors include supported values pkg/controller/certmanager/deployment_overrides_validation.go	Adds strings import and appends comma-joined supported-value lists to unsupported arg, env var, label, and resource validation errors.
Test expectations match expanded errors pkg/controller/certmanager/deployment_overrides_validation_test.go	Updates TestWithContainerArgsValidateHook expectations for controller, webhook, and cainjector unsupported-arg errors to include the supported args lists.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Validation errors now echo raw arg/env/label/resource values; unsupported env/arg values can contain secrets and are propagated through controller errors/logs.	Redact or omit user-supplied values from these errors; report only the key and supported options, especially for args/env vars that may carry secrets.
Ipv6 And Disconnected Network Test Compatibility	⚠️ Warning	New Ginkgo e2e tests use public internet services (LetsEncrypt, Google STS/IAM, 1.1.1.1) and hardcoded IPv4 literals (10.10.10.10, 127.0.0.1).	Replace public endpoints with cluster-internal/mirrored services, and avoid IPv4-only literals; add IPv6-aware host handling or [Skipped:Disconnected] where external access is required.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding supported values to validation error messages.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Test titles in the modified file are static t.Run strings; no dynamic suffixes, timestamps, UUIDs, node/namespace/IP values, or formatted names were found.
Test Structure And Quality	✅ Passed	No Ginkgo tests were changed; the updated file is plain table-driven testing.T code with no cluster ops, waits, or cleanup concerns.
Microshift Test Compatibility	✅ Passed	PASS: The PR only changes unit-test and validation message code in pkg/controller/certmanager; no new Ginkgo e2e tests or MicroShift-sensitive APIs/features were added.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	Only unit tests and validation helpers changed; no Ginkgo e2e tests or multi-node/SNO assumptions were added.
Topology-Aware Scheduling Compatibility	✅ Passed	Only validation error strings/tests changed; no deployment spec, replicas, affinity, nodeSelector, or topology-spread logic was added.
Ote Binary Stdout Contract	✅ Passed	Touched code only changes validation error text in library functions; no main/init/TestMain/BeforeSuite stdout writes or logging redirection changes.
No-Weak-Crypto	✅ Passed	Touched files only add supported-values text to validation errors; no weak crypto, custom crypto, or secret comparisons appear in the diff.
Container-Privileges	✅ Passed	PASS: PR only changes Go validation error strings/tests; no container/K8s manifests or privilege settings were introduced.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign swghosh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sebrandon1: This pull request references CNF-25115 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Summary by CodeRabbit

• Improvements
• Validation error messages now include the complete list of supported values when invalid container arguments, environment variables, pod labels, or resource configurations are provided, making it easier to identify valid options during configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@sebrandon1: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/unit	0d543d2	link	true	/test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.