CNF-25115: Include supported values in validation error messages

[sebrandon1]

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Summary by CodeRabbit

• Improvements
  • Validation error messages now include the complete list of supported values when invalid container arguments, environment variables, pod labels, or resource configurations are provided, making it easier to identify valid options during configuration.

[openshift-ci-robot]

@sebrandon1: This pull request explicitly references no jira issue.

Details

In response to this:

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Validation error messages in deployment_overrides_validation.go are extended to include the full list of supported values when an unsupported container arg, env var, pod label, or resource limit/request is provided. The strings package is imported to enable this formatting. Four test cases in TestWithContainerArgsValidateHook are updated to match the expanded error strings.

Changes

Validation Error Message Enhancement

Layer / File(s)	Summary
Error message updates and test expectations pkg/controller/certmanager/deployment_overrides_validation.go, pkg/controller/certmanager/deployment_overrides_validation_test.go	Adds strings import and appends strings.Join(..., ", ") of the supported set to error messages in validateArgs, validateEnv, validateLabels, and validateResources. Four TestWithContainerArgsValidateHook test cases update wantErrMsg to include the supported arg lists for controller, webhook, and cainjector.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Error messages at lines 82, 131, and 180 log user-provided values (args, env vars, labels) without sanitization. Most critically, line 131 logs the entire corev1.EnvVar struct which can contain pla...	Sanitize sensitive data before logging: log only the field name (key), not the value; or mask/redact values in error messages using v.Name for EnvVar, and excluding raw values for args/labels.
Microshift Test Compatibility	⚠️ Warning	New Ginkgo e2e tests reference config.openshift.io APIs unavailable on MicroShift without proper Skip protection: issuer_acme_dns01_test.go (DNSes, Infrastructures, Authentications), issuer_selfsig...	Add [apigroup:config.openshift.io] tags or Skip checks for tests accessing unavailable config.openshift.io resources (DNS, Ingress, Authentication objects not available on MicroShift).
Test Structure And Quality	❓ Inconclusive	The custom check specifies "Review Ginkgo test code" but the modified test file uses standard Go testing (t *testing.T), not Ginkgo (no Describe/Context/It blocks). The check's applicability is amb...	Clarify whether the check applies only to Ginkgo tests (in which case it's not applicable here) or to all Go tests. If latter, the tests meet most requirements except some assertions lack diagnostic messages.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The PR contains no Ginkgo tests. All tests in both modified files use standard Go testing with t.Run() subtests, which are not subject to the Ginkgo stable naming check.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. It only modifies Go unit tests (standard testing package) in pkg/controller/certmanager/. The SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only enhances validation error messages to include supported values when users provide unsupported args, env vars, labels, or resources. No deployment manifests, scheduling constraints, affinity...
Ote Binary Stdout Contract	✅ Passed	PR does not violate OTE Binary Stdout Contract. All changes are runtime validation error messages using fmt.Errorf (returns, not stdout). No process-level code (main, init, TestMain, BeforeSuite, e...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR modifies unit tests in pkg/controller/certmanager/, not Ginkgo e2e tests. The check applies only to new Ginkgo e2e tests (It, Describe, Context, When patterns), which are not present in thi...
No-Weak-Crypto	✅ Passed	PR contains no cryptographic functions, custom crypto implementations, or secret/token comparisons. Changes only modify validation error messages to include supported values lists.
Container-Privileges	✅ Passed	PR modifies only validation error message formatting in Go code; no container security context, K8s manifest security configurations, or privileged container settings are introduced or modified.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: including supported values in validation error messages for better user experience.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign swghosh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sebrandon1: This pull request references CNF-25115 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• When users pass unsupported args, env vars, labels, or resources to the CertManager CR, the validation error now lists the supported values so they can self-correct without consulting documentation
• Updated all 4 validation functions in deployment_overrides_validation.go

Before

validation failed due to unsupported arg "--foo"="bar"

After

validation failed due to unsupported arg "--foo"="bar"; supported args are: --acme-http01-solver-nameservers, --dns01-recursive-nameservers, --v, -V, ...

Test plan

• go test ./pkg/controller/certmanager/... passes (all validation tests updated)
• make lint clean (no new issues)
• CI e2e tests pass

Summary by CodeRabbit

• Improvements
• Validation error messages now include the complete list of supported values when invalid container arguments, environment variables, pod labels, or resource configurations are provided, making it easier to identify valid options during configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@sebrandon1: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.