HYPERFLEET-682 - fix: improve adapter configs and make Terraform directory configurable

[xueli181114]

Summary

• Make TF_DIR variable configurable in Makefile to allow custom Terraform directory paths
• Fix adapter1 config to use cluster_id consistently and implement proper health checks
• Update adapter2 to use dynamic naming based on metadata.name instead of hardcoded "adapter2"
• Change adapter2 type from maestro to landing-zone to reflect its actual purpose
• Improve status condition handling with more robust nested resource availability checks

Changes Made

Makefile

• Changed TF_DIR := terraform to TF_DIR ?= terraform to make it configurable

adapter1 Configuration

• Fixed inconsistent field names: clusterId → cluster_id
• Improved health status checks to use actual adapter execution status instead of just checking ConfigMap availability
• Added proper error handling with adapter.errorReason and adapter.errorMessage

adapter2 Configuration

• Updated adapter type label from maestro to landing-zone
• Changed all hardcoded "adapter2" references to use dynamic {{ .metadata.name }}
• Improved ManifestWork naming to be unique: {{ .clusterId }}-{{ .metadata.name }}
• Enhanced status condition expressions for better resource availability checking
• Added manifestwork metadata extraction in the data section
• Simplified and improved nested resource discovery logic

Test plan

• Verify Makefile accepts custom TF_DIR values
• Test adapter1 with cluster_id field consistency
• Test adapter2 dynamic naming functionality
• Verify improved status condition handling works correctly

Summary by CodeRabbit

• Chores

  • Build tooling now respects an overridable Terraform directory setting.

• Refactor

  • Adapter health reporting now surfaces explicit status, reason, and message from adapter error/state.
  • Adapter resource naming and discovery use a consistent, dynamic naming pattern and standardized cluster identifier, improving clarity.

• Bug Fixes

  • Improved status and availability evaluation with better fallbacks to reduce ambiguous or incorrect states.

[coderabbitai]

Walkthrough

Makefile: TF_DIR assignment changed from unconditional (TF_DIR := terraform) to conditional (TF_DIR ?= terraform) to allow overrides. helm/adapter1/adapter-task-config.yaml: switch clusterId to cluster_id and refactor availability/health extraction to derive status from adapter.executionStatus, adapter.errorReason, and adapter.errorMessage. helm/adapter2/adapter-task-config.yaml: rename ManifestWork and related resources to include metadata.name, update labels/annotations and nested discovery keys, and add fallbacks and refined status extraction for missing nested resources.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Adapter
    participant Discovery
    participant K8sAPI
    participant StatusAggregator

    Client->>Adapter: submit task / manifest
    Adapter->>Discovery: request byName ({{ .clusterId }}-{{ .metadata.name }})
    Discovery->>K8sAPI: lookup ManifestWork, Namespace, ConfigMap
    K8sAPI-->>Discovery: return resources or not found
    Discovery-->>Adapter: nestedDiscovery results (manifestwork, namespace0, configmap0)
    Adapter->>StatusAggregator: compute Applied/Available/Health using adapter.executionStatus, errorReason, errorMessage, and fallbacks
    StatusAggregator-->>Client: return aggregated status and messages

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the two main changes: making Terraform directory configurable and improving adapter configs, matching the file-level modifications in Makefile and adapter YAML files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

helm/adapter1/adapter-task-config.yaml (1)

128-134: Health fallback is internally inconsistent for unknown execution state.

When status resolves to "Unknown" (Line 128), reason/message still default to "Healthy" and a success message (Lines 131, 134). This can misreport non-terminal states.

Proposed CEL adjustment

-                  adapter.?errorReason.orValue("") != "" ? adapter.?errorReason.orValue("") : "Healthy"
+                  adapter.?executionStatus.orValue("") == "success"
+                    ? "Healthy"
+                    : (adapter.?executionStatus.orValue("") == "failed"
+                        ? (adapter.?errorReason.orValue("") != "" ? adapter.?errorReason.orValue("") : "ExecutionFailed")
+                        : "ExecutionStatusUnknown")

-                  adapter.?errorMessage.orValue("") != "" ? adapter.?errorMessage.orValue("") : "All adapter operations completed successfully"
+                  adapter.?executionStatus.orValue("") == "success"
+                    ? "All adapter operations completed successfully"
+                    : (adapter.?executionStatus.orValue("") == "failed"
+                        ? (adapter.?errorMessage.orValue("") != "" ? adapter.?errorMessage.orValue("") : "Adapter execution failed")
+                        : "Adapter execution status is not yet available")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@helm/adapter1/adapter-task-config.yaml` around lines 128 - 134, The current
CEL expressions use adapter.?executionStatus.orValue("") to set condition to
"Unknown" but still default reason/message to "Healthy" and a success message;
update the reason and message expressions (the adapter.?errorReason.orValue("")
and adapter.?errorMessage.orValue("") branches) to first check executionStatus
and return an "Unknown" (or appropriate non-healthy) reason/message when
executionStatus is neither "success" nor "failed" — otherwise keep the existing
behavior: if executionStatus == "success" use errorReason/orValue("Healthy") and
errorMessage/orValue("All adapter operations completed successfully"), if
executionStatus == "failed" use errorReason/orValue("") and
errorMessage/orValue(""), and if executionStatus is unknown return a clear
"Unknown execution state" (or similar) for both reason and message.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@helm/adapter2/adapter-task-config.yaml`:
- Line 88: The template uses the unavailable runtime field .metadata.name in the
resource name (name: "{{ .clusterId }}-{{ .metadata.name }}") which will cause
failures; replace uses of {{ .metadata.name }} in adapter2 with the same
hardcoded adapter identifier pattern used by adapter1/adapter3 (e.g., a literal
adapter name with a TODO referencing config.adapter.metadata.name) across all
occurrences so the template compiles at runtime, and ensure the TODO comment
remains to indicate future replacement once config.adapter.metadata.name is
available.

---

Nitpick comments:
In `@helm/adapter1/adapter-task-config.yaml`:
- Around line 128-134: The current CEL expressions use
adapter.?executionStatus.orValue("") to set condition to "Unknown" but still
default reason/message to "Healthy" and a success message; update the reason and
message expressions (the adapter.?errorReason.orValue("") and
adapter.?errorMessage.orValue("") branches) to first check executionStatus and
return an "Unknown" (or appropriate non-healthy) reason/message when
executionStatus is neither "success" nor "failed" — otherwise keep the existing
behavior: if executionStatus == "success" use errorReason/orValue("Healthy") and
errorMessage/orValue("All adapter operations completed successfully"), if
executionStatus == "failed" use errorReason/orValue("") and
errorMessage/orValue(""), and if executionStatus is unknown return a clear
"Unknown execution state" (or similar) for both reason and message.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dab811d and fb194c8.

📒 Files selected for processing (3)

• Makefile
• helm/adapter1/adapter-task-config.yaml
• helm/adapter2/adapter-task-config.yaml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@helm/adapter2/adapter-task-config.yaml`:
- Around line 256-283: The CEL expressions for the Available checks use
has(c.type) inconsistently, which can throw if a condition lacks type; update
all condition existence predicates used in
resources.namespace0.conditions.exists(...) and
resources.configmap0.conditions.exists(...) so they consistently guard c.type
(i.e., add has(c.type) && before every c.type == "Available" occurrence inside
the exists(...) lambdas for namespace0 and configmap0 conditions) to ensure
null-safe evaluation.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb194c8 and 0ed88fd.

📒 Files selected for processing (3)

• Makefile
• helm/adapter1/adapter-task-config.yaml
• helm/adapter2/adapter-task-config.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• Makefile

[rafabene]

Now that all {{ .adapterName }} references have been replaced with {{ .metadata.name }}, the
adapterName parameter definition (lines ~27-31) is no longer referenced anywhere in the
template. You can clean it up:

  -    #TODO: this should come from config.adapter.metadata.name
  -    - name: "adapterName"
  -      source: "config.adapterConfig.metadata.name"
  -      default: "adapter2"
  -      description: "Unique identifier for the adapter"

[xueli181114]

Now that all {{ .adapterName }} references have been replaced with {{ .metadata.name }}, the adapterName parameter definition (lines ~27-31) is no longer referenced anywhere in the template. You can clean it up:

  -    #TODO: this should come from config.adapter.metadata.name
  -    - name: "adapterName"
  -      source: "config.adapterConfig.metadata.name"
  -      default: "adapter2"
  -      description: "Unique identifier for the adapter"

Removed

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

helm/adapter2/adapter-task-config.yaml (1)

7-7: ⚠️ Potential issue | 🟠 Major

Adapter type label is still maestro instead of landing-zone.

Line 7 still sets hyperfleet.io/adapter-type: maestro, which conflicts with the PR objective and can break selector/routing logic expecting landing-zone.

Suggested fix

-    hyperfleet.io/adapter-type: maestro
+    hyperfleet.io/adapter-type: landing-zone

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@helm/adapter2/adapter-task-config.yaml` at line 7, The label key
hyperfleet.io/adapter-type currently has the value "maestro"; update this to
"landing-zone" so selectors and routing match the PR intent—specifically change
the value for hyperfleet.io/adapter-type in adapter-task-config.yaml from
"maestro" to "landing-zone" and verify related selectors/helm templates and any
tests that reference hyperfleet.io/adapter-type are updated accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@helm/adapter2/adapter-task-config.yaml`:
- Line 82: The ManifestWork resource's name uses clusterId without lowercasing
("name: \"{{ .clusterId }}-{{ .metadata.name }}\"") which can violate DNS-1123;
update the ManifestWork name templates (both occurrences currently at the
ManifestWork declarations) to apply the | lower filter to .clusterId so the
generated names are lowercase and DNS-1123 compliant, mirroring how Namespace
and ConfigMap templates use | lower.

---

Outside diff comments:
In `@helm/adapter2/adapter-task-config.yaml`:
- Line 7: The label key hyperfleet.io/adapter-type currently has the value
"maestro"; update this to "landing-zone" so selectors and routing match the PR
intent—specifically change the value for hyperfleet.io/adapter-type in
adapter-task-config.yaml from "maestro" to "landing-zone" and verify related
selectors/helm templates and any tests that reference hyperfleet.io/adapter-type
are updated accordingly.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ed88fd and 6c382fa.

📒 Files selected for processing (1)

• helm/adapter2/adapter-task-config.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# First, check if the file exists and display lines around 82 and 216
echo "=== Checking helm/adapter2/adapter-task-config.yaml ==="
if [ -f "helm/adapter2/adapter-task-config.yaml" ]; then
  echo "File exists. Lines 80-84:"
  sed -n '80,84p' "helm/adapter2/adapter-task-config.yaml" | cat -n
  echo ""
  echo "Lines 214-218:"
  sed -n '214,218p' "helm/adapter2/adapter-task-config.yaml" | cat -n
else
  echo "File not found"
fi

echo ""
echo "=== Searching for clusterId and naming patterns ==="
# Look for clusterId and event.id references
rg -n 'clusterId|event\.id' helm/ --type yaml --type go -A 2 -B 2

echo ""
echo "=== Checking ManifestWork naming patterns ==="
# Look for ManifestWork resources and their naming conventions
rg -n 'kind:\s*ManifestWork' helm/ --type yaml -A 10 | head -60

Repository: openshift-hyperfleet/hyperfleet-infra

Length of output: 11765

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Searching for event.id or event ID validation ==="
rg -n 'event\.id|eventId|event_id|validation|sanitize|normalize|DNS|dns1123' helm/ --type yaml --type go --type md -B 2 -A 2 | head -100

echo ""
echo "=== Checking README or docs for naming requirements ==="
find . -maxdepth 2 -name "README*" -o -name "*.md" | xargs rg -l 'ManifestWork|event.id|clusterId|naming|DNS' 2>/dev/null | head -5

if [ -f "README.md" ]; then
  echo "Searching README.md for relevant info:"
  rg -n 'ManifestWork|event.id|clusterId|naming' README.md -B 1 -A 1
fi

echo ""
echo "=== Checking if there's any preprocessing or validation of clusterId ==="
rg -n 'clusterId|event\.id' --type go -B 3 -A 3 | head -80

Repository: openshift-hyperfleet/hyperfleet-infra

Length of output: 2060

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Getting full validation check expressions ==="
sed -n '60,75p' helm/adapter2/adapter-task-config.yaml

echo ""
echo "=== Searching for Go code that validates or uses event.id ==="
find . -name "*.go" -type f | head -10
rg -n 'event.*id|EventID|Event.*ID' --type go -B 2 -A 5 2>/dev/null | head -60

echo ""
echo "=== Checking comments or documentation about ManifestWork ==="
rg -n 'ManifestWork|manifestwork' helm/adapter2/adapter-task-config.yaml -B 1 -A 5 | head -40

echo ""
echo "=== Checking if there's documentation about naming constraints ==="
find . -name "*.md" -o -name "*.txt" | xargs grep -l "ManifestWork\|Kubernetes.*name\|DNS" 2>/dev/null | head -5

Repository: openshift-hyperfleet/hyperfleet-infra

Length of output: 763

---

🌐 Web query:

ManifestWork Kubernetes naming requirements DNS-1123

💡 Result:

For an OCM ManifestWork (a normal Kubernetes object), the key DNS‑1123 constraints are:

• metadata.name: typically must be a DNS subdomain (RFC 1123) (Kubernetes “object name” rule):

  • max 253 characters
  • only lowercase a-z, 0-9, -, .
  • must start and end with an alphanumeric character
  • common regex: ^[a-z0-9]([a-z0-9-.]{0,251}[a-z0-9])?$ [1]

• metadata.namespace (the cluster namespace where you create the ManifestWork, i.e., the target managed-cluster namespace on the hub): must be a DNS label (RFC 1123):

  • max 63 characters
  • only lowercase a-z, 0-9, -
  • must start and end with an alphanumeric character
  • common regex: ^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$ [1][2]

Sources: Kubernetes naming rules [1] and OCM ManifestWork concept docs (created in the managed cluster’s namespace) [2].

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Searching for example event IDs or cluster IDs with uppercase ==="
rg -n 'event.id|clusterId' helm/ --type yaml | grep -i '[A-Z]' | head -20

echo ""
echo "=== Looking for any test data or examples ==="
find . -name "*test*" -o -name "*example*" -o -name "*fixture*" 2>/dev/null | xargs grep -l 'clusterId\|event.id' 2>/dev/null | head -5

echo ""
echo "=== Checking if adapter1 has ManifestWork (for comparison) ==="
rg -n 'kind:\s*ManifestWork' helm/adapter1/ -A 10 | head -30

echo ""
echo "=== Verifying the actual inconsistency one more time ==="
echo "adapter2 line 82 (ManifestWork name):"
sed -n '82p' helm/adapter2/adapter-task-config.yaml
echo ""
echo "adapter2 line 140 (Namespace name):"
sed -n '140p' helm/adapter2/adapter-task-config.yaml
echo ""
echo "adapter2 line 155 (ConfigMap name):"
sed -n '155p' helm/adapter2/adapter-task-config.yaml

Repository: openshift-hyperfleet/hyperfleet-infra

Length of output: 2002

---

Apply | lower filter to clusterId in ManifestWork naming to ensure DNS-1123 compliance.

ManifestWork names (lines 82 and 216) must follow Kubernetes DNS-1123 rules requiring lowercase alphanumerics and hyphens only. Since clusterId is sourced from event.id without validation, uppercase characters would cause ManifestWork creation to fail. Other Kubernetes resources in this file (Namespace at line 140, ConfigMap at line 155) already correctly apply the | lower filter; this should be consistent for ManifestWork as well.

Suggested fix

-          name: "{{ .clusterId }}-{{ .metadata.name }}"
+          name: "{{ .clusterId | lower }}-{{ .metadata.name }}"

-        byName: "{{ .clusterId }}-{{ .metadata.name }}"
+        byName: "{{ .clusterId | lower }}-{{ .metadata.name }}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@helm/adapter2/adapter-task-config.yaml` at line 82, The ManifestWork
resource's name uses clusterId without lowercasing ("name: \"{{ .clusterId }}-{{
.metadata.name }}\"") which can violate DNS-1123; update the ManifestWork name
templates (both occurrences currently at the ManifestWork declarations) to apply
the | lower filter to .clusterId so the generated names are lowercase and
DNS-1123 compliant, mirroring how Namespace and ConfigMap templates use | lower.

[rh-amarin]

/lgtm