fix(alerts): Remove duplicate information in the recommend command

[nbottari9]

Context

---

If the ClusterUpdateAcceptRisks feature gate is enabled on the cluster, the CVO will include alerts in the conditional update risks. The client also checks for alerts, which can cause warnings or info messages to be printed twice.

Description

---

We can detect if the server (CVO) is already including alerts by checking if Recommended=False in the ClusterVersion conditional updates. If this is set, we know that the feature gate is enabled, therefore the server is checking alerts and we don't need to on the client.

Changes

---

• Added an if statement before calling precheck() to check if the server is including alerts
• shouldSkipClientAlertChecking() - loops over the ConditionalUpdates and checks to see if any of them have Recommended=False. If so, return true to indicate the server IS checking for alerts and we don't need to on the client.
• TestServerSideAlertRisks test suite - Added new tests to test new functionality

Summary by CodeRabbit

• Bug Fixes

  • The upgrade recommendation command now respects cluster feature gates that allow accepting update risks, skipping redundant client-side prechecks and avoiding extra precheck failure alerts.

• Tests

  • Added test coverage for server-side alert/risk handling to verify correct behavior across conditional update and recommendation scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 8cbc3df3-f176-448e-abdf-92c8fa7cb03b

📥 Commits

Reviewing files that changed from the base of the PR and between 0a14aba and 8b30ec7.

📒 Files selected for processing (1)

• pkg/cli/admin/upgrade/recommend/recommend.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/cli/admin/upgrade/recommend/recommend.go

---

Walkthrough

The recommend command now checks the cluster FeatureGate for ClusterUpdateAcceptRisks and the cluster Infrastructure; when accept-risks is enabled for the desired version or hypershift is enabled, it skips the client-side precheck, related issue insertions, and alert printing.

Changes

Conditional client-side alert checking for upgrade recommendations

Layer / File(s)	Summary
Feature-gate import pkg/cli/admin/upgrade/recommend/recommend.go	Adds import for OpenShift feature-gate constants used by the new helper.
Accept-risks feature check helper pkg/cli/admin/upgrade/recommend/recommend.go	Adds isAcceptRisksEnabled(featureGate, clusterVersion) to detect ClusterUpdateAcceptRisks enabled entries for the desired version; returns false when FeatureGate is nil or no matching entry exists.
Run() integration of skip guard pkg/cli/admin/upgrade/recommend/recommend.go	Run now fetches the cluster FeatureGate and Infrastructure and only runs o.precheck(ctx) plus the condition classification/printing block when isAcceptRisksEnabled(...) is false and hypershift is not enabled; skips inserting precheck failure or per-condition acceptance updates when skipped.
Complete() tweak and skip-guard tests pkg/cli/admin/upgrade/recommend/recommend.go, pkg/cli/admin/upgrade/recommend/recommend_test.go	Minor anchor/line adjustment near options.Complete return path; adds TestServerSideAlertRisks (table-driven) and imports metav1 to validate shouldSkipClientAlertChecking behavior across nil/empty ConditionalUpdates and differing Recommended condition statuses.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 12 | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title refers to removing duplicate information, but the actual changes add conditional logic to skip client-side alert checking when server-side alerts are enabled—a behavior control change, not a removal of duplicate code or information.	Update the title to reflect the actual change: something like 'fix(alerts): Skip client-side alert checking when server includes alerts' would more accurately describe the conditional precheck logic being added.
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	⚠️ Warning	Test code references undefined function shouldSkipClientAlertChecking which doesn't exist in the codebase, causing compilation failure. The test suite cannot build.	Implement the shouldSkipClientAlertChecking function in recommend.go to match the test expectations, or update the test to call the correct function that was actually implemented.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR uses standard Go tests, not Ginkgo tests. TestServerSideAlertRisks has stable, deterministic table-driven test names with no dynamic content.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests were added. The new TestServerSideAlertRisks is a standard Go unit test using testing.T framework, not a Ginkgo e2e test. Custom check only applies to Ginkgo e2e tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added. The PR only adds a standard Go unit test (TestServerSideAlertRisks) in a CLI package, which is outside the scope of SNO compatibility checks.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies CLI recommend command logic only; does not introduce deployment manifests, operators, or controllers with scheduling constraints that would affect topologies.
Ote Binary Stdout Contract	✅ Passed	The modified code is part of the main oc CLI (not the OTE binary at cmd/oc-tests-ext), with no process-level code or stdout writes that would violate the OTE contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds standard Go unit tests, not Ginkgo e2e tests. Check applies only to Ginkgo tests (Describe, It, Context, etc.).
No-Weak-Crypto	✅ Passed	No weak cryptography detected. The PR contains no crypto imports, weak algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or non-constant-time secret comparisons.
Container-Privileges	✅ Passed	PR modifies only CLI Go code with no container manifests containing privileged configs like privileged:true, hostPID, hostNetwork, hostIPC, or allowPrivilegeEscalation.
No-Sensitive-Data-In-Logs	✅ Passed	Logging added uses generic error messages without exposing FeatureGate/Infrastructure details. Error variable logged is from API calls, not sensitive data.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: nbottari9
Once this PR has been reviewed and has the lgtm label, please assign hongkailiu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• pkg/cli/admin/upgrade/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wking]

There could be reasons for an update to be Recommended=False that aren't about the alert checks. And we want to be exhaustive in checking, because a cluster-admin should be able to say "oh, I'm ok with those issues" and be able to confidently update anyway. Maybe we can look in conditionalUpdateRisks for risk names that start with Alert? Or maybe the presence of conditionalUpdateRisks at all is enough to mark the relevant feature as enabled, and we don't need to build heuristics based on risk name? Either of those might double-check a cluster where the CVO checked and thought the cluster was clean, and then the client re-checked (and hopefully agreed the cluster was clean), but that seems ok during the transitional period, before we can drop the client-side checking entirely.

[hongkailiu]

(Sorry for late comments)

CVO works on the risks with the above guard, including the ones from alerts.

Could we do similar guard in oc to CVO, like this?

It checks the feature gate and HyperShift: oc has the tools to receive both.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/cli/admin/upgrade/recommend/recommend.go`:
- Around line 187-190: The call to o.Client.ConfigV1().FeatureGates().Get(ctx,
"cluster", metav1.GetOptions{}) is ignoring its error return; capture the error
(e.g., err) instead of using `_` and log it with klog.V(4).Infof() (including
context like that the FeatureGate fetch failed) while keeping the existing nil
fallback behavior for featureGate; update the block that references featureGate
and o.Client to handle the captured error and log it appropriately.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 260e5e72-5faa-490c-859c-5290a98e1dc7

📥 Commits

Reviewing files that changed from the base of the PR and between fb98845 and 0a14aba.

📒 Files selected for processing (1)

• pkg/cli/admin/upgrade/recommend/recommend.go

[openshift-ci]

@nbottari9: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	8b30ec7	link	true	/test verify
ci/prow/security	8b30ec7	link	false	/test security
ci/prow/unit	8b30ec7	link	true	/test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hongkailiu]

In my mind, the guard will be inside the alert checking:

oc/pkg/cli/admin/upgrade/recommend/alerts.go

Line 22 in 014fa16

func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) {

Something like if the gate is enabled and not Hypershift, then the function returns nil, nil like there were no alerts to check (because they are checked by CVO already and CVO will generate the Recommend condition if needed).