OCPCLOUD-3326: Update to use new manifests-gen

[mdbooth]

No description provided.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)

• do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updates OpenShift CAPI operator packaging: changes Dockerfile manifest copy paths, replaces the Makefile's ocp-manifests invocation with a more granular manifests-gen call, adds kustomize and provider metadata under openshift/capi-operator-manifests, deletes a legacy AWS ConfigMap, updates openshift/tools/go.mod deps, and removes openshift/fetch_ext_bins.sh.

Changes

Cohort / File(s)	Summary
Docker build openshift/Dockerfile.openshift	Repoints copied manifests: source changed from /build/openshift/manifests to openshift/capi-operator-manifests and destination from /manifests to /capi-operator-manifests.
Makefile / manifests-gen invocation openshift/Makefile	Replaces prior provider flags with explicit, path-centric flags: --manifests-path ../capi-operator-manifests, --kustomize-dir ../../openshift, plus --name cluster-api-provider-aws, --install-order 20, --attribute type=infrastructure, --attribute version="${PROVIDER_VERSION}", --self-image-ref, --platform AWS, and --protect-cluster-resource.
CAPI operator manifests & kustomize openshift/capi-operator-manifests/default/metadata.yaml, openshift/kustomization.yaml	Adds provider metadata (name=cluster-api-provider-aws, installOrder=20, attributes.type=infrastructure, attributes.version=v2.10.0, ocpPlatform=AWS, selfImageRef=registry.ci.openshift.org/openshift:aws-cluster-api-controllers) and a Kustomization referencing generated component, ../config/default, an image rewrite for cluster-api-aws-controller, and a JSON patch to remove an unsubstituted SA annotation.
Removed legacy manifest openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-aws.yaml	Deletes the AWS infrastructure ConfigMap manifest (full file removal).
Dependency updates openshift/tools/go.mod	Large dependency refresh: bumps manifests-gen pseudo-version, updates numerous Kubernetes/OpenShift and container-related modules, removes/introduces many indirects and aligns versions across the toolchain.
Removed helper script openshift/fetch_ext_bins.sh	Removes the script that fetched/prepared external tooling (kubebuilder binaries and related environment setup).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@mdbooth: This pull request references OCPCLOUD-3326 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[theobarberbany]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: theobarberbany

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [theobarberbany]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@openshift/kustomization.yaml`:
- Around line 21-23: The JSON Patch path for the remove op is missing the
closing brace and thus doesn't match the annotation key; update the patch entry
whose path currently reads
/metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
to include the trailing } so it exactly matches the annotation key
`${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn}` (keeping the ~1
separators as used in the patch encoding).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's read the openshift/kustomization.yaml file to see the exact content
cat -n openshift/kustomization.yaml

Repository: openshift/cluster-api-provider-aws

Length of output: 841

---

🏁 Script executed:

# Search for AWS_CONTROLLER_IAM_ROLE references in the codebase
rg -n "AWS_CONTROLLER_IAM_ROLE" --type yaml -C 3

Repository: openshift/cluster-api-provider-aws

Length of output: 1707

---

🏁 Script executed:

# Look for ServiceAccount definitions and annotation patterns
rg -n "metadata/annotations" --type yaml -C 2

Repository: openshift/cluster-api-provider-aws

Length of output: 625

---

JSON Patch path is truncated - missing closing }.

The annotation key in config/rbac/serviceaccount.yaml is ${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn} (ends with }), but the patch path on line 23 omits the closing brace. This causes the patch to fail silently since it won't match any existing annotation.

Correct the path:

Diff

   patch: |-
     - op: remove
-      path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
+      path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	patch: |-
	- op: remove
	path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
	patch: |-
	- op: remove
	path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn}

🤖 Prompt for AI Agents

In `@openshift/kustomization.yaml` around lines 21 - 23, The JSON Patch path for
the remove op is missing the closing brace and thus doesn't match the annotation
key; update the patch entry whose path currently reads
/metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
to include the trailing } so it exactly matches the annotation key
`${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn}` (keeping the ~1
separators as used in the patch encoding).

[theobarberbany]

Added comment - this is intentional and also a disgusting hack.

[theobarberbany]

/lgtm

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@openshift/Makefile`:
- Around line 26-29: The shell command in the Makefile that invokes
$(MANIFESTS_GEN) is concatenating the `--install-order` value and the next flag
because the backslash is immediately after `20`; update the line with
`--install-order 20\` so there is a space before the backslash (e.g.,
`--install-order 20 \`) to ensure `--attribute` (and subsequent flags) are
passed as separate arguments to the `MANIFESTS_GEN` invocation.

[theobarberbany]

/retest

[theobarberbany]

/retest

[theobarberbany]

/retest

[theobarberbany]

/test e2e-aws-capi-techpreview
/test e2e-aws-ovn
/test e2e-aws-serial-2of2

We expect regression to fail until we test that expects CVO to be deploying manifests.

[JoelSpeed]

/lgtm

[theobarberbany]

/override ci/prow/e2e-aws-capi-techpreview

[openshift-ci]

@theobarberbany: Overrode contexts on behalf of theobarberbany: ci/prow/e2e-aws-capi-techpreview

Details

In response to this:

/override ci/prow/e2e-aws-capi-techpreview

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@mdbooth: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/regression-clusterinfra-aws-ipi-techpreview-capi	8e691fb	link	false	/test regression-clusterinfra-aws-ipi-techpreview-capi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.