CNTRLPLANE-2550: Add support for CEL expression claim mappings for username and groups

[ShazaAldawamneh]

• Updated UsernameClaimMapping.Claim to be optional when ExternalOIDCWithUpstreamParity is enabled.
• Added XValidation rule to require claim when PrefixPolicy is 'Prefix'.
• Updated Expression field to be fully gated behind ExternalOIDCWithUpstreamParity.
• Ensures minimal Authentication CRs pass validation and preserve expected claim in tests.
• Aligned PrefixedClaimMapping for groups with same optional/validation behavior.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@ShazaAldawamneh: This pull request references CNTRLPLANE-2550 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

• Updated UsernameClaimMapping.Claim to be optional when ExternalOIDCWithUpstreamParity is enabled.
• Added XValidation rule to require claim when PrefixPolicy is 'Prefix'.
• Updated Expression field to be fully gated behind ExternalOIDCWithUpstreamParity.
• Ensures minimal Authentication CRs pass validation and preserve expected claim in tests.
• Aligned PrefixedClaimMapping for groups with same optional/validation behavior.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @ShazaAldawamneh! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This pull request introduces additions to the .gocache/ directory, which stores Go build cache artifacts. The changes include approximately 200 new cache entry files distributed across subdirectories (01-d9), each containing a single line with a version identifier (v1) followed by hexadecimal hashes and numeric fields. Additionally, a new .gocache/README file is added with descriptive content about the cache directory and basic maintenance commands. All changes are strictly additive, with no modifications to existing files or removal of content.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding CEL expression support for claim mappings related to username and groups, which aligns with the core modifications in the PR.
Description check	✅ Passed	The description is directly related to the changeset, detailing the modifications made to UsernameClaimMapping, Expression fields, validation rules, and PrefixedClaimMapping behavior.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml (1)

189-218: ⚠️ Potential issue | 🟠 Major

Groups: required claim blocks CEL-only mapping.

claim is still required while claim+expression is forbidden, so expression can’t be used alone. If CEL mapping is intended here, drop the unconditional requirement and enforce a one‑of rule.

Suggested fix

-                          required:
-                          - claim
                           type: object
                           x-kubernetes-validations:
-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`
around lines 189 - 218, The schema currently mandates claim in the required list
while also forbidding claim+expression via x-kubernetes-validations, which
prevents using expression alone; update the CRD so that claim is not
unconditionally required and replace the required: - claim rule with a oneOf (or
an equivalent x-kubernetes-validation) that enforces either claim is set XOR
expression is set (e.g., a oneOf referencing presence of self.claim or
self.expression) and keep the existing mutually-exclusive validation
(x-kubernetes-validations rule: '!(has(self.claim) && has(self.expression))') to
ensure only one is provided; modify the block around the claim/expression/prefix
properties and the required/type definitions to reflect this change.

payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml (1)

189-218: ⚠️ Potential issue | 🟠 Major

Groups: required claim blocks CEL-only mapping.

claim is still required while claim+expression is forbidden, so expression can’t be used alone. If CEL mapping is intended here, drop the unconditional requirement and enforce a one‑of rule.

Suggested fix

-                          required:
-                          - claim
                           type: object
                           x-kubernetes-validations:
-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`
around lines 189 - 218, Remove the unconditional required: - claim for the
mapping object and instead enforce mutual exclusivity and presence by adding a
oneOf that requires either claim or expression; specifically, replace the
top-level required: [claim] with a oneOf containing two subschemas (one with
required: [claim], the other with required: [expression]) so that exactly one is
provided, keep the existing x-kubernetes-validations rule or remove it (it
becomes redundant) and leave prefix as-is; this targets the schema that defines
claim, expression and prefix so look for the object containing those properties
and update its required/oneOf accordingly.

payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml (1)

189-218: ⚠️ Potential issue | 🟠 Major

Groups: required claim blocks CEL-only mapping.

claim is still required while claim+expression is forbidden, so expression can’t be used alone. If CEL mapping is intended here, drop the unconditional requirement and enforce a one‑of rule.

Suggested fix

-                          required:
-                          - claim
                           type: object
                           x-kubernetes-validations:
-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`
around lines 189 - 218, Remove the unconditional required: - claim and instead
enforce a mutual-exclusion plus presence rule so CEL-only mapping is possible;
keep the existing x-kubernetes-validations rule that forbids both claim and
expression (rule: '!(has(self.claim) && has(self.expression))') and add a second
validation that requires at least one be set (e.g. message: 'either claim or
expression must be set' with rule: '(has(self.claim) || has(self.expression))'),
referencing the same object schema containing the claim and expression fields so
either can be used alone.

🧹 Nitpick comments (1)

config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml (1)

459-553: Add a negative test for prefixPolicy: Prefix with expression-only username mapping.

There’s new validation requiring claim when prefixPolicy is Prefix. A targeted test here will lock in that behavior for the feature gate.

🧪 Suggested test case (adjust expectedError to match validator message)

     - name: Cannot set both claim and expression for username mapping
       initial: |
         apiVersion: config.openshift.io/v1
         kind: Authentication
         spec:
           type: OIDC
           oidcProviders:
           - name: myoidc
             issuer:
               issuerURL: https://meh.tld
               audiences: ['openshift-aud']
             claimMappings:
               username:
                 claim: "preferred_username"
                 expression: "claims.sub"
       expectedError: "claim must not be set when expression is provided"

+    - name: Cannot set prefixPolicy Prefix with username expression
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Authentication
+        spec:
+          type: OIDC
+          oidcProviders:
+          - name: myoidc
+            issuer:
+              issuerURL: https://meh.tld
+              audiences: ['openshift-aud']
+            claimMappings:
+              username:
+                expression: "claims.sub"
+                prefixPolicy: Prefix
+                prefix:
+                  prefixString: "myoidc:"
+      expectedError: "claim must be set when prefixPolicy is 'Prefix'"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml`
around lines 459 - 553, Add a negative test case that validates the new rule
requiring a literal claim when prefixPolicy is set to Prefix: create a YAML test
similar to the existing cases but set claimMappings.username.expression (e.g.
expression: "has(claims.upn) ? claims.upn : claims.oid") and set prefixPolicy:
Prefix in the provider spec, and assert an expectedError like "claim must be
provided when prefixPolicy is Prefix" (adjust text to match validator). Place it
alongside the other OIDC tests referencing prefixPolicy, Prefix, and
claimMappings.username.expression so the validator for prefixPolicy +
expression-only username mapping is exercised.

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 22c7448 and 6cc13c4.

⛔ Files ignored due to path filters (10)

• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**
• openapi/openapi.json is excluded by !openapi/**

📒 Files selected for processing (8)

• config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml
• config/v1/types_authentication.go
• config/v1/zz_generated.swagger_doc_generated.go
• payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/v1/types_authentication.go`:
- Around line 352-371: The TokenClaimMapping struct currently makes Claim
required which, combined with the mutual-exclusion rule, prevents Expression
from ever being set; change Claim to optional and make the XNOR rule into an
XOR. Remove the +required annotation and change the JSON tag for Claim to
include omitempty (e.g., json:"claim,omitempty"), and update the
openshift:validation rule to an XOR such as rule="has(self.claim) !=
has(self.expression)" so exactly one of Claim or Expression can be provided
(keep Expression's existing omitempty and feature-gate annotations).
- Around line 605-635: Remove the unconditional field-level XValidation on the
Claim field (delete the
+kubebuilder:validation:XValidation:rule="has(self.claim)" annotation) and
instead enforce exclusive-or at the struct level when the feature gate is
enabled: update the existing FeatureGateAwareXValidation (on type
UsernameClaimMapping) to a rule that requires exactly one of claim or expression
when ExternalOIDCWithUpstreamParity is enabled (e.g. rule="has(self.claim) !=
has(self.expression)" with an appropriate message). Keep the MinLength/MaxLength
tags on Claim and Expression but do not require Claim unconditionally.

In `@config/v1/zz_generated.swagger_doc_generated.go`:
- Around line 468-471: The swagger doc for TokenClaimMapping
(map_TokenClaimMapping) incorrectly marks "claim" as required despite supporting
expression-only mappings; update the source Go type comment for
TokenClaimMapping to indicate that "claim" is optional and that "claim" and
"expression" are mutually exclusive (describe that either claim or expression
may be provided, not both), then re-run the swagger generation script to
regenerate zz_generated.swagger_doc_generated.go so the map_TokenClaimMapping
entry reflects the optional claim and mutual exclusion with expression.
- Around line 549-552: The Swagger comment for UsernameClaimMapping (seen in
map_UsernameClaimMapping) is missing the new validation rules: add documentation
that expression has a max length (match the enforced length), and that when
prefixPolicy is "Prefix" the claim field is required and claim itself has a
non-empty/<=256 char constraint; update the source struct/type comment for
UsernameClaimMapping (the comment above its Go type or fields: claim,
expression, prefixPolicy, prefix) to include these sentences and regenerate the
swagger docs so the generated map_UsernameClaimMapping includes the new length
and dependency text.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`:
- Around line 267-293: The property-level validation on the claim field (the
x-kubernetes-validations entry with message "claim must be set") makes
expression-only configs impossible; remove that per-property required validation
from the claim schema and instead enforce mutual exclusivity/requirement at the
object level with a oneOf/anyOf rule that requires exactly one of claim or
expression (reference the schema object that contains the claim and expression
properties and the expression property itself); apply the same change to the
duplicate block mentioned (the other claim/expression pair).

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`:
- Around line 267-293: The property-level validation on the 'claim' field (the
x-kubernetes-validations rule with message "claim must be set") makes
'expression' unusable; remove that field-level requirement and replace it with a
single object-level validation that enforces exactly one of 'claim' or
'expression' (e.g., a oneOf / CEL rule at the parent object) so configs can
specify either claim-only or expression-only but not both; update the schema
entries that reference 'claim' and 'expression' (the two sibling properties
shown) to drop the has(self.claim) rule and add the new object-level one-of
validation.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 267-293: The current property-level x-kubernetes-validations on
claim ("claim must be set") forces claim and prevents expression-only configs;
remove the claim-level "must be set" validation and instead add an object-level
x-kubernetes-validations rule that enforces exactly one of claim or expression
is present (e.g., use a CEL rule like (has(self.claim) + has(self.expression))
== 1 with an appropriate message), and apply the same change for the duplicate
block that appears later for the other mapping. Ensure the claim and expression
property schemas keep their type, minLength and maxLength constraints but no
longer require claim alone.

---

Outside diff comments:
In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`:
- Around line 189-218: Remove the unconditional required: - claim for the
mapping object and instead enforce mutual exclusivity and presence by adding a
oneOf that requires either claim or expression; specifically, replace the
top-level required: [claim] with a oneOf containing two subschemas (one with
required: [claim], the other with required: [expression]) so that exactly one is
provided, keep the existing x-kubernetes-validations rule or remove it (it
becomes redundant) and leave prefix as-is; this targets the schema that defines
claim, expression and prefix so look for the object containing those properties
and update its required/oneOf accordingly.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`:
- Around line 189-218: The schema currently mandates claim in the required list
while also forbidding claim+expression via x-kubernetes-validations, which
prevents using expression alone; update the CRD so that claim is not
unconditionally required and replace the required: - claim rule with a oneOf (or
an equivalent x-kubernetes-validation) that enforces either claim is set XOR
expression is set (e.g., a oneOf referencing presence of self.claim or
self.expression) and keep the existing mutually-exclusive validation
(x-kubernetes-validations rule: '!(has(self.claim) && has(self.expression))') to
ensure only one is provided; modify the block around the claim/expression/prefix
properties and the required/type definitions to reflect this change.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 189-218: Remove the unconditional required: - claim and instead
enforce a mutual-exclusion plus presence rule so CEL-only mapping is possible;
keep the existing x-kubernetes-validations rule that forbids both claim and
expression (rule: '!(has(self.claim) && has(self.expression))') and add a second
validation that requires at least one be set (e.g. message: 'either claim or
expression must be set' with rule: '(has(self.claim) || has(self.expression))'),
referencing the same object schema containing the claim and expression fields so
either can be used alone.

---

Nitpick comments:
In
`@config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml`:
- Around line 459-553: Add a negative test case that validates the new rule
requiring a literal claim when prefixPolicy is set to Prefix: create a YAML test
similar to the existing cases but set claimMappings.username.expression (e.g.
expression: "has(claims.upn) ? claims.upn : claims.oid") and set prefixPolicy:
Prefix in the provider spec, and assert an expectedError like "claim must be
provided when prefixPolicy is Prefix" (adjust text to match validator). Place it
alongside the other OIDC tests referencing prefixPolicy, Prefix, and
claimMappings.username.expression so the validator for prefixPolicy +
expression-only username mapping is exercised.

[ehearne-redhat]

I don't know if it will help resolve the error, but it might not be a bad idea to check if self.claim exists.

Maybe we could try this rule:

!(size(self.claim) > 0 && size(self.expression) > 0) instead of !(has(self.claim) && has(self.expression))

It seems to follow how other optional strings are checked.

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml (1)

267-337: ⚠️ Potential issue | 🟠 Major

Username mapping validation allows empty object when it requires exactly one of claim or expression

The current validation rule !(has(self.claim) && has(self.expression)) only prevents both fields from being set simultaneously, but allows neither field to be set (empty object {}). This contradicts the description which states "precisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled."

Additionally, the similar uid field above uses the stricter rule has(self.claim) ? !has(self.expression) : has(self.expression) which correctly enforces exactly one field must be set. The username field should use the same validation logic.

Suggested fix

-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) != has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`
around lines 267 - 337, The username mapping x-kubernetes-validation currently
only forbids both claim and expression being set (rule '!(has(self.claim) &&
has(self.expression))') but allows neither; change the validation to require
exactly one of them (mirror the uid rule) by replacing the rule with logic like
"has(self.claim) ? !has(self.expression) : has(self.expression)" so the username
mapping (fields claim and expression) enforces precisely one is present when
ExternalOIDCWithUpstreamParity applies.

payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml (1)

267-337: ⚠️ Potential issue | 🟠 Major

Username mapping allows empty config

The current validation rule !(has(self.claim) && has(self.expression)) only forbids both fields being set, allowing an empty {} object to pass despite the description requiring precisely one field to be set.

Suggested fix

-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) != has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`
around lines 267 - 337, The validation currently only forbids both claim and
expression being set (x-kubernetes-validations rule '!(has(self.claim) &&
has(self.expression))'), which still allows neither to be set; change the
validation to require exactly one be present by replacing the rule with
'has(self.claim) != has(self.expression)' (or an equivalent XOR) and update the
message to reflect "exactly one of claim or expression must be set"; target the
x-kubernetes-validations entry that references claim and expression to make this
change.

♻️ Duplicate comments (4)

payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml (1)

189-218: ⚠️ Potential issue | 🟠 Major

Groups mapping: claim is still required, so expression can’t be used

required: [claim] plus “cannot both be set” means expression-only configs are invalid even when ExternalOIDCWithUpstreamParity is enabled. That conflicts with the intended expression support.

💡 Suggested fix

-                          required:
-                          - claim
                           type: object
                           x-kubernetes-validations:
-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) != has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`
around lines 189 - 218, The CRD currently forces claim to be mandatory by
listing it under required, which prevents expression-only mappings; remove the
required: - claim entry (i.e., delete the required array or at least remove
"claim" from it) so that the existing x-kubernetes-validations rule
('!(has(self.claim) && has(self.expression))') can still prevent both being set
while allowing expression-only configs; update the schema section containing the
claim, expression, prefix, required, and x-kubernetes-validations entries
accordingly.

payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml (1)

189-218: ⚠️ Potential issue | 🟠 Major

Groups mapping still requires claim, so expression can’t be used

required: [claim] plus “cannot both be set” blocks expression-only configs even when enabled.

💡 Suggested fix

-                          required:
-                          - claim
                           type: object
                           x-kubernetes-validations:
-                          - message: claim and expression cannot both be set
-                            rule: '!(has(self.claim) && has(self.expression))'
+                          - message: precisely one of claim or expression must be set
+                            rule: 'has(self.claim) != has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`
around lines 189 - 218, The schema currently forces claim via required: [claim],
which prevents expression-only mappings; remove the unconditional required: -
claim and instead enforce presence rules via x-kubernetes-validations: keep the
mutual exclusion validation (rule: '!(has(self.claim) && has(self.expression))')
and add a new validation requiring at least one be present (e.g. message:
"either claim or expression must be set", rule: 'has(self.claim) ||
has(self.expression)'). Update the object definition around
claim/expression/prefix to drop the required entry and rely on those two
validations to allow expression-only configs.

payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml (2)

213-218: ⚠️ Potential issue | 🟠 Major

expression for groups remains unreachable — required: [claim] was not removed.

The required: - claim constraint (line 214) forces claim to always be present. The mutual-exclusion rule !(has(self.claim) && has(self.expression)) then prevents expression from ever being set simultaneously, making the newly-added expression field permanently unusable. The PR objective states "Applied the same optional/validation behavior to PrefixedClaimMapping for groups," but the required: - claim was not removed the way it was for username. The fix should mirror the uid mapping (lines 257–260): remove claim from required and replace the mutual-exclusion rule with a "precisely one" rule.

🔧 Proposed fix

-          required:
-          - claim
           type: object
           x-kubernetes-validations:
-          - message: claim and expression cannot both be set
-            rule: '!(has(self.claim) && has(self.expression))'
+          - message: precisely one of claim or expression must be set
+            rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`
around lines 213 - 218, Remove the mandatory "claim" requirement from the groups
PrefixedClaimMapping and change its validation to require exactly one of claim
or expression; specifically, delete the required: - claim entry and replace the
x-kubernetes-validations mutual-exclusion rule ('!(has(self.claim) &&
has(self.expression))') with a "precisely one" rule such as
'count([has(self.claim), has(self.expression)]) == 1' (apply this change to the
PrefixedClaimMapping for groups where fields "claim" and "expression" are
defined).

---

335-337: ⚠️ Potential issue | 🟠 Major

Username validation rule allows neither claim nor expression — violates "precisely one" contract.

The rule !(has(self.claim) && has(self.expression)) only blocks having both fields simultaneously. It does not enforce that at least one is present. The field descriptions (lines 271–272 and 286–287) explicitly state:

"Precisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled."

Since this is the DevPreviewNoUpgrade CRD (with that gate active), an object with neither claim nor expression passes validation today. The uid mapping (lines 257–260) uses the correct "exactly one" rule — username should match it.

🔧 Proposed fix

           x-kubernetes-validations:
-          - message: claim and expression cannot both be set
-            rule: '!(has(self.claim) && has(self.expression))'
+          - message: precisely one of claim or expression must be set
+            rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)'
           - message: prefix must be set if prefixPolicy is 'Prefix',

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`
around lines 335 - 337, The x-kubernetes-validations rule for username currently
only forbids both fields via '!(has(self.claim) && has(self.expression))' so it
permits neither; update the validation to enforce exactly-one semantics by
replacing the rule with an expression that requires XOR between self.claim and
self.expression (i.e., has(self.claim) != has(self.expression)) or an equivalent
"one and only one" boolean expression, keeping the message consistent, and
mirror the same exact-one logic already used for the uid mapping to ensure the
username validation enforces precisely one of claim or expression.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/v1/types_authentication.go`:
- Around line 609-637: The UsernameClaimMapping validation has inverted CEL
rules and malformed kubebuilder markers: update the FeatureGateAwareXValidation
CEL expressions on the UsernameClaimMapping type so the rules require presence
(change rule="!has(self.claim)" to rule="has(self.claim)" for the claim-required
case and change rule="!has(self.claim) && !has(self.expression)" to
rule="has(self.claim) || has(self.expression)" for the claim-or-expression
case), and fix the kubebuilder markers on the Claim and Expression fields by
replacing MinLength:=1 with MinLength=1 (keep MaxLength values unchanged) so
Claim and Expression enforce non-empty lengths as intended.
- Around line 352-374: The feature-gate CEL annotations on TokenClaimMapping are
inverted and Claim lacks omitempty; update the annotations and JSON tag: in the
struct TokenClaimMapping change the first FeatureGateAwareXValidation rule to
require the claim when that gate is active (use rule="has(self.claim)" with the
same message), change the ExternalOIDCWithUpstreamParity rule to require at
least one of claim or expression (use rule="has(self.claim) ||
has(self.expression)", message="claim or expression must be specified"), and add
`omitempty` to the Claim json tag (change `Claim string `json:"claim"` to `Claim
string `json:"claim,omitempty"` ) so Go clients do not serialize empty claims.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`:
- Around line 269-270: Fix the grammatical error in the CRD description text by
changing "a optional field" to "an optional field" in the description string
found in the CRD manifest (the authentications-DevPreviewNoUpgrade CRD content
where the sentence reads 'claim is a optional field that configures the JWT
token claim...'); update that description line in the YAML so it reads "claim is
an optional field that configures the JWT token claim whose value is assigned to
the cluster identity field associated with this mapping."

---

Outside diff comments:
In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`:
- Around line 267-337: The validation currently only forbids both claim and
expression being set (x-kubernetes-validations rule '!(has(self.claim) &&
has(self.expression))'), which still allows neither to be set; change the
validation to require exactly one be present by replacing the rule with
'has(self.claim) != has(self.expression)' (or an equivalent XOR) and update the
message to reflect "exactly one of claim or expression must be set"; target the
x-kubernetes-validations entry that references claim and expression to make this
change.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 267-337: The username mapping x-kubernetes-validation currently
only forbids both claim and expression being set (rule '!(has(self.claim) &&
has(self.expression))') but allows neither; change the validation to require
exactly one of them (mirror the uid rule) by replacing the rule with logic like
"has(self.claim) ? !has(self.expression) : has(self.expression)" so the username
mapping (fields claim and expression) enforces precisely one is present when
ExternalOIDCWithUpstreamParity applies.

---

Duplicate comments:
In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`:
- Around line 189-218: The schema currently forces claim via required: [claim],
which prevents expression-only mappings; remove the unconditional required: -
claim and instead enforce presence rules via x-kubernetes-validations: keep the
mutual exclusion validation (rule: '!(has(self.claim) && has(self.expression))')
and add a new validation requiring at least one be present (e.g. message:
"either claim or expression must be set", rule: 'has(self.claim) ||
has(self.expression)'). Update the object definition around
claim/expression/prefix to drop the required entry and rely on those two
validations to allow expression-only configs.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`:
- Around line 213-218: Remove the mandatory "claim" requirement from the groups
PrefixedClaimMapping and change its validation to require exactly one of claim
or expression; specifically, delete the required: - claim entry and replace the
x-kubernetes-validations mutual-exclusion rule ('!(has(self.claim) &&
has(self.expression))') with a "precisely one" rule such as
'count([has(self.claim), has(self.expression)]) == 1' (apply this change to the
PrefixedClaimMapping for groups where fields "claim" and "expression" are
defined).
- Around line 335-337: The x-kubernetes-validations rule for username currently
only forbids both fields via '!(has(self.claim) && has(self.expression))' so it
permits neither; update the validation to enforce exactly-one semantics by
replacing the rule with an expression that requires XOR between self.claim and
self.expression (i.e., has(self.claim) != has(self.expression)) or an equivalent
"one and only one" boolean expression, keeping the message consistent, and
mirror the same exact-one logic already used for the uid mapping to ensure the
username validation enforces precisely one of claim or expression.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 189-218: The CRD currently forces claim to be mandatory by listing
it under required, which prevents expression-only mappings; remove the required:
- claim entry (i.e., delete the required array or at least remove "claim" from
it) so that the existing x-kubernetes-validations rule ('!(has(self.claim) &&
has(self.expression))') can still prevent both being set while allowing
expression-only configs; update the schema section containing the claim,
expression, prefix, required, and x-kubernetes-validations entries accordingly.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 6cc13c4 and 1f17fea.

⛔ Files ignored due to path filters (8)

• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**

📒 Files selected for processing (7)

• config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml
• config/v1/types_authentication.go
• payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (7)

payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml (1)

311-312: ⚠️ Potential issue | 🔴 Critical

Critical: Same inverted rule on username — will reject valid configs with claim set.

Same issue as the groups validation above. The rule !has(self.claim) makes claim effectively forbidden rather than required.

                          x-kubernetes-validations:
                          - message: claim is required
-                           rule: '!has(self.claim)'
+                           rule: has(self.claim)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml`
around lines 311 - 312, The validation rule for the username/claim field is
inverted — the rule currently uses '!has(self.claim)' which forbids configs that
include claim; change it to 'has(self.claim)' so the field is required (i.e.,
replace '!has(self.claim)' with 'has(self.claim)' for the claim/username
validation entry in the CRD manifest).

config/v1/zz_generated.swagger_doc_generated.go (1)

550-552: ⚠️ Potential issue | 🟡 Minor

Username claim mapping docs still miss enforced constraints (and contain a typo).

claim still says “a optional”, expression does not document its length bounds, and docs still don’t state that claim is required when prefixPolicy is "Prefix".

Because this is generated output, please update the source comments and regenerate (hack/update-swagger-docs.sh).

📝 Suggested wording update

- "claim":      "claim is a optional field ... Precisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.",
- "expression": "expression is an optional CEL expression ...\n\nPrecisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled.",
+ "claim":      "claim is an optional field ... Precisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled. claim must be set when prefixPolicy is 'Prefix'.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.",
+ "expression": "expression is an optional CEL expression ...\n\nPrecisely one of claim or expression must be set if the ExternalOIDCWithUpstreamParity feature gate is enabled. expression must be at least 1 character and must not exceed 1024 characters.",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/v1/zz_generated.swagger_doc_generated.go` around lines 550 - 552, Fix
the source comments that generate the swagger docs for the fields claim,
expression, and prefixPolicy: correct the typo in the claim doc ("a optional" ->
"an optional"), add the missing length bounds for expression (match claim's
"must not be an empty string and must not exceed 256 characters"), and
explicitly document that claim is required when prefixPolicy is set to "Prefix"
(and note that the prefix field must be set in that case). Update the comments
for the prefixPolicy/prefix fields to clearly state the dependency (prefix
required when prefixPolicy == "Prefix") and then regenerate the swagger docs
using hack/update-swagger-docs.sh.

config/v1/types_authentication.go (2)

623-624: ⚠️ Potential issue | 🟠 Major

Malformed kubebuilder markers: := instead of = — these constraints are silently ignored.

+kubebuilder:validation:MinLength:=1 and +kubebuilder:validation:MaxLength:=256 use the wrong separator; controller-gen requires =, not :=. As-is, neither constraint is emitted in the generated CRD, so UsernameClaimMapping.Claim has no length bounds in the schema.

🐛 Proposed fix

-	// +kubebuilder:validation:MinLength:=1
-	// +kubebuilder:validation:MaxLength:=256
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=256

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/v1/types_authentication.go` around lines 623 - 624, The kubebuilder
validation markers for UsernameClaimMapping.Claim are malformed using ":="
instead of "=" so controller-gen ignores the MinLength/MaxLength constraints;
update the struct tags/comments where UsernameClaimMapping.Claim is defined to
use "+kubebuilder:validation:MinLength=1" and
"+kubebuilder:validation:MaxLength=256" (replace both ":=" with "=") so the
generated CRD includes the length bounds.

---

353-355: ⚠️ Potential issue | 🔴 Critical

!has(self.claim) is logically inverted — these rules forbid claim instead of requiring it.

In Kubernetes CEL, a rule evaluates to true when the object is valid. !has(self.claim) is true when claim is absent, so it accepts configs without a claim and rejects configs that do provide one.

For the three non-parity feature gates ("", ExternalOIDC, ExternalOIDCWithUIDAndExtraClaimMappings), claim is supposed to remain required. The corrected rule for TokenClaimMapping (which permits "" as a legacy-compatible value) should use size-based checking, mirroring line 356:

🐛 Proposed fix

-// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="!has(self.claim)",message="claim is required"
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="!has(self.claim)",message="claim is required"
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="!has(self.claim)",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="size(self.?claim.orValue(\"\")) > 0",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="size(self.?claim.orValue(\"\")) > 0",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="size(self.?claim.orValue(\"\")) > 0",message="claim is required"

This is the root cause of the same inversion in the generated Default CRD (lines 204–206 and 311–312).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/v1/types_authentication.go` around lines 353 - 355, The CEL validation
for TokenClaimMapping is inverted: change the three annotations that currently
use '!has(self.claim)' for the feature gates "" (empty), ExternalOIDC, and
ExternalOIDCWithUIDAndExtraClaimMappings so they require a non-empty claim
instead of forbidding it; replace the '!has(self.claim)' checks with a
size-based check (e.g. size(self.claim) > 0) to mirror the existing check used
on the adjacent rule (line with size(self.claim) > 0) so TokenClaimMapping
properly enforces a required, non-empty claim across those feature gates.

payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml (1)

311-312: ⚠️ Potential issue | 🔴 Critical

Same inverted !has(self.claim) rule on username — always fails when claim is set.

UsernameClaimMapping.Claim is now json:"claim,omitempty" so has(self.claim) correctly returns false when omitted. But !has(self.claim) still means: "valid only when claim is absent" — any user who provides a claim value will fail validation under the Default feature-set.

🐛 Proposed fix (CRD YAML)

         x-kubernetes-validations:
-        - message: claim is required
-          rule: '!has(self.claim)'
+        - message: claim is required
+          rule: 'has(self.claim)'

🐛 Proposed fix (Go source — UsernameClaimMapping, lines 610–612)

-// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="!has(self.claim)",message="claim is required"
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="!has(self.claim)",message="claim is required"
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="!has(self.claim)",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="has(self.claim)",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml`
around lines 311 - 312, The validation rule for the claim field is inverted:
change the JSONSchema/CRD rule that currently uses '!has(self.claim)' to require
the field with 'has(self.claim)' so the validator accepts objects that include a
claim; update the corresponding UsernameClaimMapping validation in the Go source
(the UsernameClaimMapping.Claim handling/validation logic) to use a positive
presence check (has(self.claim)) instead of a negated one so provided claims do
not incorrectly fail validation.

payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml (1)

266-267: ⚠️ Potential issue | 🟡 Minor

Grammatical error: "a optional" → "an optional".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`
around lines 266 - 267, Fix the grammatical error in the CRD description by
replacing "a optional" with "an optional" in the sentence that reads "claim is a
optional field that configures the JWT token claim..." inside the CRD YAML (look
for the description line in
0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
mentioning "claim is a optional field"). Ensure the updated sentence reads
"claim is an optional field that configures the JWT token claim whose value is
assigned to the cluster identity field associated with this mapping."

payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml (1)

266-267: ⚠️ Potential issue | 🟡 Minor

Same grammatical error as in DevPreviewNoUpgrade: "a optional" → "an optional".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`
around lines 266 - 267, Fix the grammatical error in the CustomNoUpgrade CRD
description: change the phrase "claim is a optional field that configures..." to
"claim is an optional field that configures..." in
payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
(and apply the same correction to the duplicated text in DevPreviewNoUpgrade) so
the documentation reads correctly.

🧹 Nitpick comments (4)

config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml (2)

487-502: Inconsistent error message for username vs groups mutual exclusivity.

The username error message (Line 502) says "claim or expression must be specified" while the groups error message (Line 553) says "exactly one of claim or expression must be specified". Both rules enforce the same one-of semantics. The username message is ambiguous—it reads as "at least one" rather than "exactly one," which is misleading when the failure reason is that both are set.

Consider aligning both to "exactly one of claim or expression must be specified" (or similar) for clarity.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml`
around lines 487 - 502, The expected error for the username mapping is
inconsistent and misleading: update the test case where claimMappings.username
is set with both claim and expression so its expectedError matches the groups
case; change the string from "claim or expression must be specified" to "exactly
one of claim or expression must be specified" (or the canonical project wording)
for the username validation in ExternalOIDCWithUpstreamParity.yaml to align with
the groups mutual-exclusivity rule.

---

458-553: Missing negative tests for "neither claim nor expression" on username and groups.

The new tests cover "expression only" (valid) and "both claim + expression" (invalid), but do not cover the case where neither claim nor expression is provided. The one-of validation rule in the CRD should reject that case too. Adding those tests would improve confidence in the validation rules.

Example test cases

    - name: Cannot omit both claim and expression for username mapping
      initial: |
        apiVersion: config.openshift.io/v1
        kind: Authentication
        spec:
          type: OIDC
          oidcProviders:
          - name: myoidc
            issuer:
              issuerURL: https://meh.tld
              audiences: ['openshift-aud']
            claimMappings:
              username: {}
      expectedError: "claim or expression must be specified"

    - name: Cannot omit both claim and expression for groups mapping
      initial: |
        apiVersion: config.openshift.io/v1
        kind: Authentication
        spec:
          type: OIDC
          oidcProviders:
          - name: myoidc
            issuer:
              issuerURL: https://meh.tld
              audiences: ['openshift-aud']
            claimMappings:
              username:
                claim: "preferred_username"
              groups: {}
      expectedError: "exactly one of claim or expression must be specified"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml`
around lines 458 - 553, Add two negative test cases to the existing OIDC
claimMappings tests: one named "Cannot omit both claim and expression for
username mapping" that sets claimMappings.username: {} and expects error "claim
or expression must be specified", and one named "Cannot omit both claim and
expression for groups mapping" that sets claimMappings.groups: {} (with username
present) and expects error "exactly one of claim or expression must be
specified"; place them alongside the other tests so they validate the one-of
rule for claimMappings.username and claimMappings.groups.

payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml (2)

190-215: Groups claim field lacks minLength constraint, unlike username's claim.

The groups.claim field (Line 189-194) has maxLength: 256 but no minLength, while username.claim (Line 264-274) has minLength: 1. The validation rule on Line 215 compensates by checking size(self.?claim.orValue("")) > 0, so an empty-string claim is effectively treated as absent, which is functionally correct. However, adding minLength: 1 to groups.claim would be more consistent and would reject empty strings at the schema level rather than relying solely on the CEL rule.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`
around lines 190 - 215, Add a minLength: 1 constraint to the groups.claim schema
entry so it mirrors username.claim and prevents empty-string values at the
schema level; update the groups.claim block (the object field named "groups" ->
"claim") to include minLength: 1 while leaving the existing maxLength: 256 and
the CEL x-kubernetes-validations rule intact.

---

332-334: Validation rule and message are correct, but the message wording is ambiguous.

The rule has(self.claim) ? !has(self.expression) : has(self.expression) correctly enforces exactly-one-of semantics. However, the message "claim or expression must be specified" reads as "at least one," which doesn't cover the failure case when both are set. The groups validation (Line 214) uses the clearer "exactly one of claim or expression must be specified". Consider aligning for consistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`
around lines 332 - 334, The x-kubernetes-validations entry using the rule
`has(self.claim) ? !has(self.expression) : has(self.expression)` enforces
exactly-one-of semantics but the message `"claim or expression must be
specified"` is ambiguous; update the validation message to the clearer `"exactly
one of claim or expression must be specified"` so it matches the groups
validation wording and clearly covers both the neither-set and both-set failure
cases (refer to the same x-kubernetes-validations block and the
`claim`/`expression` fields).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml`:
- Around line 204-206: The CEL validation rules for required fields are
inverted: replace '!has(self.claim)' with 'has(self.claim)' and likewise change
the username rule to 'has(self.username)' in the CRD x-kubernetes-validations;
also update the Go source markers in config/v1/types_authentication.go for the
TokenClaimMapping.Claim and the corresponding username field to match (flip the
validation marker to require presence) and add `omitempty` to the JSON tags for
Claim and Username so absent fields are not always serialized (prevent has()
from always returning true).

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml`:
- Around line 257-260: Update the CRD description for the claim field to fix the
grammar: change the phrase "a optional field" to "an optional field" in the
description that mentions the claim and ExternalOIDCWithUpstreamParity feature
gate; look for the 'claim' field description text that reads "claim is a
optional field..." and edit that string accordingly (also check the equivalent
TechPreview CRD for the same typo and apply the same fix to its 'claim'
description).
- Around line 204-206: The validation rule for the claim field is inverted:
x-kubernetes-validations currently uses '!has(self.claim)' which rejects objects
that include claim while the message says "claim is required"; update the rule
to 'has(self.claim)' for the claim mapping entries in TokenClaimMapping and
UsernameClaimMapping (the CRD validation blocks that reference the claim field)
so the validator accepts objects that include claim and rejects those that omit
it, mirroring the Go types (config/v1/types_authentication.go) implementation.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 264-287: Update the grammar in the 'claim' field description:
change "claim is a optional field" to "claim is an optional field" within the
description block for the claim property (the YAML block under the claim key);
ensure the change only alters that wording and preserves surrounding sentences
and indentation so the schema and constraints (maxLength/minLength/type) remain
unchanged.

---

Duplicate comments:
In `@config/v1/types_authentication.go`:
- Around line 623-624: The kubebuilder validation markers for
UsernameClaimMapping.Claim are malformed using ":=" instead of "=" so
controller-gen ignores the MinLength/MaxLength constraints; update the struct
tags/comments where UsernameClaimMapping.Claim is defined to use
"+kubebuilder:validation:MinLength=1" and
"+kubebuilder:validation:MaxLength=256" (replace both ":=" with "=") so the
generated CRD includes the length bounds.
- Around line 353-355: The CEL validation for TokenClaimMapping is inverted:
change the three annotations that currently use '!has(self.claim)' for the
feature gates "" (empty), ExternalOIDC, and
ExternalOIDCWithUIDAndExtraClaimMappings so they require a non-empty claim
instead of forbidding it; replace the '!has(self.claim)' checks with a
size-based check (e.g. size(self.claim) > 0) to mirror the existing check used
on the adjacent rule (line with size(self.claim) > 0) so TokenClaimMapping
properly enforces a required, non-empty claim across those feature gates.

In `@config/v1/zz_generated.swagger_doc_generated.go`:
- Around line 550-552: Fix the source comments that generate the swagger docs
for the fields claim, expression, and prefixPolicy: correct the typo in the
claim doc ("a optional" -> "an optional"), add the missing length bounds for
expression (match claim's "must not be an empty string and must not exceed 256
characters"), and explicitly document that claim is required when prefixPolicy
is set to "Prefix" (and note that the prefix field must be set in that case).
Update the comments for the prefixPolicy/prefix fields to clearly state the
dependency (prefix required when prefixPolicy == "Prefix") and then regenerate
the swagger docs using hack/update-swagger-docs.sh.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml`:
- Around line 266-267: Fix the grammatical error in the CustomNoUpgrade CRD
description: change the phrase "claim is a optional field that configures..." to
"claim is an optional field that configures..." in
payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
(and apply the same correction to the duplicated text in DevPreviewNoUpgrade) so
the documentation reads correctly.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml`:
- Around line 311-312: The validation rule for the claim field is inverted:
change the JSONSchema/CRD rule that currently uses '!has(self.claim)' to require
the field with 'has(self.claim)' so the validator accepts objects that include a
claim; update the corresponding UsernameClaimMapping validation in the Go source
(the UsernameClaimMapping.Claim handling/validation logic) to use a positive
presence check (has(self.claim)) instead of a negated one so provided claims do
not incorrectly fail validation.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml`:
- Around line 266-267: Fix the grammatical error in the CRD description by
replacing "a optional" with "an optional" in the sentence that reads "claim is a
optional field that configures the JWT token claim..." inside the CRD YAML (look
for the description line in
0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
mentioning "claim is a optional field"). Ensure the updated sentence reads
"claim is an optional field that configures the JWT token claim whose value is
assigned to the cluster identity field associated with this mapping."

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml`:
- Around line 311-312: The validation rule for the username/claim field is
inverted — the rule currently uses '!has(self.claim)' which forbids configs that
include claim; change it to 'has(self.claim)' so the field is required (i.e.,
replace '!has(self.claim)' with 'has(self.claim)' for the claim/username
validation entry in the CRD manifest).

---

Nitpick comments:
In
`@config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml`:
- Around line 487-502: The expected error for the username mapping is
inconsistent and misleading: update the test case where claimMappings.username
is set with both claim and expression so its expectedError matches the groups
case; change the string from "claim or expression must be specified" to "exactly
one of claim or expression must be specified" (or the canonical project wording)
for the username validation in ExternalOIDCWithUpstreamParity.yaml to align with
the groups mutual-exclusivity rule.
- Around line 458-553: Add two negative test cases to the existing OIDC
claimMappings tests: one named "Cannot omit both claim and expression for
username mapping" that sets claimMappings.username: {} and expects error "claim
or expression must be specified", and one named "Cannot omit both claim and
expression for groups mapping" that sets claimMappings.groups: {} (with username
present) and expects error "exactly one of claim or expression must be
specified"; place them alongside the other tests so they validate the one-of
rule for claimMappings.username and claimMappings.groups.

In
`@payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml`:
- Around line 190-215: Add a minLength: 1 constraint to the groups.claim schema
entry so it mirrors username.claim and prevents empty-string values at the
schema level; update the groups.claim block (the object field named "groups" ->
"claim") to include minLength: 1 while leaving the existing maxLength: 256 and
the CEL x-kubernetes-validations rule intact.
- Around line 332-334: The x-kubernetes-validations entry using the rule
`has(self.claim) ? !has(self.expression) : has(self.expression)` enforces
exactly-one-of semantics but the message `"claim or expression must be
specified"` is ambiguous; update the validation message to the clearer `"exactly
one of claim or expression must be specified"` so it matches the groups
validation wording and clearly covers both the neither-set and both-set failure
cases (refer to the same x-kubernetes-validations block and the
`claim`/`expression` fields).

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 3994322 and 1726d42.

⛔ Files ignored due to path filters (9)

• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDC.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1/zz_generated.featuregated-crd-manifests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**

📒 Files selected for processing (8)

• config/v1/tests/authentications.config.openshift.io/ExternalOIDCWithUpstreamParity.yaml
• config/v1/types_authentication.go
• config/v1/zz_generated.swagger_doc_generated.go
• payload-manifests/crds/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-Default.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-OKD.crd.yaml
• payload-manifests/crds/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml

[coderabbitai]

Actionable comments posted: 11

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
@.gocache/01/01f544ec3c1b93b78f15e8b3691d751cb17eabe5fb91b9159de21e6c2d223935-a:
- Line 1: Remove the machine-generated .gocache artifact from the PR by deleting
the offending file(s) (the .gocache/… entry shown) and update git to stop
tracking them (run git rm --cached for any committed .gocache files); then add
the .gocache/ directory pattern to .gitignore so future cache files are not
committed. Ensure no source files are removed and commit the deletion and
.gitignore update together with a brief message like "remove .gocache artifacts
and ignore cache".

In
@.gocache/11/115aeefffc061efe3f3352232cf624f19d8829c23342991f99c558eaacb05a8b-a:
- Line 1: Remove the committed Go build-cache artifact by deleting the .gocache
entry from the commit (the file named like
.gocache/11/115aeefffc061efe3f3352232cf624f19d8829c23342991f99c558eaacb05a8b-a)
and amend the PR to exclude any other .gocache/** files; update .gitignore to
include .gocache/ so future builds don't get committed and rebase or force-push
the branch after removing the file from history if necessary.

In
@.gocache/87/8797fdb8a248e67dc5ca123e92b235f8d1e8211b3b008c938bbd073dfaff9aa2-a:
- Line 1: Remove the generated Go cache artifact
.gocache/87/8797fdb8a248e67dc5ca123e92b235f8d1e8211b3b008c938bbd073dfaff9aa2-a
from the commit, add a rule to ignore such files (e.g., add a .gocache/ or
.gocache/** pattern) to .gitignore, and amend the commit (or create a new
commit) so the cache file is not tracked; ensure the specific path shown
(.gocache/87/8797fdb8a248e67dc5ca123e92b235f8d1e8211b3b008c938bbd073dfaff9aa2-a)
is removed from the index with git rm --cached if already tracked.

In
@.gocache/8f/8f0c715c2e972a56410f4ac7e68684ccc601754508d6fbcc2f1876ba0d714a55-a:
- Line 1: This commit includes a generated Go build cache file
(.gocache/8f/8f0c715c2e972a56410f4ac7e68684ccc601754508d6fbcc2f1876ba0d714a55-a)
which should not be in source control; remove that file from the commit (and any
other .gocache/** entries), update the branch to drop it (e.g., remove or git rm
--cached the file in your working tree) and add a rule to .gitignore to ignore
.gocache/ so future cache files are not committed.

In
@.gocache/97/9754c0ccafc83d897069ef192a70b0954fc63f72a444e62cea349c6db26cf7d5-a:
- Line 1: The committed machine-generated Go build cache entry
(.gocache/97/9754c0ccafc83d897069ef192a70b0954fc63f72a444e62cea349c6db26cf7d5-a)
should be removed from the repository and the build cache directory should be
ignored going forward; delete that .gocache file from the commit/branch and add
an entry for ".gocache/" to .gitignore (or update existing .gitignore) so future
.gocache artifacts are not tracked.

In
@.gocache/a0/a0bff7d70de1d25e491c78556f9d31b52f4e1246219034b0f29d8f9093547199-a:
- Line 1: This commit includes a generated Go build cache file
(.gocache/a0/a0bff7d70de1d25e491c78556f9d31b52f4e1246219034b0f29d8f9093547199-a)
that should not be in source control; remove that file from the commit and
update the repository so generated Go cache artifacts are ignored (add a rule
for .gocache/ to .gitignore or ensure existing ignore covers it), then recommit
without the .gocache entry so only source files remain in the PR.

In
@.gocache/a3/a38e1c00a0ed9832262344a8e53a7fde966b5c94baf92b725d07902eb5f8bc0b-a:
- Line 1: Remove the committed Go build cache by deleting the .gocache directory
from the PR and stop tracking it: remove all .gocache files from git history for
this branch (e.g., run git rm -r --cached .gocache/ locally and commit the
removal), and add an entry for ".gocache/" to .gitignore so future commits don't
include this directory; ensure the commit only removes generated cache files and
does not modify source files.

In
@.gocache/a6/a61eefc4804d64f3156d7805fb04df793c3f66eb1d486d1d6c65f63e8914efb7-a:
- Line 1: This is a generated Go build-cache entry
(.gocache/a61eefc4804d64f3156d7805fb04df793c3f66eb1d486d1d6c65f63e8914efb7-a)
that should not be committed; remove the file from the commit history
(unstage/delete the .gocache/... entry from the index) and add a rule to
.gitignore to ignore the .gocache/ directory so future cache files aren’t
tracked, then amend the commit or create a new commit that only contains these
cleanup changes.

In
@.gocache/b2/b215a4d861f99ee4b9d19bd7eb4b7e5e21986d15c216eb6c1def975d3428a943-a:
- Line 1: Remove the committed Go build cache by deleting the entire .gocache/
directory from the PR and add ".gocache/" to the repository .gitignore; update
the commit to remove all 357 cache files (the entries shown in the diff) so only
source files remain, and verify by running git status to ensure no .gocache
files are staged before committing the change and pushing the updated branch.

In
@.gocache/b2/b2e41544e6fc40176ad631b1c229fa98830d0d4dc2f5424f9a764679c4720e14-a:
- Line 1: Remove the machine-local .gocache artifact
b2e41544e6fc40176ad631b1c229fa98830d0d4dc2f5424f9a764679c4720e14-a from the
commit (do a git rm --cached or drop the file and recommit) and update the
repository ignore rules to exclude .gocache/ so these artifacts aren’t committed
again; ensure any other .gocache/** entries in the PR are removed before
pushing.

In
@.gocache/c7/c7e7bc103cda6505e181eccbb5d566de8f3faeacc228f368ef4ff644e634d5ab-a:
- Line 1: Remove the machine-generated .gocache file from source control and
stop tracking such artifacts: delete the committed
.gocache/c7/c7e7bc103cda6505e181eccbb5d566de8f3faeacc228f368ef4ff644e634d5ab-a
from the repo, add a rule to .gitignore to exclude .gocache (or the appropriate
Go cache pattern), and update the index so the file is no longer tracked (e.g.,
remove it from the index while keeping it locally) before committing the cleanup
and .gitignore change.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 1726d42 and b1eb335.

📒 Files selected for processing (300)

• .gocache/00/0055ffffa03b7fae600e8cdf46fba968f27a97c68cdf8dccd2b7ec42d13232b2-d
• .gocache/01/01f12ff231f908249c4b840822b0537263b4185c0decc5ed4df4a06aa60561c2-a
• .gocache/01/01f544ec3c1b93b78f15e8b3691d751cb17eabe5fb91b9159de21e6c2d223935-a
• .gocache/02/0228e8c8f89db1a322d617e46969cef886b9a0ebea8b462907df092f9339a73c-d
• .gocache/02/02406d624cb2b2037a150c6b57b8f5de713b4aa89a0a72bbfa63a29f2ebe357c-a
• .gocache/02/0296a9d89335df077c9672609f6017b7c8dcd66fdf9878733fa1affc5a364907-a
• .gocache/02/02d81120d49d6bbb2dde0c24d7090c79dd304f188d3ea87bff934fe5e53497ab-a
• .gocache/03/033999c9334593dfa6c7bfcccdb2078755da30cc519d51bebb92441b3fee6c5b-d
• .gocache/03/03446295459a21a29baa6b9e2148595409b1e2f98ccef5e2142f962d6058336c-a
• .gocache/04/0421324943661d95afab82d80d627689eec5b4162b565e7fe4767e843f5e9e8e-d
• .gocache/05/0582cb00ee4fa40348f5153e847ee00240ef548b5d507a7539c63e952ad2b5e3-a
• .gocache/05/05e731e99ce2156fbae7db82da9606caba405b6d11bb34189fed1d2f6d1d6fcc-a
• .gocache/07/076fb2d8d5d355cdc822cd4c534e38ecaf3f7972a52b5b8978c8cf5e7aa72fbd-a
• .gocache/08/084a9c30133deb260ddfb62f371de9d857c344efaba84b7221e140d769735a01-d
• .gocache/08/08ac5a09547a0d54014c76b74af195638be466ff764c17a7647624166852ad91-a
• .gocache/09/0913d56e9868318f73f1c0d98c7f79b4c9d0e5fb4ade0b08938495a9bb246eca-a
• .gocache/09/096a6c90f643badcf417cb606048f2874e0e437d525b2c67ec682a2da2d21617-d
• .gocache/09/096dbb5d924eb2126c481eca42f85b83a92c346cf6181f4ed9e291ad596b77e6-a
• .gocache/0c/0c7b9286fc44d7d4112286846199dbfad99519417a8efaf85ef87643fd8b11db-d
• .gocache/0d/0d6c7f92048ad1ce111e4a44ab77123b1b72e16ffb46c8b4529e944d8da8252e-d
• .gocache/0f/0f38a8ee9816a08bc0d41260be3ab023b8f43b4d9c09e1b701e665578534b5c2-d
• .gocache/0f/0f8693e97405a6b15dbe4b3bf10f0c2fe3b71cceef7660c4cf56f6978d7da5c2-d
• .gocache/10/1085090192524bd0edc49341726c7cb837d9fee3b59df718ecd750e1de3c4878-a
• .gocache/10/10b0709935bbdb5a308b97bf016d1e23cff5cf54085cee4ba61fdba366ee9a09-d
• .gocache/11/115aeefffc061efe3f3352232cf624f19d8829c23342991f99c558eaacb05a8b-a
• .gocache/11/11e8ad2242cc54f0792a83c03b9f06915e0269abb5e3bfd0580009125fd85562-a
• .gocache/12/12366546c7831af4c813acaf3b1e31b4b2b9858aa00ad90054b66a6e1463cf92-a
• .gocache/12/125f7a276f0eb31af93ca376b2eddd5858b0bf2ff8739b1525e1f3c03a38a0a5-a
• .gocache/12/12b4de8b696cc0b36aa24a241e1a29d6c8e01af790af31be0e7b51f716ed2470-d
• .gocache/13/1340b73f819a66879652b542e61428a18b77887e22d5313100ae425c3ccc6d36-d
• .gocache/13/13448554041ef10c185504197eeac17d452c551adf93c5e628497c2356dccd2f-a
• .gocache/13/1383839e75282314076a243e1e9cfd6f9e51d1cbfbc29be4fcfbae8125a63bad-d
• .gocache/13/13a10b01b1319c8418e0275d88b538bb9edaf22d05f1c3c6147d4b2086740b9d-d
• .gocache/14/1419324007bb7d17cbad24e1245445050f64ee76af3ad4ad405799a4399342f0-a
• .gocache/14/142b55010d1a92c2245e71355390b1add23e531a43dd17b766e3b03f6c9aba0e-a
• .gocache/14/143f5fb6c6d5695e8e28b739522b6d4d36c61db558c21e207be113036439dc63-d
• .gocache/15/1522d39c660b0597605ecf9b4f5005690d4eeb107eaef8731fdc6344fa95c574-a
• .gocache/15/15f57dc9d15917b13a1373c0db94a16262123c422f037e6f332b21ebe8343db1-a
• .gocache/15/15fc500c29d2f53f0d5ab8c37996bb6d97624328cc0e41da970dd11e0531eec8-d
• .gocache/16/164bead22c2be1503181ae401c0051161d7f09441889d17e906c7764094fd829-d
• .gocache/16/16d2cbebed5f0cd492921bb59aaa619af454621851ea45c9d6e412f3a66fcded-a
• .gocache/16/16ec8a92b63e629813b6705e2fbe8c86f101d477e7df8d3b7a9046d2d950d432-a
• .gocache/17/170f7c13ebeed3c46e53020ed814ff4ae66d9e324ffb48069838c918273505ba-d
• .gocache/18/189ee9cba679f317241f13b768d5c57ecf798abcba4c5ab2e86f01b0febee8fb-d
• .gocache/1b/1bf8d32dda42a67f34b2d496a49ceca256382f4fc355d2deb1cc3a22f213dedb-d
• .gocache/1c/1c8c4c9f988fcc2ab5b115c281d3dd43476e8f02aab78a3507714d4310e975d1-a
• .gocache/1f/1f6c9d7d25fd0616a1f93081604f2c819121636104943213d188094bff0b1aca-d
• .gocache/20/209eee014624a1243cd6e221bceb6e95285e88baeb53e0f1780349acc63f4c9e-d
• .gocache/20/20ea81bf0563c6cf49bb34a416512c9e5fe098c25190e9901abcfbff0294a651-d
• .gocache/21/2135b14d7a23d942b3cd48addff79c77c5a337eea167e772065aa3e05f3a933b-a
• .gocache/21/21885f38737e97115333c5e0ff054b93d43a02b41badfa3534b7255ee3c4f4fa-d
• .gocache/24/24139a4f7523daf40b7e9120b83e13457d2bf2da1018712fe1304dff8463af1c-a
• .gocache/24/2481ea499c9203be359c59f05f88b9f196bfbac7f686e0073d96015d9eadbc3e-a
• .gocache/25/25214d4f928f0e2c5f4d21facd19d4d03b3386a119011af588a44767c650ca73-d
• .gocache/25/25490d65efd2203a8194d7318f129cb53fed7ce58ac99cc91213edcaed45cde2-d
• .gocache/27/2761f21436baacb02ea3c6ff26e7d20a420a0b203421af99ab96f719094ab574-d
• .gocache/28/28fbdcb2401a6951868fcedc763136fa500b0c590640e604b5c687f53e5a623e-a
• .gocache/2a/2a326ca703aa23c9c7d9f310792ca8735b742d8bb0bc6580d0a073ff2d1c65a5-d
• .gocache/2b/2b0d34991df6521b800dd1c9f115b17a890f91882fff4764d67c3feb6efad717-d
• .gocache/2b/2b5a8663b8ed2489d66db3c4dadc6485516f2449f221d89ef44b535ebfb5a2d8-d
• .gocache/2b/2b7e55fd06f73d2633bed82efc42c5fb5bfeaa8e84c1b467e9492eaaa693fbc5-a
• .gocache/2c/2c49e27da36f647a98d40e3d57c8b3c85dd20cb75cb38b772e0f91825d0b5537-a
• .gocache/2f/2f552f22af5d251ec38b4cb7e663c627b0fc6c06813a51eaf85f2fafe494aab2-a
• .gocache/30/30d84813ef0d772e2b7193ce440401b48503f52c1a3303e8a084144635cc8d41-d
• .gocache/31/319916b7fcf63bd0350fb7e95417411b61e528a109a730361d317ff76c455008-a
• .gocache/32/323a37924a47c3010ca794d941a62cd23c0a6afb6b8194d54e0e0926f01be2b9-d
• .gocache/35/35d72c9e1c86d0e6392093b14d59dbbd014aec57ee565ff21b9a9c50d51ba15c-a
• .gocache/38/382cba219a166778beb423a2b15edebb4210a55523985c710b81f2182661db1b-a
• .gocache/39/39642e4024453243369178dbec7fbbd1997a5bf25eb8251a4c3a7c8b63688d40-d
• .gocache/3a/3a55afe2a4a171ae9c964bcca995cd8d3775d861a3ac5046642da1fd81305e3b-a
• .gocache/3a/3a62e181324a0bd88f75ccab8fc6057455be482946d5accb34d2507a15211446-a
• .gocache/3a/3a62e961a244c1847fdd89d2ed81137e7e5d7356548a53b20d4e363c0219caf8-a
• .gocache/3b/3bf3a3e771ac5455bdb0d74c9f461965c9574db32cf7dd4d8a93f79e9b8f804f-d
• .gocache/3c/3cca9909965fc4d81ce76159ac10a3fa0d5031881bb659e44113cdb1820db9ff-a
• .gocache/3d/3d39b03c2b53aa6b562c0a595ab32e581aa8c74e597232b1b6f742a2373ea1d9-d
• .gocache/3d/3d7a433f7594aab38d423a825304394dc5f7f5109c6cb3fecd8d8d543cd43c81-a
• .gocache/3e/3ec496f7e72d60d66b2915f3cf8975bb94b79c4d57e08c3f65fedf46eb5d0339-d
• .gocache/3f/3f16d8ecdc78ec098a508c850f2f9ee797dc6cc1208087927612d27774968123-d
• .gocache/3f/3f7df3ce7898c35c96fe0bccf80a148d09e882304adbb7356c7d61be8c939e82-d
• .gocache/3f/3f7ed2943accdfab6bf24019fc1e1dbfbc1a1bb49fc0dc2f1a8fb9308ea1ce52-a
• .gocache/40/4046a6c3c7436d515017a5a89bd0d92f96c00d26e1e60995e964427019e258e7-d
• .gocache/41/412dc87b80fa11b3430dd0cb11ef6146dde3113a47b880d17a7a3ef0b46622a4-d
• .gocache/41/41ba6492f72860cf7761d15cd5c81891829c11cfbe0d03393fcc232f84b86a3d-d
• .gocache/41/41e3912c4bbf83d145700778f55da916009fb62c0e68e2a3e729c5954c59244d-d
• .gocache/42/421905acf06800d23a3a8adc79166f68a6dda4568cc441e7628050b1773be6d3-d
• .gocache/43/43247440b7928d2b7aa9c58c4cf53c6df54305543bf30efafb645f60ec1dad3a-a
• .gocache/44/4468f404ce5bd7c0251e094d50b064d7322903962539c09514ecd38bd5d9994f-d
• .gocache/46/460bfd1ba3732de1584519abfc9583754b48bc9e6db7da8897a3b2282ee840a3-d
• .gocache/46/4618ebe7124053c0e0353a78fad4a0966c305b9811bc8529dcb5f183afdc2a55-a
• .gocache/47/473b23aa36b8b963488e4a7af8791aa4d0a50d10c0c302054cf3c886576ff8a2-d
• .gocache/47/474144b7d497b66debbe70845a55f4f5583c577e7c30aa88086bb92cd658237c-d
• .gocache/48/489e3edfd65d0064e59b3f71accefee8cd7cbb566276d092789b1e5cf0a97fd7-d
• .gocache/48/48e8979d9b4e346f4c555abca9f64afb0326ae7b91bce125f1f2d2b1651b88ed-a
• .gocache/49/495c8c5d4495f977f3b591ad01cb4dd4d1488fd6e8e9504c9fa40e3186e7542e-a
• .gocache/4a/4a76389d1b33ff88cde076f14ad519f719499d40f5c5fa46bf384e7f0993fcae-a
• .gocache/4c/4c5bfb802ea59458ba1ee78257254774f495aab15899b7cb82c9ab1561469d7f-d
• .gocache/4d/4dffd090d8288b1b7d42c4ff5dbbcc502f7a9170f1af373dc53148ff0d77bdf7-d
• .gocache/52/5201d4b2f1a603f83291d46ed815c848509e751aba8d3ccb66b23783a172a038-d
• .gocache/53/53aae154f878d0ab9e9bf76e581ec0fdcfd77e7fffb6a28b41dd242607ac6227-d
• .gocache/55/550f0d59b37b8eeaa7aedbecc1ecbd981366580f47e83e720238cb6e9c630ac0-a
• .gocache/55/553aa838cbde3355ba53191c316317848d32fc0ae65e31ea2573aa6b1307c54b-a
• .gocache/55/5563ce81ece45e9574f9ca05b4b20c740ab870a88544d3c4abf7b93e078be923-a
• .gocache/56/568ef494d3bd49c79ea45fb26cc8a0af9878813306ddf661931ff92eeb015a04-a
• .gocache/56/56e6a51653f2207ae2de540b8e72e47073c38247374fce78f7bc8be3f1f1b706-d
• .gocache/59/595bbb8b6653e74c79df785781caeaf69bd758648048f7b113b9938dc6797172-a
• .gocache/59/59a423077f9072720268d989bb9c1a09a983bd6fc58488f90ea97df7ef86b4f6-d
• .gocache/59/59e4203400ecb3e0b428af6dae396441596547d5da800911c77494799dec32dc-d
• .gocache/5b/5b7c41f20e80fcfd0fc34c9979cde714636a5f12a35051544059ab1c2578e586-a
• .gocache/5e/5e52d58814fbfb0389ae9cb081c51e8c0b4ea361a3f0838167ff6b755ac9c162-a
• .gocache/5e/5ef6bb4711ff39bc00fb48696022c5f949c3eaf1d13ec1121a72ddf828a1bd9d-d
• .gocache/5f/5f51f1ba4fede0969de743bfaacf2913247ea594b343b2df4908c87302ec6993-a
• .gocache/5f/5faa874842078c1d76223f9f90b49d204b9cdb05a4456496b9382591d2a7b83a-a
• .gocache/60/6032fad5a4da6049c6af1f93024c8442779e0511ff8e884935f0eeede2f7d1ee-d
• .gocache/60/60ad22aba17d3007af923158318d8364ff5d965df6cde19e95647df42ee88d94-d
• .gocache/63/634f70d01986e7386ef9e7e86ddfe3693d0f9f308bdbf6c60b79c5ed8eba79cd-d
• .gocache/64/64dbf8c10e9b7664e8fa298f4920fafc18ce30955daa3d7fa91a641e02ba29d0-a
• .gocache/65/651bea3e7a087a525d4859bba1714d6325190a49a1650c359cd173aa713f56e3-d
• .gocache/65/653bf7af9a9a60fb43e737f240df371cdbaebdb873aa12187c519766f4474b0b-d
• .gocache/65/65d23fd44c62048cfd4ec401302a30ba2a39af9b7dfa9183fa6400ca28873658-a
• .gocache/66/662b884286145de379ba335f5db8b5ad46d7b91815ad4736f583c480177b1c8c-a
• .gocache/66/66c1359bd0e4ed4bdcb6c33d32ccbc70c6e440f5f13af9a5099b6d569738154e-a
• .gocache/66/66f848e2f8b972da2e9bf9e1e2f8b15f4fa87a3aa13ec234607b6f6127b7df5b-d
• .gocache/67/67acd12b659be0a7bdf35c530d6edc273ca8f773231a7088846e0d0d1285b075-a
• .gocache/68/68e7e0b1e2f6f77337f2c5d02749ca67bd57d605098f2255daf704fe9a10293e-a
• .gocache/69/69b10335f8131a3d546ab7f4e1d9363141394c244b3df905b975905ae98997e9-d
• .gocache/69/69b4b8d845196e48d8ae0124c6eab8af2e82c42a7d53b54cffc40f1da6f1ff36-d
• .gocache/6a/6a6e123278638f638ca44940ef7ce1ba86df9255d43f82c451c7d66f06815cf8-d
• .gocache/6b/6b56217629eb8bc789e108655c933d974be1207a856a9afd9224b82baa3256e9-a
• .gocache/6b/6ba49220fd0cd7ca8a640155f6dad35fe5a0ee6b8cbbeb8e10b7acb4ee40ded8-d
• .gocache/6d/6d25feca4aed624409736c3288623cec4ea05bdf9f0424cbe0a8fe980e608da9-d
• .gocache/6d/6dceb3257f90d36068688a07b33d0238fd039de0aa80da805b0308d233bf4502-a
• .gocache/6d/6dfa69bdff7242a9bc436fa373190a9f0fea1907d532761154a391e453a32dbb-d
• .gocache/6e/6ea69d4c6381a529fcd3f04777a73afa382f288cee9ce7fdaec7c9a139866ed4-d
• .gocache/6f/6fdcab39f0957e4075cee3512e45eb2f8bd819bdbe52ff256f6fff37621fb5b7-a
• .gocache/70/707f067c75952b254af9bc0fd31a1d1e8122035ee4258a699fd0bf00bf21bef4-a
• .gocache/70/70d6ead9d16cb60685414bb39ac9c2fb0cc444f906d4ccd993f30abdb2f19054-d
• .gocache/71/717b5d50df6b37608a3c89c480bb94516f84bc0f0ab6529977bd58b162cf6808-a
• .gocache/72/7212f9b15fcac710529048dc2052c5e66a1f2faef4c422038c63a4c591957dd1-d
• .gocache/73/738a5ff80856cbda6fcfdd408b073076d7c6e356bd0b85ba5d84a7531d067bf8-a
• .gocache/74/74eae2272f8a39b5a8e9ea7b91e8e775e3e15bb15feee5b67d4cf57c08f5183a-a
• .gocache/75/75479a673109526a6426515390957587c771fe6779ea79466cb9c2d141d8e613-a
• .gocache/75/756fe125fb3eac496050bc5cb4b768313e8c3db235187e11f0444984027fcc52-d
• .gocache/78/78acbeb18c1be47e3b8114d74e7d61eed3c8e576907d6c3cf7cf891d6a36a933-a
• .gocache/79/799300330863537cd8ffcfe88f0517b3e3bf0a022bb8d9fd2994514dfe7322cb-a
• .gocache/79/79eb5d6d3c2e5e87056420150661d902a87d3b4d5ca70cfd63db34fad0730a0c-a
• .gocache/79/79ebe4eecf258050c486cec00bb5c7d540faf03617043138624bdb5b8888ee3c-d
• .gocache/7d/7d35e595024ea956310bae499ff27b51961d6415d453f7ddefb529dbce012ebf-d
• .gocache/7d/7d9aa98b1925c593c0f164e452f8aa0f238ffdd9eb88bafe3f11813a3013e763-a
• .gocache/7e/7e0f36093842d5682230ec8ef0bf1d6c7dbe863eeb1980255fa0cdc39ff98294-a
• .gocache/7e/7e13b9b48bdf4a3fdc2d01e471e56776348e07939dbfc5e8be0cb1e91ee5db98-a
• .gocache/7e/7e6d5d7e963cf9f80633a8e0c2a340cc8dfe2125a58711afa68c8955936621f3-a
• .gocache/7e/7ea3265e46b17e4939f80be8599d0df95106fd08a9fc9e921293bf52762f4303-a
• .gocache/7f/7f2cec3df79bdbbdf8572a391c7accd31cc4f2da853d015dd7baca07872a414c-a
• .gocache/7f/7f31a18b8b4e3d6a9aad08927ee4bed78d8cec7c82161fe8f7ed2068cebde7d1-a
• .gocache/7f/7fb35308db97445db158c61734f74efc40dbc914afe9b4135108994f9ef85bd6-d
• .gocache/80/806c9f23b1266bd8b6c4e7b60b26eab3dd993dff26bd30f79e88c64048a372ba-a
• .gocache/80/80f6cee817670f900c5bc9b6a427e99a799cf16443088ea6f1b5f84d7c68a2e9-d
• .gocache/81/8161d2aff360991cb047e0a4a85808687e8de21726314394e5d8ea296487c539-d
• .gocache/81/81a1ebc30fd37e698f0273c01f0920a62eeee6ae3248ed916fcd17477af344ba-a
• .gocache/81/81da455825af073d4fdfdd1ced916494aab3a6d7327c8f87e2f84b1e1dffd92b-a
• .gocache/82/825b1975b6fdb085f30e7b465adf1a650938490f0e4ff81bcb15cb34b7dfdcbf-d
• .gocache/83/8301716be171664cb9346c03731c3d5d0cd905c7b50b889d38a3ec8d171ab5fa-a
• .gocache/83/834583cc04f2a6f60bfeeb278d12155d2af4059f3c4c58656263f3dea1a06d8f-a
• .gocache/83/838469a25f0e995aaa13e9a73bfd3fef61ee0e13e362ca2cd86ebd083be6108e-a
• .gocache/83/83f57eaef4e0355c8bfe04d25e72abb0bb8028018ee9c97bda2994564827d0dd-d
• .gocache/85/854de6d1edd63bca75015f975f5106426696d993f2bffe8056ed81902f81de3e-a
• .gocache/85/8551d7174be9a6d3f65db5e7dd95bdd99d5bf1d1140c3ee77b0da0b12f561df6-d
• .gocache/85/858abd7a193dbc8128255c9aea318c9131b6ea1e77e86eb2d6c9080f25a0b318-d
• .gocache/87/8797fdb8a248e67dc5ca123e92b235f8d1e8211b3b008c938bbd073dfaff9aa2-a
• .gocache/87/87d604ae22602a3de0591637f266cac1afa4754d15188ebb5a3e7ae238d3fa6c-d
• .gocache/88/88a6aeeaf0d876a0fc3379e18f4e2d7bcf0be7bbf9fa76ac5bd5f44537509caa-d
• .gocache/89/89425a9d4f4599eefd576aaf505d8032c1c71495f803a6c46c3aa515e3874b17-a
• .gocache/8d/8d0b215da87b3594c2d8e078491242f9e50cd4f28eb7a084b267df8541d2faac-d
• .gocache/8d/8df4a4002e64c77917680ef9f2187e00342288b0e2c2373c569a8b05a3efe68c-d
• .gocache/8e/8e29a64bd27f04705e0f37f9ee12535c38872df0a8c2a67c0ca80b90fa2d3951-a
• .gocache/8f/8f0c715c2e972a56410f4ac7e68684ccc601754508d6fbcc2f1876ba0d714a55-a
• .gocache/8f/8f4ac4fd05708009d6dc0b57a089c8541869c28176e978e80a8397d47f42acd0-a
• .gocache/8f/8f67ac809d0fe18051a36b831cfbd4526e35d771bfd89f44656c3b610702b283-d
• .gocache/8f/8f67cb73181701346c86eddee0d5a6de55fcc2fc182254e933cf47f1ac8aaf5a-d
• .gocache/8f/8ff447825be5776765fe9120b153798265234ebe4ad08c7505080eaaf4def7a1-a
• .gocache/90/907d336c0b4fd7170869d67f7d9cdc8498b92e24c5d739d0ad898b663a1309b3-a
• .gocache/90/90cd849470048961d3839691e128c9b271fb39cb49c73baae1b02a15b5a1c8c5-a
• .gocache/91/91f398853bff31941fe5b0f85d84e67d3010041a3cff99022d62dec15f54b52c-d
• .gocache/92/9246b63bd9049656baf24d72851448b6f5abee4c3ed5bd2f84536dd3a979deaa-a
• .gocache/93/930cbf25f2885e21c99fa1d647ba739d4b0e52dfa488d234055313eeaa185f78-a
• .gocache/93/935e08bcedb3ab33055d8991581c30cd0cd85ff09659c1ca20c6e7c97c076d1c-a
• .gocache/93/9384d33b0f3cdb9b3acce66c9d7e3353693739704bcb92ce2fec2344168a2358-a
• .gocache/93/93cf3d432c894318aa683d8b8e9d71701dbba8d6692c65f63bb4aab02f33e5d2-a
• .gocache/94/94857bc576d20ab4210678913de9d29d076bebdbcc03ec9b4f50a6689208d915-d
• .gocache/95/952550f822d30d2d65c44da8fb22d4c5233e7194aa0d4febdf69a4774107a2bc-d
• .gocache/95/95b8709e2437d30bf2e3aa4bef01a5a297f10c52f1dd9a11d8fa064373783866-a
• .gocache/96/96b3ed533a24790422b5a897ca92aec1b92b2e823b108e66144da30f72272863-d
• .gocache/97/9754c0ccafc83d897069ef192a70b0954fc63f72a444e62cea349c6db26cf7d5-a
• .gocache/98/98588a6d19865ffcf6414641d60d9681d94c0ed004ee3e4e426769ca93cda8bc-a
• .gocache/99/9943daaebfe12bbe9eeada2ed4135d5d094376b549cd390ae8c6067d5f66e58f-a
• .gocache/99/99ff67450bee5d4dc06aa5155cb30373d6c3cc95108e7cb650ece656c8b5c2a6-d
• .gocache/9a/9a110ef5b89ea178ee61f7519e7f8597fe5331dd016d39de4236988de2834724-a
• .gocache/9a/9a302633d2f5f11b021ccba501ecdc3f5f07352d6a19f184dcca190d1b66da60-d
• .gocache/9a/9a4da3153719e5b62d0edc6df87b87c8ce65bc38f32e3ac231055bea798629aa-d
• .gocache/9a/9a76ae5c09aa609a682b231c9497f65be593b22973313c675a36099ed652db4f-d
• .gocache/9a/9ac27506d81d63b2f3a35efabdf8daa636e3bb1c1ece0e0480024cacf5731bb4-a
• .gocache/9a/9ad739ee26765c4c5708ce282e5889f73078ed9405b0dcf384a12290845ff225-a
• .gocache/9b/9b032d0ec420d5632684b2a679f40073dbb7965120e77cf747f2cb08e896bad6-a
• .gocache/9b/9b6a2f6863b43146ad670f1eabd15ec6f33c4c594d0849c043dbccc8ae320c1e-d
• .gocache/9c/9c04d0585ffb8ac6ca5cdb941bb9121822b902751e6c060ae66d64126921f367-d
• .gocache/9c/9c704180e9c168d64dbdc566fe0970808b57049260b6bdcf8121a9e088421f22-a
• .gocache/9e/9e1bee65f89a698fc16682af3859e63594ace3bb1c3359dd69f54430b6acb1ab-d
• .gocache/9e/9eabe0a4a16b36ab089f5a7be97361d0775eb96cf78c666a885c497e3c443ffe-a
• .gocache/9e/9ed0c2df4c2c0139b2c04556697df10de204dad72f27fd1804720170ef78709f-a
• .gocache/9f/9f219a5a057254260d0aa4a322531c9cd1cb8484bec3312f9b0c0265b75aa796-a
• .gocache/README
• .gocache/a0/a0208fddfd1cf8722a9bd74e227ed72c52505e6a13966c565225fefb4e32677f-d
• .gocache/a0/a08b8c56353e509e95e5c2722ab74419f1bb8da680a84ea2aa66835c8657fc64-d
• .gocache/a0/a0bff7d70de1d25e491c78556f9d31b52f4e1246219034b0f29d8f9093547199-a
• .gocache/a0/a0e5b090a551df83dc85c3f8c316f08e0a7aff68ec6e30498193f089f758fe5c-a
• .gocache/a1/a12e1a8b354ccf6c8562755f38100c118b8bb530370456a6b3e1f2a7ad28f324-a
• .gocache/a1/a1b27a06dde351088cd231bbd80a6a8b250718636a86ebc5e8285f7171134a5f-d
• .gocache/a2/a2278c38acdab16947f1473b89d8e4c42086aba66eae771bf9b6f67ba36eb7e1-a
• .gocache/a2/a2a8f5ffd3a20b85ef489be7b15ed6e90d0da6d0218141d7fe0412d728d223e5-d
• .gocache/a3/a38e1c00a0ed9832262344a8e53a7fde966b5c94baf92b725d07902eb5f8bc0b-a
• .gocache/a4/a489ac8fd770813350fd7d1490dedde6eb4c85323aed414062301717d282c71b-d
• .gocache/a5/a513541059093b57be2f12ee0a0f5fb1b9c56abde50b8f4a65e756766f7aeaf6-d
• .gocache/a5/a527bed1f7b1cfd055b79f7bd75652b8e93b01b72b215df7b29d5953284d5d64-a
• .gocache/a6/a6193c1bfedf0270592b1153203c81e33dd53accbac566e67d0af2328c4793e5-d
• .gocache/a6/a61eefc4804d64f3156d7805fb04df793c3f66eb1d486d1d6c65f63e8914efb7-a
• .gocache/a7/a710b608b6465629279c3625b74186c9457009f7d6008c18dcd98e1a6bd8ee13-a
• .gocache/a8/a8888917c54dbbd0668ce7e4b05553d155007def106c522889fd68c3419e2857-d
• .gocache/a9/a93aebccb142c73f0eb1ef548b7366dbd0b78b59d61e6fdec3247182ae47d90b-a
• .gocache/aa/aaf3c72b99860709f746809e7964329ac8327b74e2c0c4b75f6d2922e14033c0-d
• .gocache/ab/ab671d9abcda76aca91787ff8fd1204e56cae17eb7698a94c93c030c491c5119-a
• .gocache/ab/ab9d9697e9a78fdb0f486acfba99b2be41f79fe97718c6e13f8da48d923a0d10-d
• .gocache/ab/abe8db705f5c88a7398c38580bfd1141ff479b130a3dd84b1a49a5164fa532bc-d
• .gocache/ac/ac04ceb3442105acfd1f9bfcfddd15e4abae83776be915b77e258b9bfe089ced-a
• .gocache/ac/ac2dff6407daf0f1999d204ab3731f32f5329d7baec7cc1df11cdfff04de8d91-a
• .gocache/ac/ac4593bce56e7863b8140e54355597175f141da8dac5933d08b63bb8b833c1ae-a
• .gocache/ac/ac582a434401b9ca5eaa2aebf6a825b4fc94a6560334346e8486aca3fbde21f2-d
• .gocache/ae/ae10940a8268229a57b050d1e71c35450689c2f7dec5a70fdd7605fde863a36e-a
• .gocache/ae/ae2f9811ead6556f860463a8e47bf5ff92779eef2e3e10517ec8195f5f8615cd-a
• .gocache/ae/aec56e6f3ba5457ee5bf8393c7a77e0aa02543a9ee6414d99e90d89aa480d369-a
• .gocache/ae/aece1f89565524e37cdd3b7eb325c1c28dec573288f3679c644e56a0b1dcfa12-d
• .gocache/af/af02d2db61f937892cfb95bd4ca521f6113ef54de2e318823dd793d8457ee48d-d
• .gocache/b0/b0d70c923acbdbae6dcc0a7c713c5647bbb1216598a5d5539d6dd7a80dc2429c-d
• .gocache/b1/b10fa5f810a8cd33c719e367d35fddd3fd758187f5d791c3ffef22457308cb07-a
• .gocache/b1/b1d2ce07a03742f1b387f6a5624cc3a42a928d2569470ba2c7e87e8d5873b985-a
• .gocache/b2/b215a4d861f99ee4b9d19bd7eb4b7e5e21986d15c216eb6c1def975d3428a943-a
• .gocache/b2/b221428b41c7735a3b6fc0098ca0203a677f3379d740b5914cdbec98bccf5bbe-d
• .gocache/b2/b2b90c15cc1c4522900a7a71001a2788115532a2a73a039909cedc9b4108bf6e-d
• .gocache/b2/b2e41544e6fc40176ad631b1c229fa98830d0d4dc2f5424f9a764679c4720e14-a
• .gocache/b3/b31678924649a5580957656f18b2379edc1c1bb221069584afa70f1409b649e5-d
• .gocache/b4/b4d54132605a18ae07e8bc5305a8e0f97bc3e72c0704e38f33cf2cbd30dbeb3d-d
• .gocache/b5/b587a0bab6963866b6416e186e1d8d0fc47bf44d053421a361c078830bc1d7f9-d
• .gocache/b5/b5d5484f061c1dc1939d14b09ac2c4f14cf26b784bb14e9146cbcf90e1712779-a
• .gocache/b5/b5f11405871f29a12518086936944ad57cdea69b29e74ee5feba0c0d3fb9fe3b-d
• .gocache/b6/b640ae42501e05d62c8fe596ed68a07a6c98c6302fd55b8c8010a27c7d49a0b6-d
• .gocache/b7/b71efad09e9203f2672bd167340bc319028e65da9c0b529264ab9ef1ba69ea4c-a
• .gocache/b7/b7af538373eb3f807c6fc05c89b0f4bef7a0f30be2d4dc35133861d73d4129cd-d
• .gocache/b8/b80cc9502f476b322581f786fc24395a5ef8f22b9ba56ab85402469ecf19f2b0-a
• .gocache/ba/ba6d5c69e995d7ae7f1c44565760203426779ee8bf9655ff9e55d34c63b17880-d
• .gocache/bb/bbc06e51bf99e9b12d21937730b7afefb8532e6b0238328b081b263dd3d58c3a-a
• .gocache/bd/bdf26da8186d94e9845080b584295af16d9edc851e988fdac2f15bda77f2ecc1-a
• .gocache/be/be89d47b1ae7aaa12db9d4104253282a5616bc827704f0740dac7f73a84b44e0-a
• .gocache/be/bef3fc3c0c379ce9b55d7089e196c861ae59a9e80cac9a66e65b732797286887-d
• .gocache/bf/bf8f92c39d737ff9e6f3a9e38e5b6a94e3ee0e685f5aa95427131906f2d3cd29-a
• .gocache/c0/c0a08758c92e97c4c383d5bbe0fb42ab2222fa4b430bb79b3d2222d68ee027fd-d
• .gocache/c1/c1f39a8be80ff71c36ef25b1536e5ddb2a5be820f070cea5e9b3483045eebe55-d
• .gocache/c2/c22ab9f6e1c5e52d511174ff6beef03e6ce7f73a67469a46ce3b6893fc20e1c2-a
• .gocache/c2/c2745b3c9d23b113138fc70b28cd840baaccc5a67259a0b01376679e7a85f50b-a
• .gocache/c2/c28073cbd450e6068be7e9325ec941af925238144b38ce6f05a561adce467d83-a
• .gocache/c2/c2fa87fb89268234c7707d6d5d07cd9a3d2bdfbb0f4b5fda5e9126c9dab03eba-d
• .gocache/c3/c30c7406e98f2b98b3e0d2e9bdad052573865dd01ac197bbf000000e00d4f781-d
• .gocache/c3/c3ce49bcdd0fbe500efa814c4b6556311b96dcda05738a9af5e6f3063b2fea44-d
• .gocache/c3/c3e2bc3ecd00ece60d28ef489f974df1a676dca67fa7eb58c0a72420a1b173a0-a
• .gocache/c4/c463e851cc50fc009b2ffcecbd8c2e3af7edd878bd7c164b772c3baf192dd4f8-d
• .gocache/c6/c63679be3042bcd65778026d5c15c59993b583e9d0cc56f1af6a48fd652b3785-d
• .gocache/c6/c6d27eb5edb4f6e6dc04dee465c0d23ae0956a8dbebad482e0d85696e8ae539d-d
• .gocache/c7/c79696b86e5bc1fece85159bfa960b072718979aab86ff447f6df767d91e57d5-d
• .gocache/c7/c7e7bc103cda6505e181eccbb5d566de8f3faeacc228f368ef4ff644e634d5ab-a
• .gocache/c7/c7e883dad5de9e6c79e1ad93fd815386d45056482c17f904db5dacbd702cb3b4-d
• .gocache/c7/c7ec02494469da9e3f1ac5612d2d2568d0275fcd2e48e50246c18d0551ccdad4-a
• .gocache/c8/c8ad431cede8e667d6768251b2ab5bbcff4de298d355de610de61a7eb90c71ba-a
• .gocache/c9/c91c4924553288378d640e2edadaaf356084660986e884dfb24e4e8d91235267-d
• .gocache/c9/c952e4da49d7b236b749d27d3437c7f706c1cd8e43916d93c1204b0a525d93eb-d
• .gocache/ca/ca8927c3faaae7b28839c41291e5d4a901aa55ce4b0318b81789b17e5d9719d0-d
• .gocache/ca/cab2d37ef661eeb1dc10ee1d0f49838cd51a3752dbf230ff335af778a9ca2912-a
• .gocache/cb/cb1a80afda08870fb4d15be438d85de7dab292054b9fd61cc3bb1360ddbf18fd-d
• .gocache/cb/cbca73333891a2474362bc0850f9e365cd1adf0920bd1e49becf5446a9c1aeef-a
• .gocache/cb/cbfe9be6d9bc2ef41e69fa5f9c72d0b282fc3a298163a03e1a14ae8a521a0011-a
• .gocache/cc/ccd0bb56d3123421005b297f3107f2519a38ac115cb7d2912b3986881f97e1af-d
• .gocache/ce/ceb50af40519b2f923200f8bf9246c66678d3ac445f7223e29898717526ca98f-d
• .gocache/cf/cf55ef7dd18b4b7000ed05f8256d2866a72bde6be0ccdf82df589f353d2c7009-d
• .gocache/d1/d10e64478e4d6346b8ce34078407b0df4d0e4b28449fcd3caa02ca9d77b7bb79-d
• .gocache/d1/d128e518542c7c7db31f576312bb934fe681cebad1e1ff5bd8116ed9a43e5577-a
• .gocache/d1/d1bf053efaa6139bac9766194c5cf40062244981abff778a99de020fc8cb1887-a
• .gocache/d2/d21c7eae7644d775f6a5467a210695139ab5a5f17cb64d1e3cec605b33e13e3c-d
• .gocache/d3/d302d70a180348df6a72d0c7f6205cf3b1352cb8d5db0fb7d8989e073907b83a-a
• .gocache/d3/d388388792295e0b7e2a50ce6d69f1b348224bdee8e4e3bf088f969dd37fbb0e-a
• .gocache/d3/d38c76db31d0a2eb782e944a07beda247fc0cf57841ae752285457828af28466-d
• .gocache/d5/d5765b270b8290d86f344724414b322f56bb63ae073853c352e83cff3040b13b-d
• .gocache/d8/d8675d0ef1b81536c35e03cfcc4ea464746d22784c2e7ddf046dc3dc12d8d186-d
• .gocache/d9/d94878c4a0e2252ae9e933e082758b483fd07dcbd061fc0f7a4b1bfca3557aad-a

✅ Files skipped from review due to trivial changes (140)

• .gocache/3a/3a62e181324a0bd88f75ccab8fc6057455be482946d5accb34d2507a15211446-a
• .gocache/55/553aa838cbde3355ba53191c316317848d32fc0ae65e31ea2573aa6b1307c54b-a
• .gocache/2f/2f552f22af5d251ec38b4cb7e663c627b0fc6c06813a51eaf85f2fafe494aab2-a
• .gocache/3d/3d7a433f7594aab38d423a825304394dc5f7f5109c6cb3fecd8d8d543cd43c81-a
• .gocache/8e/8e29a64bd27f04705e0f37f9ee12535c38872df0a8c2a67c0ca80b90fa2d3951-a
• .gocache/3c/3cca9909965fc4d81ce76159ac10a3fa0d5031881bb659e44113cdb1820db9ff-a
• .gocache/35/35d72c9e1c86d0e6392093b14d59dbbd014aec57ee565ff21b9a9c50d51ba15c-a
• .gocache/d9/d94878c4a0e2252ae9e933e082758b483fd07dcbd061fc0f7a4b1bfca3557aad-a
• .gocache/05/05e731e99ce2156fbae7db82da9606caba405b6d11bb34189fed1d2f6d1d6fcc-a
• .gocache/d1/d1bf053efaa6139bac9766194c5cf40062244981abff778a99de020fc8cb1887-a
• .gocache/13/13448554041ef10c185504197eeac17d452c551adf93c5e628497c2356dccd2f-a
• .gocache/b7/b71efad09e9203f2672bd167340bc319028e65da9c0b529264ab9ef1ba69ea4c-a
• .gocache/6f/6fdcab39f0957e4075cee3512e45eb2f8bd819bdbe52ff256f6fff37621fb5b7-a
• .gocache/89/89425a9d4f4599eefd576aaf505d8032c1c71495f803a6c46c3aa515e3874b17-a
• .gocache/85/854de6d1edd63bca75015f975f5106426696d993f2bffe8056ed81902f81de3e-a
• .gocache/9b/9b032d0ec420d5632684b2a679f40073dbb7965120e77cf747f2cb08e896bad6-a
• .gocache/79/799300330863537cd8ffcfe88f0517b3e3bf0a022bb8d9fd2994514dfe7322cb-a
• .gocache/64/64dbf8c10e9b7664e8fa298f4920fafc18ce30955daa3d7fa91a641e02ba29d0-a
• .gocache/ab/ab671d9abcda76aca91787ff8fd1204e56cae17eb7698a94c93c030c491c5119-a
• .gocache/README
• .gocache/99/9943daaebfe12bbe9eeada2ed4135d5d094376b549cd390ae8c6067d5f66e58f-a
• .gocache/9a/9ac27506d81d63b2f3a35efabdf8daa636e3bb1c1ece0e0480024cacf5731bb4-a
• .gocache/b8/b80cc9502f476b322581f786fc24395a5ef8f22b9ba56ab85402469ecf19f2b0-a
• .gocache/be/be89d47b1ae7aaa12db9d4104253282a5616bc827704f0740dac7f73a84b44e0-a
• .gocache/9a/9a110ef5b89ea178ee61f7519e7f8597fe5331dd016d39de4236988de2834724-a
• .gocache/38/382cba219a166778beb423a2b15edebb4210a55523985c710b81f2182661db1b-a
• .gocache/5f/5f51f1ba4fede0969de743bfaacf2913247ea594b343b2df4908c87302ec6993-a
• .gocache/65/65d23fd44c62048cfd4ec401302a30ba2a39af9b7dfa9183fa6400ca28873658-a
• .gocache/02/02d81120d49d6bbb2dde0c24d7090c79dd304f188d3ea87bff934fe5e53497ab-a
• .gocache/9a/9ad739ee26765c4c5708ce282e5889f73078ed9405b0dcf384a12290845ff225-a
• .gocache/95/95b8709e2437d30bf2e3aa4bef01a5a297f10c52f1dd9a11d8fa064373783866-a
• .gocache/a0/a0e5b090a551df83dc85c3f8c316f08e0a7aff68ec6e30498193f089f758fe5c-a
• .gocache/79/79eb5d6d3c2e5e87056420150661d902a87d3b4d5ca70cfd63db34fad0730a0c-a
• .gocache/ac/ac04ceb3442105acfd1f9bfcfddd15e4abae83776be915b77e258b9bfe089ced-a
• .gocache/3a/3a62e961a244c1847fdd89d2ed81137e7e5d7356548a53b20d4e363c0219caf8-a
• .gocache/59/595bbb8b6653e74c79df785781caeaf69bd758648048f7b113b9938dc6797172-a
• .gocache/75/75479a673109526a6426515390957587c771fe6779ea79466cb9c2d141d8e613-a
• .gocache/83/838469a25f0e995aaa13e9a73bfd3fef61ee0e13e362ca2cd86ebd083be6108e-a
• .gocache/66/662b884286145de379ba335f5db8b5ad46d7b91815ad4736f583c480177b1c8c-a
• .gocache/98/98588a6d19865ffcf6414641d60d9681d94c0ed004ee3e4e426769ca93cda8bc-a
• .gocache/7f/7f2cec3df79bdbbdf8572a391c7accd31cc4f2da853d015dd7baca07872a414c-a
• .gocache/81/81a1ebc30fd37e698f0273c01f0920a62eeee6ae3248ed916fcd17477af344ba-a
• .gocache/b5/b5d5484f061c1dc1939d14b09ac2c4f14cf26b784bb14e9146cbcf90e1712779-a
• .gocache/c8/c8ad431cede8e667d6768251b2ab5bbcff4de298d355de610de61a7eb90c71ba-a
• .gocache/1c/1c8c4c9f988fcc2ab5b115c281d3dd43476e8f02aab78a3507714d4310e975d1-a
• .gocache/55/550f0d59b37b8eeaa7aedbecc1ecbd981366580f47e83e720238cb6e9c630ac0-a
• .gocache/73/738a5ff80856cbda6fcfdd408b073076d7c6e356bd0b85ba5d84a7531d067bf8-a
• .gocache/83/8301716be171664cb9346c03731c3d5d0cd905c7b50b889d38a3ec8d171ab5fa-a
• .gocache/c2/c28073cbd450e6068be7e9325ec941af925238144b38ce6f05a561adce467d83-a
• .gocache/8f/8f4ac4fd05708009d6dc0b57a089c8541869c28176e978e80a8397d47f42acd0-a
• .gocache/d3/d388388792295e0b7e2a50ce6d69f1b348224bdee8e4e3bf088f969dd37fbb0e-a
• .gocache/67/67acd12b659be0a7bdf35c530d6edc273ca8f773231a7088846e0d0d1285b075-a
• .gocache/49/495c8c5d4495f977f3b591ad01cb4dd4d1488fd6e8e9504c9fa40e3186e7542e-a
• .gocache/24/24139a4f7523daf40b7e9120b83e13457d2bf2da1018712fe1304dff8463af1c-a
• .gocache/7e/7ea3265e46b17e4939f80be8599d0df95106fd08a9fc9e921293bf52762f4303-a
• .gocache/bd/bdf26da8186d94e9845080b584295af16d9edc851e988fdac2f15bda77f2ecc1-a
• .gocache/01/01f12ff231f908249c4b840822b0537263b4185c0decc5ed4df4a06aa60561c2-a
• .gocache/03/03446295459a21a29baa6b9e2148595409b1e2f98ccef5e2142f962d6058336c-a
• .gocache/02/0296a9d89335df077c9672609f6017b7c8dcd66fdf9878733fa1affc5a364907-a
• .gocache/10/1085090192524bd0edc49341726c7cb837d9fee3b59df718ecd750e1de3c4878-a
• .gocache/11/11e8ad2242cc54f0792a83c03b9f06915e0269abb5e3bfd0580009125fd85562-a
• .gocache/4a/4a76389d1b33ff88cde076f14ad519f719499d40f5c5fa46bf384e7f0993fcae-a
• .gocache/2c/2c49e27da36f647a98d40e3d57c8b3c85dd20cb75cb38b772e0f91825d0b5537-a
• .gocache/5e/5e52d58814fbfb0389ae9cb081c51e8c0b4ea361a3f0838167ff6b755ac9c162-a
• .gocache/7f/7f31a18b8b4e3d6a9aad08927ee4bed78d8cec7c82161fe8f7ed2068cebde7d1-a
• .gocache/d3/d302d70a180348df6a72d0c7f6205cf3b1352cb8d5db0fb7d8989e073907b83a-a
• .gocache/46/4618ebe7124053c0e0353a78fad4a0966c305b9811bc8529dcb5f183afdc2a55-a
• .gocache/15/15f57dc9d15917b13a1373c0db94a16262123c422f037e6f332b21ebe8343db1-a
• .gocache/9e/9eabe0a4a16b36ab089f5a7be97361d0775eb96cf78c666a885c497e3c443ffe-a
• .gocache/16/16d2cbebed5f0cd492921bb59aaa619af454621851ea45c9d6e412f3a66fcded-a
• .gocache/cb/cbfe9be6d9bc2ef41e69fa5f9c72d0b282fc3a298163a03e1a14ae8a521a0011-a
• .gocache/a9/a93aebccb142c73f0eb1ef548b7366dbd0b78b59d61e6fdec3247182ae47d90b-a
• .gocache/90/90cd849470048961d3839691e128c9b271fb39cb49c73baae1b02a15b5a1c8c5-a
• .gocache/02/02406d624cb2b2037a150c6b57b8f5de713b4aa89a0a72bbfa63a29f2ebe357c-a
• .gocache/24/2481ea499c9203be359c59f05f88b9f196bfbac7f686e0073d96015d9eadbc3e-a
• .gocache/90/907d336c0b4fd7170869d67f7d9cdc8498b92e24c5d739d0ad898b663a1309b3-a
• .gocache/3f/3f7ed2943accdfab6bf24019fc1e1dbfbc1a1bb49fc0dc2f1a8fb9308ea1ce52-a
• .gocache/56/568ef494d3bd49c79ea45fb26cc8a0af9878813306ddf661931ff92eeb015a04-a
• .gocache/9f/9f219a5a057254260d0aa4a322531c9cd1cb8484bec3312f9b0c0265b75aa796-a
• .gocache/78/78acbeb18c1be47e3b8114d74e7d61eed3c8e576907d6c3cf7cf891d6a36a933-a
• .gocache/92/9246b63bd9049656baf24d72851448b6f5abee4c3ed5bd2f84536dd3a979deaa-a
• .gocache/14/142b55010d1a92c2245e71355390b1add23e531a43dd17b766e3b03f6c9aba0e-a
• .gocache/2b/2b7e55fd06f73d2633bed82efc42c5fb5bfeaa8e84c1b467e9492eaaa693fbc5-a
• .gocache/71/717b5d50df6b37608a3c89c480bb94516f84bc0f0ab6529977bd58b162cf6808-a
• .gocache/5f/5faa874842078c1d76223f9f90b49d204b9cdb05a4456496b9382591d2a7b83a-a
• .gocache/a7/a710b608b6465629279c3625b74186c9457009f7d6008c18dcd98e1a6bd8ee13-a
• .gocache/bb/bbc06e51bf99e9b12d21937730b7afefb8532e6b0238328b081b263dd3d58c3a-a
• .gocache/83/834583cc04f2a6f60bfeeb278d12155d2af4059f3c4c58656263f3dea1a06d8f-a
• .gocache/d1/d128e518542c7c7db31f576312bb934fe681cebad1e1ff5bd8116ed9a43e5577-a
• .gocache/7e/7e6d5d7e963cf9f80633a8e0c2a340cc8dfe2125a58711afa68c8955936621f3-a
• .gocache/7e/7e13b9b48bdf4a3fdc2d01e471e56776348e07939dbfc5e8be0cb1e91ee5db98-a
• .gocache/14/1419324007bb7d17cbad24e1245445050f64ee76af3ad4ad405799a4399342f0-a
• .gocache/8f/8ff447825be5776765fe9120b153798265234ebe4ad08c7505080eaaf4def7a1-a
• .gocache/15/1522d39c660b0597605ecf9b4f5005690d4eeb107eaef8731fdc6344fa95c574-a
• .gocache/81/81da455825af073d4fdfdd1ced916494aab3a6d7327c8f87e2f84b1e1dffd92b-a
• .gocache/bf/bf8f92c39d737ff9e6f3a9e38e5b6a94e3ee0e685f5aa95427131906f2d3cd29-a
• .gocache/43/43247440b7928d2b7aa9c58c4cf53c6df54305543bf30efafb645f60ec1dad3a-a
• .gocache/6b/6b56217629eb8bc789e108655c933d974be1207a856a9afd9224b82baa3256e9-a
• .gocache/9e/9ed0c2df4c2c0139b2c04556697df10de204dad72f27fd1804720170ef78709f-a
• .gocache/c2/c22ab9f6e1c5e52d511174ff6beef03e6ce7f73a67469a46ce3b6893fc20e1c2-a
• .gocache/7d/7d9aa98b1925c593c0f164e452f8aa0f238ffdd9eb88bafe3f11813a3013e763-a
• .gocache/55/5563ce81ece45e9574f9ca05b4b20c740ab870a88544d3c4abf7b93e078be923-a
• .gocache/5b/5b7c41f20e80fcfd0fc34c9979cde714636a5f12a35051544059ab1c2578e586-a
• .gocache/3a/3a55afe2a4a171ae9c964bcca995cd8d3775d861a3ac5046642da1fd81305e3b-a
• .gocache/ae/ae2f9811ead6556f860463a8e47bf5ff92779eef2e3e10517ec8195f5f8615cd-a
• .gocache/12/125f7a276f0eb31af93ca376b2eddd5858b0bf2ff8739b1525e1f3c03a38a0a5-a
• .gocache/07/076fb2d8d5d355cdc822cd4c534e38ecaf3f7972a52b5b8978c8cf5e7aa72fbd-a
• .gocache/70/707f067c75952b254af9bc0fd31a1d1e8122035ee4258a699fd0bf00bf21bef4-a
• .gocache/66/66c1359bd0e4ed4bdcb6c33d32ccbc70c6e440f5f13af9a5099b6d569738154e-a
• .gocache/05/0582cb00ee4fa40348f5153e847ee00240ef548b5d507a7539c63e952ad2b5e3-a
• .gocache/08/08ac5a09547a0d54014c76b74af195638be466ff764c17a7647624166852ad91-a
• .gocache/93/930cbf25f2885e21c99fa1d647ba739d4b0e52dfa488d234055313eeaa185f78-a
• .gocache/12/12366546c7831af4c813acaf3b1e31b4b2b9858aa00ad90054b66a6e1463cf92-a
• .gocache/93/9384d33b0f3cdb9b3acce66c9d7e3353693739704bcb92ce2fec2344168a2358-a
• .gocache/ac/ac2dff6407daf0f1999d204ab3731f32f5329d7baec7cc1df11cdfff04de8d91-a
• .gocache/c7/c7ec02494469da9e3f1ac5612d2d2568d0275fcd2e48e50246c18d0551ccdad4-a
• .gocache/09/096dbb5d924eb2126c481eca42f85b83a92c346cf6181f4ed9e291ad596b77e6-a
• .gocache/a1/a12e1a8b354ccf6c8562755f38100c118b8bb530370456a6b3e1f2a7ad28f324-a
• .gocache/a2/a2278c38acdab16947f1473b89d8e4c42086aba66eae771bf9b6f67ba36eb7e1-a
• .gocache/b1/b10fa5f810a8cd33c719e367d35fddd3fd758187f5d791c3ffef22457308cb07-a
• .gocache/ae/aec56e6f3ba5457ee5bf8393c7a77e0aa02543a9ee6414d99e90d89aa480d369-a
• .gocache/c3/c3e2bc3ecd00ece60d28ef489f974df1a676dca67fa7eb58c0a72420a1b173a0-a
• .gocache/09/0913d56e9868318f73f1c0d98c7f79b4c9d0e5fb4ade0b08938495a9bb246eca-a
• .gocache/ae/ae10940a8268229a57b050d1e71c35450689c2f7dec5a70fdd7605fde863a36e-a
• .gocache/80/806c9f23b1266bd8b6c4e7b60b26eab3dd993dff26bd30f79e88c64048a372ba-a
• .gocache/6d/6dceb3257f90d36068688a07b33d0238fd039de0aa80da805b0308d233bf4502-a
• .gocache/c2/c2745b3c9d23b113138fc70b28cd840baaccc5a67259a0b01376679e7a85f50b-a
• .gocache/9c/9c704180e9c168d64dbdc566fe0970808b57049260b6bdcf8121a9e088421f22-a
• .gocache/7e/7e0f36093842d5682230ec8ef0bf1d6c7dbe863eeb1980255fa0cdc39ff98294-a
• .gocache/cb/cbca73333891a2474362bc0850f9e365cd1adf0920bd1e49becf5446a9c1aeef-a
• .gocache/ca/cab2d37ef661eeb1dc10ee1d0f49838cd51a3752dbf230ff335af778a9ca2912-a
• .gocache/28/28fbdcb2401a6951868fcedc763136fa500b0c590640e604b5c687f53e5a623e-a
• .gocache/74/74eae2272f8a39b5a8e9ea7b91e8e775e3e15bb15feee5b67d4cf57c08f5183a-a
• .gocache/21/2135b14d7a23d942b3cd48addff79c77c5a337eea167e772065aa3e05f3a933b-a
• .gocache/31/319916b7fcf63bd0350fb7e95417411b61e528a109a730361d317ff76c455008-a
• .gocache/b1/b1d2ce07a03742f1b387f6a5624cc3a42a928d2569470ba2c7e87e8d5873b985-a
• .gocache/93/93cf3d432c894318aa683d8b8e9d71701dbba8d6692c65f63bb4aab02f33e5d2-a
• .gocache/93/935e08bcedb3ab33055d8991581c30cd0cd85ff09659c1ca20c6e7c97c076d1c-a
• .gocache/ac/ac4593bce56e7863b8140e54355597175f141da8dac5933d08b63bb8b833c1ae-a
• .gocache/16/16ec8a92b63e629813b6705e2fbe8c86f101d477e7df8d3b7a9046d2d950d432-a

[everettraven]

I think with the changes outlined in this review round, the tests should be fixed and everything should be working as expected

[openshift-ci]

@ShazaAldawamneh: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/integration	532d607	link	true	/test integration
ci/prow/verify-crdify	532d607	link	true	/test verify-crdify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.