OCPCLOUD-2710: Extend AWS metadata service options in MAPA

[RadekManak]

Add httpEndpoint, httpPutResponseHopLimit, and instanceMetadataTags fields to MetadataServiceOptions to bring parity with CAPA. This allows users to configure additional aspects of the AWS Instance Metadata Service (IMDS) on machine instances, improving backwards compatibility and reducing conversion errors when these options are used in CAPA.

New fields:

• httpEndpoint: Enable/disable HTTP metadata endpoint (Enabled/Disabled)
• httpPutResponseHopLimit: Configure metadata token hop limit (1-64)
• instanceMetadataTags: Enable/disable instance tag access from metadata

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci-robot]

@RadekManak: This pull request references OCPCLOUD-2710 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add httpEndpoint, httpPutResponseHopLimit, and instanceMetadataTags fields to MetadataServiceOptions to bring parity with CAPA. This allows users to configure additional aspects of the AWS Instance Metadata Service (IMDS) on machine instances, improving backwards compatibility and reducing conversion errors when these options are used in CAPA.

New fields:

• httpEndpoint: Enable/disable HTTP metadata endpoint (Enabled/Disabled)
• httpPutResponseHopLimit: Configure metadata token hop limit (1-64)
• instanceMetadataTags: Enable/disable instance tag access from metadata

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Hello @RadekManak! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request extends the MetadataServiceOptions structure in the AWS machine provider configuration by introducing three new fields and two new enum types. HTTPEndpointState and InstanceMetadataTagsState enums are added with Disabled and Enabled constants. The MetadataServiceOptions struct gains three new fields: HTTPEndpoint (HTTPEndpointState pointer), HTTPPutResponseHopLimit (int64 pointer), and InstanceMetadataTags (InstanceMetadataTagsState pointer). Corresponding generated files for deep copying, Swagger documentation, and OpenAPI schema definitions are updated to reflect these additions.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and specifically describes the main change: extending AWS metadata service options in MAPA to align with CAPA requirements.
Description check	✅ Passed	The PR description directly addresses the changeset by explaining the three new fields being added to MetadataServiceOptions and their purpose for IMDS configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

🧹 Recent nitpick comments

machine/v1beta1/types_awsprovider.go (1)

301-309: Verify hop-limit marker syntax to ensure CRD validation is emitted.

Line 306-307 uses Minimum=1 / Maximum=64 while nearby validations use :=. Please confirm controller-tools accepts this form (or align to the := style) so the range is enforced.

🔧 Proposed alignment with existing marker style

-// +kubebuilder:validation:Minimum=1
-// +kubebuilder:validation:Maximum=64
+// +kubebuilder:validation:Minimum:=1
+// +kubebuilder:validation:Maximum:=64

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 36664f7 and f685436.

📒 Files selected for processing (4)

• machine/v1beta1/types_awsprovider.go
• machine/v1beta1/zz_generated.deepcopy.go
• machine/v1beta1/zz_generated.swagger_doc_generated.go
• openapi/generated_openapi/zz_generated.openapi.go

🧰 Additional context used

🧬 Code graph analysis (1)

machine/v1beta1/zz_generated.deepcopy.go (1)

machine/v1beta1/types_awsprovider.go (3)

• MetadataServiceOptions (290-334)
• HTTPEndpointState (269-269)
• InstanceMetadataTagsState (279-279)

🔇 Additional comments (4)

machine/v1beta1/types_awsprovider.go (1)

268-286: IMDS enum additions are clear and consistent.

Line 268-286 adds typed states mirroring AWS values; this keeps the API explicit and readable.

machine/v1beta1/zz_generated.swagger_doc_generated.go (1)

147-153: Swagger docs updated for IMDS options.

Lines 147-153 reflect the new metadata fields and updated authentication semantics; matches the type changes.

machine/v1beta1/zz_generated.deepcopy.go (2)

82-82: DeepCopy now clones MetadataServiceOptions.

Line 82 switches to DeepCopyInto, preventing pointer aliasing after adding optional IMDS fields.

---

1484-1499: DeepCopy handles new IMDS fields correctly.

Line 1485-1499 allocates and copies the new pointer fields as expected.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@RadekManak: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[yuqi-zhang]

Generally seems fine, a couple of comments inline

Also to double check, there is no other reference to these objects in the api repo correct? i.e. the actual CRDs would be deployed via e.g. openshift/machine-api-provider-aws#170 ?

[yuqi-zhang]

nit: since we are defining a new type (HTTPEndpointState), we should probably validate on the type itself, so we don't have to duplicate validation if other places want to use it.

That said since this is the only occurrence, and we do similar validation for e.g. MetadataServiceAuthentication, we can keep it for consistency purposes.

[yuqi-zhang]

I believe that all 3 new fields do not need to be pointers. There's no need to distinguish between an omittited and empty value (they cannot be empty anyways due to the validations)