OCPCLOUD-3326: Update to use new manifests-gen

[mdbooth]

No description provided.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Walkthrough

Updates OpenShift CAPI operator packaging: changes Dockerfile manifest copy paths, replaces the Makefile's ocp-manifests invocation with a more granular manifests-gen call, adds kustomize and provider metadata under openshift/capi-operator-manifests, removes a legacy AWS ConfigMap, and updates openshift/tools/go.mod dependencies.

Changes

Cohort / File(s)	Summary
Docker build openshift/Dockerfile.openshift	Adjusts the manifests copy: source moved from /build/openshift/manifests to openshift/capi-operator-manifests and image destination changed from /manifests to /capi-operator-manifests.
Makefile / manifests-gen invocation openshift/Makefile	Replaces previous ocp-manifests flags (--provider-name, --provider-type, --provider-version, --base-path, --manifests-path) with new flags including --manifests-path ../capi-operator-manifests, --kustomize-dir, --name, --install-order, --attribute (type/version), --self-image-ref, --platform, and --protect-cluster-resource.
CAPI operator manifests & kustomize openshift/capi-operator-manifests/default/metadata.yaml, openshift/kustomization.yaml	Adds provider metadata (attributes.type=infra, attributes.version=v2.10.0, installOrder=20, name, ocpPlatform, selfImageRef) and a Kustomization that references the generated component, ../config/default resource, an image rewrite, and a JSON patch targeting a ServiceAccount annotation.
Removed legacy manifest openshift/manifests/0000_30_cluster-api_04_cm.infrastructure-aws.yaml	Deletes the AWS infrastructure ConfigMap manifest (entire file removed).
Dependency updates openshift/tools/go.mod	Large dependency restructuring: bumps manifests-gen pseudo-version, replaces and updates many Kubernetes/OpenShift and container-related modules, and adds/removes various indirect dependencies.
Removed helper script openshift/fetch_ext_bins.sh	Removes the script that fetched and prepared external tool binaries (kubebuilder tooling and related env setup).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@mdbooth: This pull request references OCPCLOUD-3326 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[theobarberbany]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: theobarberbany

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [theobarberbany]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@openshift/kustomization.yaml`:
- Around line 21-23: The JSON Patch path for the remove op is missing the
closing brace and thus doesn't match the annotation key; update the patch entry
whose path currently reads
/metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
to include the trailing } so it exactly matches the annotation key
`${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn}` (keeping the ~1
separators as used in the patch encoding).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's read the openshift/kustomization.yaml file to see the exact content
cat -n openshift/kustomization.yaml

Repository: openshift/cluster-api-provider-aws

Length of output: 841

---

🏁 Script executed:

# Search for AWS_CONTROLLER_IAM_ROLE references in the codebase
rg -n "AWS_CONTROLLER_IAM_ROLE" --type yaml -C 3

Repository: openshift/cluster-api-provider-aws

Length of output: 1707

---

🏁 Script executed:

# Look for ServiceAccount definitions and annotation patterns
rg -n "metadata/annotations" --type yaml -C 2

Repository: openshift/cluster-api-provider-aws

Length of output: 625

---

JSON Patch path is truncated - missing closing }.

The annotation key in config/rbac/serviceaccount.yaml is ${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn} (ends with }), but the patch path on line 23 omits the closing brace. This causes the patch to fail silently since it won't match any existing annotation.

Correct the path:

Diff

   patch: |-
     - op: remove
-      path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
+      path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	patch: |-
	- op: remove
	path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
	patch: |-
	- op: remove
	path: /metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn}

🤖 Prompt for AI Agents

In `@openshift/kustomization.yaml` around lines 21 - 23, The JSON Patch path for
the remove op is missing the closing brace and thus doesn't match the annotation
key; update the patch entry whose path currently reads
/metadata/annotations/${AWS_CONTROLLER_IAM_ROLE~1#arn~1eks.amazonaws.com~1role-arn
to include the trailing } so it exactly matches the annotation key
`${AWS_CONTROLLER_IAM_ROLE/#arn/eks.amazonaws.com/role-arn}` (keeping the ~1
separators as used in the patch encoding).

[theobarberbany]

/lgtm

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@openshift/Makefile`:
- Around line 26-29: The shell command in the Makefile that invokes
$(MANIFESTS_GEN) is concatenating the `--install-order` value and the next flag
because the backslash is immediately after `20`; update the line with
`--install-order 20\` so there is a space before the backslash (e.g.,
`--install-order 20 \`) to ensure `--attribute` (and subsequent flags) are
passed as separate arguments to the `MANIFESTS_GEN` invocation.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix the line continuation after --install-order to avoid flag concatenation.

Without a space before the backslash, the shell concatenates 20 with --attribute, so manifests-gen receives --install-order 20--attribute and the --attribute flag is lost, likely breaking the command.

Proposed fix

-		--install-order 20\
+		--install-order 20 \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cd tools && $(MANIFESTS_GEN) --manifests-path "../capi-operator-manifests" --kustomize-dir="../../openshift" \
	--name cluster-api-provider-aws \
	--install-order 20\
	--attribute type=infrastructure \
	cd tools && $(MANIFESTS_GEN) --manifests-path "../capi-operator-manifests" --kustomize-dir="../../openshift" \
	--name cluster-api-provider-aws \
	--install-order 20 \
	--attribute type=infrastructure \

🤖 Prompt for AI Agents

In `@openshift/Makefile` around lines 26 - 29, The shell command in the Makefile
that invokes $(MANIFESTS_GEN) is concatenating the `--install-order` value and
the next flag because the backslash is immediately after `20`; update the line
with `--install-order 20\` so there is a space before the backslash (e.g.,
`--install-order 20 \`) to ensure `--attribute` (and subsequent flags) are
passed as separate arguments to the `MANIFESTS_GEN` invocation.

[theobarberbany]

/retest

[theobarberbany]

/retest

[openshift-ci]

New changes are detected. LGTM label has been removed.

[openshift-ci]

@mdbooth: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-capi-techpreview	f57fdb9	link	true	/test e2e-aws-capi-techpreview
ci/prow/unit	f57fdb9	link	true	/test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.