update: cleanup reference to old dashboard AProfile and HWProfile

[zdtsw]

• we should keep the webhook part remain for a while
• the upgrade part will be remain for a while too
• permission is only for read/list/get on these 2 CRs

DO NOT MERGE TILL WE KNOW IF WE SHOULD SUPPORT UPGRADE FROM 2.25 TO 3.3 OR MUST GO WITH 3.0 FIRST

Description

How Has This Been Tested?

Screenshot or short clip

Merge criteria

• You have read the contributors guide.
• Commit messages are meaningful - have a clear and concise summary and detailed explanation of what was changed and why.
• Pull Request contains a description of the solution, a link to the JIRA issue, and to any dependent or related Pull Request.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work
• The developer has run the integration test pipeline and verified that it passed successfully

E2E test suite update requirement

When bringing new changes to the operator code, such changes are by default required to be accompanied by extending and/or updating the E2E test suite accordingly.

To opt-out of this requirement:

1. Please inspect the opt-out guidelines, to determine if the nature of the PR changes allows for skipping this requirement
2. If opt-out is applicable, provide justification in the dedicated E2E update requirement opt-out justification section below
3. Check the checkbox below:

• Skip requirement to update E2E test suite for this PR

4. Submit/save these changes to the PR description. This will automatically trigger the check.

E2E update requirement opt-out justification

for code cleanup

Summary by CodeRabbit

• Refactor

  • Removed hardware profile migration functionality and simplified internal reconciliation logic for dashboard components.
  • Removed associated test coverage for hardware profile migration operations.

• Security

  • Dashboard accelerator and hardware profile resources are now restricted to read-only access (get, list, watch). Modification operations are no longer permitted.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jctanner for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR removes hardware profile migration and reconciliation functionality from the dashboard and initialization controllers. Changes include eliminating dynamic watches for hardware profile CRDs, removing related type definitions, reconciliation logic, test coverage, and narrowing RBAC permissions to read-only access for affected resources.

Changes

Cohort / File(s)	Summary
Dashboard controller cleanup internal/controller/components/dashboard/dashboard_controller.go, internal/controller/components/dashboard/dashboard_controller_actions.go	Removed hardware profile watch and reconciliation wiring. Deleted OwnsGVK, WatchesGVK blocks, and WithAction(reconcileHardwareProfiles). Removed exported types DashboardHardwareProfile, DashboardHardwareProfileSpec, DashboardHardwareProfileList, and reconciliation methods (reconcileHardwareProfiles, createInfraHWP, updateInfraHWP). Cleaned up associated imports.
Test file removal internal/controller/components/dashboard/dashboard_controller_actions_test.go	Removed entire test file eliminating TestMigrateHardwareProfiles and TestCreateInfraHardwareProfile test cases.
RBAC permissions narrowing internal/controller/datasciencecluster/kubebuilder_rbac.go	Restricted acceleratorprofiles and hardwareprofiles RBAC verbs from full CRUD to read-only (get, list, watch) under the Dashboard group.
DSC Initialization cleanup internal/controller/dscinitialization/dscinitialization_controller.go	Removed apiextensions/v1 import, deleted Watches for CustomResourceDefinition, and removed watchHWProfileCRDResource helper method.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Review areas requiring extra attention:
  • Verify no external callers reference the removed exported types (DashboardHardwareProfile, etc.) or watchHWProfileCRDResource method
  • Confirm RBAC narrowing aligns with removal of write operations on these resources
  • Validate that test coverage for hardware profile functionality exists elsewhere or is intentionally deprecated
  • Check for any remaining references to reconcileHardwareProfiles in the codebase

Poem

🐰 Hopping through the code, we hop away,
Hardware profiles no longer stay,
Dynamic watches fade to still,
Read-only rules now fit the bill,
Simpler flows, a cleaner way!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and accurately summarizes the main change: cleanup of old dashboard AProfile and HWProfile references across multiple files and controllers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR removes the deprecated migration logic for Dashboard's HardwareProfile and AcceleratorProfile custom resources. The migration code that automatically converted Dashboard HardwareProfiles to infrastructure HardwareProfiles is no longer needed. The changes reduce RBAC permissions for these Dashboard resources to read-only operations (get, list, watch), removes the associated CRD watcher and migration functions, and eliminates the corresponding test files.

Key Changes

• Removed automatic migration logic for Dashboard HardwareProfile resources
• Reduced RBAC permissions for acceleratorprofiles and hardwareprofiles to read-only
• Removed CRD watch for Dashboard HardwareProfile and AcceleratorProfile resources

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
internal/controller/dscinitialization/dscinitialization_controller.go	Removed CRD watcher for Dashboard AcceleratorProfile and HardwareProfile, and removed the associated watch handler function
internal/controller/datasciencecluster/kubebuilder_rbac.go	Updated RBAC annotations to change permissions from create/patch/delete/update to read-only (get/list/watch) for acceleratorprofiles and hardwareprofiles
internal/controller/components/dashboard/dashboard_controller_actions_test.go	Deleted test file containing migration logic tests for HardwareProfile conversion
internal/controller/components/dashboard/dashboard_controller_actions.go	Removed migration functions and type definitions for Dashboard HardwareProfile migration
internal/controller/components/dashboard/dashboard_controller.go	Removed Dashboard HardwareProfile watcher, AcceleratorProfile ownership, and migration action from the controller
config/rbac/role.yaml	Updated RBAC role to consolidate acceleratorprofiles and hardwareprofiles under read-only permissions
bundle/manifests/opendatahub-operator.clusterserviceversion.yaml	Updated CSV manifest with new RBAC permissions and refreshed createdAt timestamp

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[carlkyrillos]

/hold
@zdtsw and I agreed to hold this change until after 3.0 just to be safe

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.64%. Comparing base (0ea2f33) to head (219d761).
⚠️ Report is 18 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2698      +/-   ##
==========================================
- Coverage   49.65%   49.64%   -0.02%     
==========================================
  Files         144      144              
  Lines       10562    10483      -79     
==========================================
- Hits         5245     5204      -41     
+ Misses       4758     4726      -32     
+ Partials      559      553       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5dce19c and ea9086b.

📒 Files selected for processing (1)

• bundle/manifests/opendatahub-operator.clusterserviceversion.yaml (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build/push catalog image
• GitHub Check: Run tests and collect coverage on internal and pkg
• GitHub Check: golangci-lint

🔇 Additional comments (3)

bundle/manifests/opendatahub-operator.clusterserviceversion.yaml (3)

620-625: RBAC correctly restricts HardwareProfile permissions to read-only.

The permissions for hardwareprofiles (alongside acceleratorprofiles) are limited to get, list, and watch, aligning with the PR objective to restrict old dashboard CR permissions during cleanup.

---

628-638: RBAC reassigns full CRUD permissions to odhapplications and odhdocuments.

The resources have been moved to a dedicated RBAC rule with full permissions (create, delete, get, list, patch, update, watch), supporting the cleanup objective.

---

1636-1650: Webhook definitions for HardwareProfile retained appropriately.

Webhook configurations for dashboard-hardwareprofile-validator and hardware-profile mutating injectors remain in place, preserving webhook functionality as stated in the PR objectives.

Also applies to: 1781-1835

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Container image version doesn't match operator version.

Line 85 references container image v3.0.0 while the operator version (line 1536) is bumped to 3.1.0. Update the container image to match the version bump.

-    containerImage: quay.io/opendatahub/opendatahub-operator:v3.0.0
+    containerImage: quay.io/opendatahub/opendatahub-operator:v3.1.0

Also applies to: 1536-1536

---

🏁 Script executed:

#!/bin/bash
# Extract container image version around line 85
echo "=== Container Image (lines 80-90) ==="
sed -n '80,90p' bundle/manifests/opendatahub-operator.clusterserviceversion.yaml

echo ""
echo "=== Operator Version (lines 1530-1540) ==="
sed -n '1530,1540p' bundle/manifests/opendatahub-operator.clusterserviceversion.yaml

echo ""
echo "=== All version references in file ==="
grep -n "version\|Version\|containerImage" bundle/manifests/opendatahub-operator.clusterserviceversion.yaml | head -20

Length of output: 1646

---

Container image version doesn't match operator version.

Line 85 references container image v3.0.0 while the operator version (line 1535) is bumped to 3.1.0. Update the container image to match the version bump.

-    containerImage: quay.io/opendatahub/opendatahub-operator:v3.0.0
+    containerImage: quay.io/opendatahub/opendatahub-operator:v3.1.0

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	containerImage: quay.io/opendatahub/opendatahub-operator:v3.0.0
	containerImage: quay.io/opendatahub/opendatahub-operator:v3.1.0

🤖 Prompt for AI Agents

In bundle/manifests/opendatahub-operator.clusterserviceversion.yaml around line
85, the containerImage is pinned to
quay.io/opendatahub/opendatahub-operator:v3.0.0 while the operator version was
bumped to 3.1.0 at line 1535; update the containerImage tag to v3.1.0 so the
image version matches the operator CSV version.

[openshift-ci]

@zdtsw: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/opendatahub-operator-rhoai-pr-image-mirror	219d761	link	true	/test opendatahub-operator-rhoai-pr-image-mirror

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[zdtsw]

i am closing this PR based on:

• we still need the logic to support 2.25->3.3
• these logic can only be deleted on 3.4 ONLY IF we dont support EUS ->EUS which could be 2.25->3.5 (2026.08)
  cc @carlkyrillos we can have some follow up work later