chore: update ocm-api-model to 0.0.453

[zgalor]

No description provided.

[coderabbitai]

Walkthrough

This pull request updates OCM API model dependencies from v0.0.452 to v0.0.453 across multiple go.mod files, adds Go type aliases and constants for Azure KMS encryption visibility in the v1alpha1 package, and updates the OpenAPI schema with a new oidc_issuer_url field and visibility property for KMS encryption configuration.

Changes

Cohort / File(s)	Summary
Go Type Aliases and Constants arohcp/v1alpha1/azure_kms_encryption_visibility_type_alias.go, arohcp/v1alpha1/azure_kms_encryption_visibility_list_type_alias_json_alias.go	New files providing type aliases and constants for AzureKmsEncryptionVisibility and corresponding marshal/unmarshal/read/write functions, re-exporting from api_v1alpha1 package.
Dependency Updates go.mod, examples/go.mod, metamodel_generator/go.mod	Version bumps for github.com/openshift-online/ocm-api-model/clientapi and github.com/openshift-online/ocm-api-model/model from v0.0.452 to v0.0.453.
OpenAPI Schema openapi/aro_hcp/v1alpha1/openapi.json	Addition of oidc_issuer_url field to Azure section and new visibility property in AzureKmsEncryption with corresponding AzureKmsEncryptionVisibility enum type (accepts "private" and "public" values).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No description was provided by the author, which makes it impossible to assess relevance to the changeset.	Add a description explaining the purpose and impact of updating ocm-api-model to version 0.0.453.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating the ocm-api-model dependency to version 0.0.453, which is reflected across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

arohcp/v1alpha1/azure_kms_encryption_visibility_list_type_alias_json_alias.go (1)

38-40: Minor: Inconsistent quote style in docstring.

Line 38 has mismatched quotes: "azure_kms_encryption_visibility' (starts with double quote, ends with single quote). However, since this is auto-generated code (as noted in lines 17-18), this should be fixed in the generator rather than here.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@arohcp/v1alpha1/azure_kms_encryption_visibility_list_type_alias_json_alias.go`
around lines 38 - 40, The docstring for the ReadAzureKmsEncryptionVisibilityList
alias contains mismatched quotes around the type name
("azure_kms_encryption_visibility' ); update the generator that emits this
comment so it uses consistent quoting (preferably backticks or matching double
quotes) for type names in generated comments; specifically fix the template that
renders the comment for the ReadAzureKmsEncryptionVisibilityList alias so the
produced line consistently opens and closes with the same quote character.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@openapi/aro_hcp/v1alpha1/openapi.json`:
- Around line 4045-4048: The schema property oidc_issuer_url is documented as
read-only but missing the readOnly flag; modify the OpenAPI property definition
for "oidc_issuer_url" (the JSON object with "description" and "type": "string")
to include "readOnly": true so generated clients and validators treat it as
immutable.
- Around line 4147-4150: The OpenAPI schema places metadata
(description/default) as a sibling to a $ref for the "visibility" property (ref:
`#/components/schemas/AzureKmsEncryptionVisibility`), which OpenAPI 3.0 ignores;
change the property to use allOf to compose the referenced schema with an inline
schema containing the description and default (e.g., replace the direct "$ref"
plus "description"/"default" siblings with "allOf": [{"$ref":
"#/components/schemas/AzureKmsEncryptionVisibility"},
{"type":"string","description":"...","default":"public"}]) so clients can
consume the documented default and description.

---

Nitpick comments:
In
`@arohcp/v1alpha1/azure_kms_encryption_visibility_list_type_alias_json_alias.go`:
- Around line 38-40: The docstring for the ReadAzureKmsEncryptionVisibilityList
alias contains mismatched quotes around the type name
("azure_kms_encryption_visibility' ); update the generator that emits this
comment so it uses consistent quoting (preferably backticks or matching double
quotes) for type names in generated comments; specifically fix the template that
renders the comment for the ReadAzureKmsEncryptionVisibilityList alias so the
produced line consistently opens and closes with the same quote character.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6bd24bb7-0e70-4d63-acca-3fcfd971f7ee

📥 Commits

Reviewing files that changed from the base of the PR and between e6f5827 and 7ac4097.

⛔ Files ignored due to path filters (3)

• examples/go.sum is excluded by !**/*.sum
• go.sum is excluded by !**/*.sum
• metamodel_generator/go.sum is excluded by !**/*.sum

📒 Files selected for processing (7)

• arohcp/v1alpha1/azure_kms_encryption_visibility_list_type_alias_json_alias.go
• arohcp/v1alpha1/azure_kms_encryption_visibility_type_alias.go
• arohcp/v1alpha1/openapi.go
• examples/go.mod
• go.mod
• metamodel_generator/go.mod
• openapi/aro_hcp/v1alpha1/openapi.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Mark oidc_issuer_url as read-only in the schema.

The description says this field is read-only, but without readOnly: true generated clients and request validation will still treat it as writable.

💡 Proposed fix

           "oidc_issuer_url": {
             "description": "The OIDC issuer URL for workload identity federation\nThis URL is used by Azure managed identities to establish trust with cluster.\nReadonly",
-            "type": "string"
+            "type": "string",
+            "readOnly": true
           },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@openapi/aro_hcp/v1alpha1/openapi.json` around lines 4045 - 4048, The schema
property oidc_issuer_url is documented as read-only but missing the readOnly
flag; modify the OpenAPI property definition for "oidc_issuer_url" (the JSON
object with "description" and "type": "string") to include "readOnly": true so
generated clients and validators treat it as immutable.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Does OpenAPI 3.0 allow sibling fields next to $refinside a schema object, or are they ignored? If they are ignored, what is the recommended pattern for combining$refwithdescriptionanddefault?

💡 Result:

In OpenAPI 3.0.x, if a schema is written as a $ref Reference Object, then any sibling fields (like description, default, etc.) are ignored by spec: “This object cannot be extended with additional properties and any properties added SHALL be ignored.” [1]. Swagger’s OpenAPI 3.0 docs also state directly: “Any sibling elements of a $ref are ignored.” [2]

Recommended pattern (OAS 3.0.x): wrap the ref with allOf and add your annotations there, e.g.:

MyField:
  allOf:
    - $ref: '#/components/schemas/Date'
    - description: Date used for billing
      default: '2026-01-01'

This keeps $ref intact while allowing description/default to be applied via schema composition (the commonly recommended workaround) [2][3].

Sources: [1] OpenAPI Spec v3.0.3 (Reference Object) [2] Swagger docs “Using $ref (OpenAPI 3.0)” [3] Redocly guidance on using allOf to override/extend referenced schemas in OAS 3.0.

---

Don't place property metadata directly next to $ref in OpenAPI 3.0 schemas.

In OpenAPI 3.0.x, sibling fields like description, default, etc. next to $ref are explicitly ignored by the specification ("any properties added SHALL be ignored"). This means the documented public default isn't encoded where clients can safely consume it. Use allOf to compose the reference with your metadata.

Proposed fix

           "visibility": {
             "description": "visibility defines the visibility of the Azure Key Vault.\nAccepted values are `public` and `private`.\nDefaults to `public` if not set.",
-            "$ref": "#/components/schemas/AzureKmsEncryptionVisibility"
+            "default": "public",
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/AzureKmsEncryptionVisibility"
+              }
+            ]
           }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@openapi/aro_hcp/v1alpha1/openapi.json` around lines 4147 - 4150, The OpenAPI
schema places metadata (description/default) as a sibling to a $ref for the
"visibility" property (ref: `#/components/schemas/AzureKmsEncryptionVisibility`),
which OpenAPI 3.0 ignores; change the property to use allOf to compose the
referenced schema with an inline schema containing the description and default
(e.g., replace the direct "$ref" plus "description"/"default" siblings with
"allOf": [{"$ref": "#/components/schemas/AzureKmsEncryptionVisibility"},
{"type":"string","description":"...","default":"public"}]) so clients can
consume the documented default and description.

[zgalor]

@oriAdler @nimrodshn @miguelsorianod PTAL

[miguelsorianod]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: miguelsorianod, zgalor

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [miguelsorianod]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment