Add new fields to ThanosQuerierConfig

[danielmellado]

Port ThanosQuerierConfig fields from the CMO ConfigMap API to the
ClusterMonitoring CRD. LogLevel reuses the existing LogLevel enum
(Error, Warn, Info, Debug). EnableRequestLogging and EnableCORS use
a new ThanosQuerierToggle string enum (Enabled, Disabled) following
the Kubernetes API convention of avoiding *bool fields.

Signed-off-by: Daniel Mellado dmellado@fedoraproject.org

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[openshift-ci]

Hello @danielmellado! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 697703a6-10ba-4401-b608-4188bf11aa72

📥 Commits

Reviewing files that changed from the base of the PR and between 2d8d4d8 and b6ab5b9.

⛔ Files ignored due to path filters (4)

• config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml is excluded by !**/zz_generated.crd-manifests/*
• config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml is excluded by !**/zz_generated.featuregated-crd-manifests/**
• config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/zz_generated*
• openapi/generated_openapi/zz_generated.openapi.go is excluded by !openapi/**, !**/zz_generated*

📒 Files selected for processing (3)

• config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml
• config/v1alpha1/types_cluster_monitoring.go
• payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml

---

📝 Walkthrough

Walkthrough

Added three optional fields to ThanosQuerierConfig: logLevel (Error|Warn|Info|Debug), requestLogging (LogAll|None), and crossOriginRequestPolicy (AllowAll|DenyAll). Introduced two new string enum types RequestLoggingPolicy and CrossOriginRequestPolicy with exported constants. The ClusterMonitoring CRD schema was extended to declare these properties and comprehensive validation tests were added for accepted values and explicit rejections of unsupported values.

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Microshift Test Compatibility	⚠️ Warning	New Ginkgo e2e tests use ClusterMonitoring (config.openshift.io), unavailable on MicroShift. Missing [Skipped:MicroShift], [apigroup:config.openshift.io], or IsMicroShiftCluster() guards.	Add [apigroup:config.openshift.io] tag to test names or wrap with IsMicroShiftCluster() check. Verify if MicroShift jobs are excluded from presubmit CI.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding new fields to ThanosQuerierConfig. It is concise, clear, and directly reflects the primary purpose of the changeset.
Description check	✅ Passed	The description is related to the changeset, explaining the purpose of porting ThanosQuerierConfig fields from CMO ConfigMap API to ClusterMonitoring CRD with details about enum reuse and new types.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in the modified YAML test data are stable and deterministic. No dynamic values, timestamps, UUIDs, or random identifiers are present in any of the 11 new/updated test entries.
Test Structure And Quality	✅ Passed	New YAML test cases are auto-generated into Ginkgo tests. Test framework implements all quality requirements: single responsibility, setup/cleanup, timeouts, assertions, and consistency patterns.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR does not add Ginkgo e2e tests. It modifies Go type definitions, YAML validation manifests, and CRD schemas only. SNO compatibility check applies only to Ginkgo tests.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds configuration options (logLevel, requestLogging, crossOriginRequestPolicy) to ThanosQuerierConfig API, not scheduling constraints or deployment specs.
Ote Binary Stdout Contract	✅ Passed	PR contains only type definitions, constants, and YAML test/CRD specifications. No process-level stdout writes detected. All changes are declarative with no executable initialization code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add Ginkgo e2e tests. It modifies YAML validation test cases, type definitions, and CRD manifests. No IPv4 assumptions or external connectivity requirements found in tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented
The command is terminated due to an error: build linters: unable to load custom analyzer "kubeapilinter": tools/_output/bin/kube-api-linter.so, plugin: not implemented

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign joelspeed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[danielmellado]

/test verify-deps

[everettraven]

Looking at https://thanos.io/tip/thanos/logging.md/ it looks like HTTP request logging has the ability to be configured beyond just being turned on/off.

Do we anticipate needing to support the finer tuning that the thanos configuration options seem to allow?

[danielmellado]

Thanks for the pointer to the Thanos logging docs. You're right that Thanos supports richer request logging config (per-protocol levels, log_start/log_end decisions, endpoint allowlists).

However, looking at how CMO currently uses this field, it's a simple on/off toggle — when enabled, it generates a hardcoded --request.logging-config block with log_start: false, log_end: true for both HTTP and gRPC, using the top-level logLevel for verbosity. No fine-grained options are exposed to users today.

For now, I've renamed this to requestLogging with values LogAll / None to match the current CMO behavior while avoiding the ambiguous "Enabled"/"Disabled" terminology. If we need finer-grained control in the future, we can evolve this field into a structured type (e.g., with per-protocol log levels and decision options) without breaking the existing API.

[everettraven]

We try to avoid the usage of the terms "enabled" and "disabled" where possible because they tend to be just as ambiguous as a true/false boolean value.

Also, enableCORS: Enabled reads a bit weird.

What do you think of making this something like crossOriginRequestHeaderPolicy: AllowAll | None ? This looks to satisfy the existing options allowed by the Thanos flag but gives you the flexibility to evolve to support additional configurations in the future if Thanos decides to support additional configuration in the future.

[danielmellado]

Agree there... enableCORS: Enabled does read awkwardly, and I agree we should avoid "Enabled"/"Disabled" values.

I've renamed this to crossOriginRequestPolicy with enum values AllowAll / DenyAll, closely following your suggestion. This maps directly to what Thanos and CMO support today (--web.disable-cors flag), and leaves room for future values like AllowSpecific if Thanos ever supports per-origin configuration.

[openshift-ci]

@danielmellado: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	b6ab5b9	link	true	/test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.