Add collisionProtection inheritance hierarchy to ClusterExtensionRevision

Add collisionProtection as an optional field at the spec and phase levels,
with inheritance resolution: object > phase > spec > default ("Prevent").
This reduces verbosity by letting users set a single spec-level default
instead of repeating the value on every object.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: pedjak

api/v1/clusterextensionrevision_types.go

@@ -105,6 +105,19 @@ type ClusterExtensionRevisionSpec struct {
 	// +optional
 	// <opcon:experimental>
 	ProgressDeadlineMinutes int32 `json:"progressDeadlineMinutes,omitempty"`
+
+	// collisionProtection specifies the default collision protection strategy for all objects
+	// in this revision. Individual phases or objects can override this value.
+	//
+	// When set, this value is used as the default for any phase or object that does not
+	// explicitly specify its own collisionProtection.
+	//
+	// The resolution order is: object > phase > spec > default ("Prevent").
+	//
+	// +optional
+	// +kubebuilder:validation:Enum=Prevent;IfNoController;None
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="collisionProtection is immutable"
+	CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"`
 }
 
 // ClusterExtensionRevisionLifecycleState specifies the lifecycle state of the ClusterExtensionRevision.
@@ -144,6 +157,18 @@ type ClusterExtensionRevisionPhase struct {
 	// +required
 	// +kubebuilder:validation:MaxItems=50
 	Objects []ClusterExtensionRevisionObject `json:"objects"`
+
+	// collisionProtection specifies the default collision protection strategy for all objects
+	// in this phase. Individual objects can override this value.
+	//
+	// When set, this value is used as the default for any object in this phase that does not
+	// explicitly specify its own collisionProtection.
+	//
+	// The resolution order is: object > phase > spec > default ("Prevent").
+	//
+	// +optional
+	// +kubebuilder:validation:Enum=Prevent;IfNoController;None
+	CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"`
 }
 
 // ClusterExtensionRevisionObject represents a Kubernetes object to be applied as part
@@ -174,7 +199,9 @@ type ClusterExtensionRevisionObject struct {
 	// Use this setting with extreme caution as it may cause multiple controllers to fight over
 	// the same resource, resulting in increased load on the API server and etcd.
 	//
-	// +required
+	// When omitted, the value is inherited from the phase, then spec, then defaults to "Prevent".
+	//
+	// +optional
 	// +kubebuilder:validation:Enum=Prevent;IfNoController;None
 	CollisionProtection CollisionProtection `json:"collisionProtection,omitempty"`
 }

api/v1/clusterextensionrevision_types_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
 func TestClusterExtensionRevisionImmutability(t *testing.T) {
@@ -79,6 +80,16 @@ func TestClusterExtensionRevisionImmutability(t *testing.T) {
 				}
 			},
 		},
+		"spec collisionProtection is immutable": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState:      ClusterExtensionRevisionLifecycleStateActive,
+				Revision:            1,
+				CollisionProtection: CollisionProtectionPrevent,
+			},
+			updateFunc: func(cer *ClusterExtensionRevision) {
+				cer.Spec.CollisionProtection = CollisionProtectionNone
+			},
+		},
 	} {
 		t.Run(name, func(t *testing.T) {
 			cer := &ClusterExtensionRevision{
@@ -192,6 +203,62 @@ func TestClusterExtensionRevisionValidity(t *testing.T) {
 			},
 			valid: false,
 		},
+		"spec collisionProtection accepts Prevent": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState:      ClusterExtensionRevisionLifecycleStateActive,
+				Revision:            1,
+				CollisionProtection: CollisionProtectionPrevent,
+			},
+			valid: true,
+		},
+		"spec collisionProtection accepts IfNoController": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState:      ClusterExtensionRevisionLifecycleStateActive,
+				Revision:            1,
+				CollisionProtection: CollisionProtectionIfNoController,
+			},
+			valid: true,
+		},
+		"spec collisionProtection accepts None": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState:      ClusterExtensionRevisionLifecycleStateActive,
+				Revision:            1,
+				CollisionProtection: CollisionProtectionNone,
+			},
+			valid: true,
+		},
+		"spec collisionProtection can be omitted": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState: ClusterExtensionRevisionLifecycleStateActive,
+				Revision:       1,
+			},
+			valid: true,
+		},
+		"spec collisionProtection rejects invalid values": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState:      ClusterExtensionRevisionLifecycleStateActive,
+				Revision:            1,
+				CollisionProtection: CollisionProtection("Invalid"),
+			},
+			valid: false,
+		},
+		"object collisionProtection is optional": {
+			spec: ClusterExtensionRevisionSpec{
+				LifecycleState: ClusterExtensionRevisionLifecycleStateActive,
+				Revision:       1,
+				Phases: []ClusterExtensionRevisionPhase{
+					{
+						Name: "deploy",
+						Objects: []ClusterExtensionRevisionObject{
+							{
+								Object: configMap(),
+							},
+						},
+					},
+				},
+			},
+			valid: true,
+		},
 	} {
 		t.Run(name, func(t *testing.T) {
 			cer := &ClusterExtensionRevision{
@@ -211,3 +278,15 @@ func TestClusterExtensionRevisionValidity(t *testing.T) {
 		})
 	}
 }
+
+func configMap() unstructured.Unstructured {
+	return unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "ConfigMap",
+			"metadata": map[string]interface{}{
+				"name": "test-cm",
+			},
+		},
+	}
+}

helm/olmv1/base/operator-controller/crd/experimental/olm.operatorframework.io_clusterextensionrevisions.yaml

@@ -56,6 +56,23 @@ spec:
           spec:
             description: spec defines the desired state of the ClusterExtensionRevision.
             properties:
+              collisionProtection:
+                description: |-
+                  collisionProtection specifies the default collision protection strategy for all objects
+                  in this revision. Individual phases or objects can override this value.
+
+                  When set, this value is used as the default for any phase or object that does not
+                  explicitly specify its own collisionProtection.
+
+                  The resolution order is: object > phase > spec > default ("Prevent").
+                enum:
+                - Prevent
+                - IfNoController
+                - None
+                type: string
+                x-kubernetes-validations:
+                - message: collisionProtection is immutable
+                  rule: self == oldSelf
               lifecycleState:
                 description: |-
                   lifecycleState specifies the lifecycle state of the ClusterExtensionRevision.
@@ -102,6 +119,20 @@ spec:
                     ClusterExtensionRevisionPhase represents a group of objects that are applied together. The phase is considered
                     complete only after all objects pass their status probes.
                   properties:
+                    collisionProtection:
+                      description: |-
+                        collisionProtection specifies the default collision protection strategy for all objects
+                        in this phase. Individual objects can override this value.
+
+                        When set, this value is used as the default for any object in this phase that does not
+                        explicitly specify its own collisionProtection.
+
+                        The resolution order is: object > phase > spec > default ("Prevent").
+                      enum:
+                      - Prevent
+                      - IfNoController
+                      - None
+                      type: string
                     name:
                       description: |-
                         name is a required identifier for this phase.
@@ -149,6 +180,8 @@ spec:
                               owned by another controller.
                               Use this setting with extreme caution as it may cause multiple controllers to fight over
                               the same resource, resulting in increased load on the API server and etcd.
+
+                              When omitted, the value is inherited from the phase, then spec, then defaults to "Prevent".
                             enum:
                             - Prevent
                             - IfNoController
@@ -163,7 +196,6 @@ spec:
                             x-kubernetes-embedded-resource: true
                             x-kubernetes-preserve-unknown-fields: true
                         required:
-                        - collisionProtection
                         - object
                         type: object
                       maxItems: 50

internal/operator-controller/applier/boxcutter.go

@@ -75,8 +75,7 @@ func (r *SimpleRevisionGenerator) GenerateRevisionFromHelmRelease(
 		sanitizedUnstructured(ctx, &obj)
 
 		objs = append(objs, ocv1.ClusterExtensionRevisionObject{
-			Object:              obj,
-			CollisionProtection: ocv1.CollisionProtectionNone, // allow to adopt objects from previous release
+			Object: obj,
 		})
 	}
 
@@ -88,6 +87,7 @@ func (r *SimpleRevisionGenerator) GenerateRevisionFromHelmRelease(
 	})
 	rev.Name = fmt.Sprintf("%s-1", ext.Name)
 	rev.Spec.Revision = 1
+	rev.Spec.CollisionProtection = ocv1.CollisionProtectionNone // allow to adopt objects from previous release
 	return rev, nil
 }
 
@@ -147,11 +147,12 @@ func (r *SimpleRevisionGenerator) GenerateRevision(
 		sanitizedUnstructured(ctx, &unstr)
 
 		objs = append(objs, ocv1.ClusterExtensionRevisionObject{
-			Object:              unstr,
-			CollisionProtection: ocv1.CollisionProtectionPrevent,
+			Object: unstr,
 		})
 	}
-	return r.buildClusterExtensionRevision(objs, ext, revisionAnnotations), nil
+	rev := r.buildClusterExtensionRevision(objs, ext, revisionAnnotations)
+	rev.Spec.CollisionProtection = ocv1.CollisionProtectionPrevent
+	return rev, nil
 }
 
 // sanitizedUnstructured takes an unstructured obj, removes status if present, and returns a sanitized copy containing only the allowed metadata entries set below.

internal/operator-controller/applier/boxcutter_test.go

@@ -114,8 +114,9 @@ func Test_SimpleRevisionGenerator_GenerateRevisionFromHelmRelease(t *testing.T)
 			},
 		},
 		Spec: ocv1.ClusterExtensionRevisionSpec{
-			LifecycleState: ocv1.ClusterExtensionRevisionLifecycleStateActive,
-			Revision:       1,
+			LifecycleState:      ocv1.ClusterExtensionRevisionLifecycleStateActive,
+			CollisionProtection: ocv1.CollisionProtectionNone,
+			Revision:            1,
 			Phases: []ocv1.ClusterExtensionRevisionPhase{
 				{
 					Name: "deploy",
@@ -132,7 +133,6 @@ func Test_SimpleRevisionGenerator_GenerateRevisionFromHelmRelease(t *testing.T)
 									},
 								},
 							},
-							CollisionProtection: ocv1.CollisionProtectionNone,
 						},
 						{
 							Object: unstructured.Unstructured{
@@ -146,7 +146,6 @@ func Test_SimpleRevisionGenerator_GenerateRevisionFromHelmRelease(t *testing.T)
 									},
 								},
 							},
-							CollisionProtection: ocv1.CollisionProtectionNone,
 						},
 					},
 				},
@@ -215,6 +214,8 @@ func Test_SimpleRevisionGenerator_GenerateRevision(t *testing.T) {
 	}, rev.Labels)
 	t.Log("by checking the revision number is 0")
 	require.Equal(t, int64(0), rev.Spec.Revision)
+	t.Log("by checking the spec-level collisionProtection is set")
+	require.Equal(t, ocv1.CollisionProtectionPrevent, rev.Spec.CollisionProtection)
 	t.Log("by checking the rendered objects are present in the correct phases")
 	require.Equal(t, []ocv1.ClusterExtensionRevisionPhase{
 		{
@@ -231,7 +232,6 @@ func Test_SimpleRevisionGenerator_GenerateRevision(t *testing.T) {
 							"spec": map[string]interface{}{},
 						},
 					},
-					CollisionProtection: ocv1.CollisionProtectionPrevent,
 				},
 				{
 					Object: unstructured.Unstructured{
@@ -260,7 +260,6 @@ func Test_SimpleRevisionGenerator_GenerateRevision(t *testing.T) {
 							},
 						},
 					},
-					CollisionProtection: ocv1.CollisionProtectionPrevent,
 				},
 			},
 		},

internal/operator-controller/controllers/clusterextensionrevision_controller.go

@@ -464,10 +464,10 @@ func (c *ClusterExtensionRevisionReconciler) toBoxcutterRevision(ctx context.Con
 			objLabels[labels.OwnerNameKey] = rev.Labels[labels.OwnerNameKey]
 			obj.SetLabels(objLabels)
 
-			switch specObj.CollisionProtection {
+			switch cp := EffectiveCollisionProtection(rev.Spec.CollisionProtection, specPhase.CollisionProtection, specObj.CollisionProtection); cp {
 			case ocv1.CollisionProtectionIfNoController, ocv1.CollisionProtectionNone:
 				opts = append(opts, boxcutter.WithObjectReconcileOptions(
-					obj, boxcutter.WithCollisionProtection(specObj.CollisionProtection)))
+					obj, boxcutter.WithCollisionProtection(cp)))
 			}
 
 			phase.Objects = append(phase.Objects, *obj)
@@ -477,6 +477,18 @@ func (c *ClusterExtensionRevisionReconciler) toBoxcutterRevision(ctx context.Con
 	return r, opts, nil
 }
 
+// EffectiveCollisionProtection resolves the collision protection value using
+// the inheritance hierarchy: object > phase > spec > default ("Prevent").
+func EffectiveCollisionProtection(cp ...ocv1.CollisionProtection) ocv1.CollisionProtection {
+	ecp := ocv1.CollisionProtectionPrevent
+	for _, c := range cp {
+		if c != "" {
+			ecp = c
+		}
+	}
+	return ecp
+}
+
 var (
 	deploymentProbe = &probing.GroupKindSelector{
 		GroupKind: schema.GroupKind{Group: appsv1.GroupName, Kind: "Deployment"},

internal/operator-controller/controllers/clusterextensionrevision_controller_test.go

@@ -1266,6 +1266,60 @@ func (m *mockTrackingCache) Free(ctx context.Context, user client.Object) error
 	return nil
 }
 
+func Test_effectiveCollisionProtection(t *testing.T) {
+	for _, tc := range []struct {
+		name     string
+		specCP   ocv1.CollisionProtection
+		phaseCP  ocv1.CollisionProtection
+		objectCP ocv1.CollisionProtection
+		expected ocv1.CollisionProtection
+	}{
+		{
+			name:     "all empty defaults to Prevent",
+			expected: ocv1.CollisionProtectionPrevent,
+		},
+		{
+			name:     "spec only",
+			specCP:   ocv1.CollisionProtectionNone,
+			expected: ocv1.CollisionProtectionNone,
+		},
+		{
+			name:     "phase overrides spec",
+			specCP:   ocv1.CollisionProtectionPrevent,
+			phaseCP:  ocv1.CollisionProtectionIfNoController,
+			expected: ocv1.CollisionProtectionIfNoController,
+		},
+		{
+			name:     "object overrides phase",
+			specCP:   ocv1.CollisionProtectionPrevent,
+			phaseCP:  ocv1.CollisionProtectionIfNoController,
+			objectCP: ocv1.CollisionProtectionNone,
+			expected: ocv1.CollisionProtectionNone,
+		},
+		{
+			name:     "object overrides spec",
+			specCP:   ocv1.CollisionProtectionNone,
+			objectCP: ocv1.CollisionProtectionPrevent,
+			expected: ocv1.CollisionProtectionPrevent,
+		},
+		{
+			name:     "phase only",
+			phaseCP:  ocv1.CollisionProtectionNone,
+			expected: ocv1.CollisionProtectionNone,
+		},
+		{
+			name:     "object only",
+			objectCP: ocv1.CollisionProtectionIfNoController,
+			expected: ocv1.CollisionProtectionIfNoController,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			result := controllers.EffectiveCollisionProtection(tc.specCP, tc.phaseCP, tc.objectCP)
+			require.Equal(t, tc.expected, result)
+		})
+	}
+}
+
 func Test_ClusterExtensionRevisionReconciler_getScopedClient_Errors(t *testing.T) {
 	testScheme := newScheme(t)