New notification for GCP CCS SA permission issues

[chamalabey]

Adding a new notification template.

Summary by CodeRabbit

• New Features
  • Added a diagnostic alert to identify insufficient GCP service account permissions affecting cluster provisioning. When detected, users receive a Major severity notification with troubleshooting guidance and links to documentation to resolve the permission configuration issue.

[coderabbitai]

Warning

Rate limit exceeded

@chamalabey has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 36 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2903e2cb-ebda-4af4-8e95-9d88b9ee8d37

📥 Commits

Reviewing files that changed from the base of the PR and between 37ebac3 and 6355e75.

📒 Files selected for processing (1)

• osd/gcp/GCP_CCS_SA_invalid_permissions.json

Walkthrough

A new JSON diagnostic rule definition is added for GCP service account permission validation, capturing a "Major" severity issue that flags insufficient GCP project permissions during cluster provisioning.

Changes

GCP Diagnostic Rule Definition

Layer / File(s)	Summary
Diagnostic Rule Definition osd/gcp/GCP_CCS_SA_invalid_permissions.json	New JSON rule defines a Major severity alert for SREManualAction service when insufficient GCP project permissions prevent cluster-access cluster provisioning. Includes summary, description, and documentation reference; marked as non-internal.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a new notification for GCP CCS service account permission issues.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR adds a JSON notification config file, not Ginkgo tests. The check applies only to Go test code with Ginkgo patterns (It(), Describe(), etc.). Not applicable here.
Test Structure And Quality	✅ Passed	This check evaluates Ginkgo test code quality, but the PR only adds a JSON notification template file. No test code is present, making this check inapplicable.
Microshift Test Compatibility	✅ Passed	This PR adds only a JSON notification definition file, not Ginkgo e2e tests. The MicroShift compatibility check only applies to e2e test code.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The custom check is for SNO compatibility of Ginkgo e2e tests. This PR only adds a JSON notification template file, not any e2e tests. The check is not applicable to this PR.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR adds a notification template file, not deployment manifests or controllers. The topology-aware scheduling check is not applicable to alert definition files.
Ote Binary Stdout Contract	✅ Passed	OTE Binary Stdout Contract check is inapplicable. Repository contains only static JSON notification templates, no OTE test binaries or Go test code with process-level logging or stdout writes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds a JSON notification template, not Ginkgo e2e tests. The custom check applies only to new e2e tests, which is not applicable here.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chamalabey
Once this PR has been reviewed and has the lgtm label, please assign vkumar51 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@osd/gcp/GCP_CCS_SA_invalid_permissions.json`:
- Line 6: Update the "description" string in the JSON
(GCP_CCS_SA_invalid_permissions.json) so the customer-facing sentence is
grammatically correct: change "Your GCP cluster reporting errors due to missing
or insufficient privileges..." to "Your GCP cluster is reporting errors due to
missing or insufficient privileges..." and ensure the rest of the description
text and punctuation remain unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: ce10d391-d80a-43c1-958b-d6743993edd8

📥 Commits

Reviewing files that changed from the base of the PR and between e242dbe and 37ebac3.

📒 Files selected for processing (1)

• osd/gcp/GCP_CCS_SA_invalid_permissions.json

[openshift-ci]

@chamalabey: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.