OCPBUGS-74384: Resolve nil pointer exception in hasResourceTags

[jstuever]

No description provided.

[openshift-ci-robot]

@jstuever: This pull request references Jira Issue OCPBUGS-74384, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jianping-shu

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jstuever

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jstuever]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jstuever]

/jira backport release-4.21,release-4.20,release-4.19,release-4.18,release-4.17

[openshift-ci-robot]

@jstuever: The following backport issues have been created:

• OCPBUGS-74545 for branch release-4.21
• OCPBUGS-74546 for branch release-4.20
• OCPBUGS-74547 for branch release-4.19
• OCPBUGS-74548 for branch release-4.18
• OCPBUGS-74549 for branch release-4.17

Queuing cherrypicks to the requested branches to be created after this PR merges:
/cherrypick release-4.21
/cherrypick release-4.20
/cherrypick release-4.19
/cherrypick release-4.18
/cherrypick release-4.17

Details

In response to this:

/jira backport release-4.21,release-4.20,release-4.19,release-4.18,release-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-cherrypick-robot]

@openshift-ci-robot: once the present PR merges, I will cherry-pick it on top of release-4.17, release-4.18, release-4.19, release-4.20, release-4.21 in new PRs and assign them to you.

Details

In response to this:

@jstuever: The following backport issues have been created:

• OCPBUGS-74545 for branch release-4.21
• OCPBUGS-74546 for branch release-4.20
• OCPBUGS-74547 for branch release-4.19
• OCPBUGS-74548 for branch release-4.18
• OCPBUGS-74549 for branch release-4.17

Queuing cherrypicks to the requested branches to be created after this PR merges:
/cherrypick release-4.21
/cherrypick release-4.20
/cherrypick release-4.19
/cherrypick release-4.18
/cherrypick release-4.17

In response to this:

/jira backport release-4.21,release-4.20,release-4.19,release-4.18,release-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 46.48%. Comparing base (ec9d4a0) to head (95ba56d).

Files with missing lines	Patch %	Lines
...redentialsrequest/credentialsrequest_controller.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #966   +/-   ##
=======================================
  Coverage   46.48%   46.48%           
=======================================
  Files          98       98           
  Lines       12181    12181           
=======================================
  Hits         5662     5662           
  Misses       5869     5869           
  Partials      650      650           

Files with missing lines	Coverage Δ
...redentialsrequest/credentialsrequest_controller.go	44.23% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jianping-shu]

/test e2e-aws-ovn

[openshift-ci]

@jstuever: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jianping-shu]

I've reproduced the issue on vsphere(4.20.0-0.nightly-2026-01-26-202217).
(1) oc edit infrastructure cluster, and delete .status.platformStatus part
The issue was NOT reproduced, .status.platformStatus part was restored immediately and CCO pods were good.

(2)duplicate another infrastructure object, rename cloud-provider-config and remove the whole .status part
The issue was reproduced.

jshu@jshu-mac % oc get pods -n openshift-cloud-credential-operator -w
NAME READY STATUS RESTARTS AGE
cloud-credential-operator-66f4c4f9cb-5hc94 2/2 Running 3 (2m57s ago) 3h44m

Pod error:
lastState:
terminated:
containerID: cri-o://d187223f1d612ffe37eae9b39cebd1c8bc845d204d400a38049960a5f8bfc99a
exitCode: 2
finishedAt: "2026-01-28T04:52:43Z"
message: " +0x1a9\nk8s.io/apimachinery/pkg/util/runtime.HandleCrashWithLogger({{0x66bb028?,
0xc0001ff400?}, 0xc0000af450?}, {0x0, 0x0, 0x0})\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:91
+0x115\npanic({0x4c86c40?, 0x9a59f50?})\n\t/usr/lib/golang/src/runtime/panic.go:792
+0x132\ngithub.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest.hasResourceTags(...)\n\t/go/src/github.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest/credentialsrequest_controller.go:414\ngithub.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest.add.func10({0xc001590248?,
0x1?})\n\t/go/src/github.com/openshift/cloud-credential-operator/pkg/operator/credentialsrequest/credentialsrequest_controller.go:260
+0x1e\nsigs.k8s.io/controller-runtime/pkg/predicate.TypedFuncs[...].Create(...)\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/sigs.k8s.io/controller-runtime/pkg/predicate/predicate.go:79\nsigs.k8s.io/controller-runtime/pkg/internal/source.(*EventHandler[...]).OnAdd(0x1,
{0x5da99c0?, 0xc001590248?}, 0x1?)\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/source/event_handler.go:78
+0x1f7\nk8s.io/client-go/tools/cache.(*processorListener).run.func1(0xc000a52f5f,
0xc0016a8280, {0x5180700?, 0xc000013b60?})\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/k8s.io/client-go/tools/cache/shared_informer.go:1077
+0xd1\nk8s.io/client-go/tools/cache.(*processorListener).run(0xc0016a8280)\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/k8s.io/client-go/tools/cache/shared_informer.go:1087
+0x3c\nk8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1()\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:72
+0x4c\ncreated by k8s.io/apimachinery/pkg/util/wait.(*Group).Start in goroutine
297\n\t/go/src/github.com/openshift/cloud-credential-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:70
+0x73\n"
reason: Error
startedAt: "2026-01-28T04:43:45Z"

[jianping-shu]

jshu@jshu-mac % oc get infrastructure
NAME AGE
cloud-provider-config 4m7s
cluster 140m

Remove "infrastructure cloud-provider-config" can make the cluster back to normal. It could be workaround.

@jstuever Shall we change the code to read the record of "infrastructure cluster" only in this PR or a follow-up PR?
If the other records like "infrastructure cloud-provider-config" do exist on some sites, they might cause CCO to read the wrong values of infra.Status.PlatformStatus.AWS.ResourceTags finally.

[jianping-shu]

/verified by @jianping-shu
Created a vsphere cluster with cluster-bot build, CCO pods are good after adding "infrastructure cloud-provider-config".

If had further code change, I'll re-verify.

[openshift-ci-robot]

@jianping-shu: This PR has been marked as verified by @jianping-shu.

Details

In response to this:

/verified by @jianping-shu
Created a vsphere cluster with cluster-bot build, CCO pods are good after adding "infrastructure cloud-provider-config".

If had further code change, I'll re-verify.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jstuever]

@jianping-shu I would prefer a follow-up PR as that will take (slightly) more effort to resolve. Would you open a new bug so we can track it?

[jstuever]

/assign @dlom

[jianping-shu]

Created OCPBUGS-74627 for infrastructure record issue.