chore: bump openshift-python-wrapper to 11.0.132

[threcc]

Summary

Bump openshift-python-wrapper from >=11.0.122 to >=11.0.132 to pick up the kubernetes<36 pin added in openshift-python-wrapper#2730.

kubernetes Python client v36.0.0+ has a regression (kubernetes-client/python#2596) where read_namespaced_pod_log returns the repr() of bytes instead of a decoded string — log output looks like b'...\n...' with escaped newlines. This causes splitlines() to return a single element and json.loads() to fail with JSONDecodeError, breaking all 20+ callers of Pod.log() across the test suite.

The issue is unfixed in v36.0.0 through v36.0.2. openshift-python-wrapper v11.0.132 pins kubernetes<36, forcing v35.0.0 which correctly decodes log output.

Test plan

• Verified locally that Pod.log() returns properly decoded string with real newlines
• Verified get_scheduler_decision_logs() correctly parses 12 decision lines from scheduler pod
• test_singlenode_precise_prefix_cache passes with this change

Summary by CodeRabbit

• Chores
  • Updated OpenShift Python wrapper dependency to v11.0.132 or later for improved stability and compatibility.

[github-actions]

The following are automatically added/executed:

• PR size label.
• Run pre-commit
• Run tox
• Add PR author as the PR assignee
• Build image based on the PR

Available user actions:

• To mark a PR as WIP, add /wip in a comment. To remove it from the PR comment /wip cancel to the PR.
• To block merging of a PR, add /hold in a comment. To un-block merging of PR comment /hold cancel.
• To mark a PR as approved, add /lgtm in a comment. To remove, add /lgtm cancel.
  lgtm label removed on each new commit push.
• To mark PR as verified comment /verified to the PR, to un-verify comment /verified cancel to the PR.
  verified label removed on each new commit push.
• To Cherry-pick a merged PR /cherry-pick <target_branch_name> to the PR. If <target_branch_name> is valid,
  and the current PR is merged, a cherry-picked PR would be created and linked to the current PR.
• To build and push image to quay, add /build-push-pr-image in a comment. This would create an image with tag
  pr-<pr_number> to quay repository. This image tag, however would be deleted on PR merge or close action.

Supported labels

{'/build-push-pr-image', '/wip', '/hold', '/lgtm', '/verified', '/cherry-pick'}

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates the openshift-python-wrapper dependency constraint in pyproject.toml from >=11.0.122 to >=11.0.132. This is a direct supply chain surface change affecting all builds and deployments.

Changes

Dependency Version Update

Layer / File(s)	Summary
openshift-python-wrapper version constraint update pyproject.toml	The minimum version requirement for openshift-python-wrapper is incremented from 11.0.122 to 11.0.132.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
No Sensitive Data In Logs	⚠️ Warning	Multiple logging statements expose sensitive data (bearer tokens, JWT tokens, full response bodies) without redaction: utilities/user_utils.py:168 logs id_token/refresh_token in AssertionError; tes...	Remove sensitive fields from logs or redact tokens: replace line 168 with message without json_response; replace response.json() and response.text logging with sanitized fields only.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping openshift-python-wrapper dependency to version 11.0.132.
Description check	✅ Passed	The description covers the change rationale, the kubernetes regression context, and verification testing, but omits the Related Issues and testing checkbox sections from the template.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Contribution Quality And Spam Detection	✅ Passed	Routine dependency bump with standard title, straightforward description, real project context (fix-pod-logs branch), and active reviewer engagement. Zero signals detected from any category.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets found. PR only updates openshift-python-wrapper dependency version in pyproject.toml; no API keys, tokens, passwords, credentials, base64 strings >32 chars, or credential URLs...
No Weak Cryptography	✅ Passed	PR bumps openshift-python-wrapper version in pyproject.toml only. No weak cryptographic primitives (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or insecure comparisons...
No Injection Vectors	✅ Passed	PR modifies only pyproject.toml (dependency bump); no code additions found. Zero injection patterns (CWE-89, CWE-78, CWE-94, CWE-502, CWE-79) detected.
No Privileged Containers	✅ Passed	PR only updates openshift-python-wrapper dependency in pyproject.toml; no Kubernetes manifests, Helm templates, or Dockerfiles with privileged container configurations added/modified.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pyproject.toml`:
- Line 98: The dependency line adds "openshift-python-wrapper>=11.0.132" which
may pull a release that pins kubernetes<36 and changes bearer-token auth
behavior; validate and fix any pod-log code paths (e.g., functions that
retrieve/stream pod logs) to work with the auth change or constrain
dependencies. Reproduce the issue by running the pod-log retrieval/streaming
code paths and CI tests against an environment using openshift-python-wrapper
11.0.130–11.0.132; if failures occur, either update the pod-log functions to use
the new auth pattern (adjust token handling/headers or client init) or constrain
the dependency set in pyproject.toml (e.g., add a kubernetes version constraint
like "kubernetes<36") and document the compatibility decision. Ensure logs and
tests confirm pod-log functionality after the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e1aec471-e162-468c-897a-d6cdf93f74af

📥 Commits

Reviewing files that changed from the base of the PR and between cee0769 and 76831a7.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

[fege]

/lgtm

[threcc]

/cherry-pick 3.5ea1

[threcc]

/cherry-pick 3.4

[rhods-ci-bot]

Error cherry-picking.

Auto-merging pyproject.toml
Auto-merging uv.lock
CONFLICT (content): Merge conflict in uv.lock
error: could not apply 8a7f4f3... chore: bump openshift-python-wrapper to 11.0.132 (#1721)
hint: After resolving the conflicts, mark them with
hint: "git add/rm ", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"

[rhods-ci-bot]

Error cherry-picking.

Auto-merging pyproject.toml
Auto-merging uv.lock
CONFLICT (content): Merge conflict in uv.lock
error: could not apply 8a7f4f3... chore: bump openshift-python-wrapper to 11.0.132 (#1721)
hint: After resolving the conflicts, mark them with
hint: "git add/rm ", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"

[github-actions]

Status of building tag latest: success.
Status of pushing tag latest to image registry: success.