feat: Add MaaSAuthPolicy,MaaSSubscription,MaaSModel resources

[SB159]

Short description:

More details:

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for reviewer:

Bug:

Summary by CodeRabbit

• New Features
  • Support for MAAS Authentication Policies with configurable metering metadata and subject management.
  • Support for MAAS Models with model reference configuration.
  • Support for MAAS Subscriptions with billing metadata, owner assignment, and priority settings.
  • New API group added for OpenDataHub MAAS resources.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa498b8 and e423170.

📒 Files selected for processing (1)

• ocp_resources/resource.py

---

Walkthrough

Adds three new NamespacedResource subclasses—MaaSAuthPolicy, MaaSModel, MaaSSubscription—each setting api_group to MAAS_OPENDATAHUB_IO and implementing constructors plus to_dict methods with validation for required fields. Also adds the MAAS_OPENDATAHUB_IO constant to the ApiGroup class.

Changes

Cohort / File(s)	Summary
MAAS Resource Classes ocp_resources/maa_s_auth_policy.py, ocp_resources/maa_s_model.py, ocp_resources/maa_s_subscription.py	New resource classes added as NamespacedResource subclasses. Each defines api_group = MAAS_OPENDATAHUB_IO, an __init__ storing provided fields, and a to_dict() that validates required args (MaaSAuthPolicy: model_refs, subjects; MaaSModel: model_ref; MaaSSubscription: model_refs, owner) and conditionally includes optional metadata in spec.
API Group Constant ocp_resources/resource.py	Adds MAAS_OPENDATAHUB_IO = "maas.opendatahub.io" to the ApiGroup inner class.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description follows the required template structure but all sections are empty with no actual content provided.	Fill in all required sections of the PR description template with relevant details about the changes, motivation, and any special notes for reviewers.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: introducing three new MaaS resource classes (MaaSAuthPolicy, MaaSSubscription, MaaSModel) across multiple files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[redhat-qe-bot2]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: Disabled for this repository
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: All label categories are enabled (default configuration)

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest python-module-install - Test Python package installation
• /retest conventional-title - Validate commit message format
• /retest all - Run all available tests

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 0 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No WIP, hold, conflict labels
5. Verified: PR must be marked as verified (if verification is enabled)

📊 Review Process

Approvers and Reviewers

Approvers:

• myakove
• rnetser

Reviewers:

• myakove
• rnetser

Available Labels

• hold
• verified
• wip
• lgtm
• approve
• automerge

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is automatically removed on each new commit
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[myakove]

@SB159 please fix the failed tox

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ocp_resources/maa_s_auth_policy.py`:
- Around line 1-59: This file is generated and must not be edited directly;
revert any manual changes to ocp_resources/maa_s_auth_policy.py and instead
update the class-generator so the desired change is included in the generated
output, then regenerate the code; specifically modify the generator logic that
emits the MaaSAuthPolicy class (affecting the to_dict generation and the
MaaSAuthPolicy constructor fields) so the new behavior/validation is produced by
the generator and appears in the generated MaaSAuthPolicy class when you re-run
the generator.

In `@ocp_resources/maa_s_model.py`:
- Around line 1-44: This file is generated and should not be edited directly;
update the class-generator so the change is regenerated: modify the
generator/template that produces the MaaSModel class (specifically the to_dict
method that validates model_ref and sets spec["modelRef"]) to implement the
intended fix (e.g., adjust validation, error messaging, or output structure) and
then re-run generation so MaaSModel (class MaaSModel, attribute model_ref,
method to_dict, and the use of MissingRequiredArgumentError and
NamespacedResource.ApiGroup.MAAS_OPENDATAHUB_IO) is updated; do not change this
generated file directly.

In `@ocp_resources/maa_s_subscription.py`:
- Around line 1-68: This file is generated and must not be edited directly; make
the required changes in the class-generator so regenerated output updates
MaaSSubscription (e.g., modify the generator templates that produce the
MaaSSubscription class and its to_dict method/spec handling), then regenerate
the file rather than editing ocp_resources.maa_s_subscription.py directly.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3780106 and aa498b8.

⛔ Files ignored due to path filters (2)

• class_generator/schema/__resources-mappings.json.gz is excluded by !**/*.gz, !class_generator/schema/**
• class_generator/schema/_definitions.json is excluded by !class_generator/schema/**

📒 Files selected for processing (4)

• ocp_resources/maa_s_auth_policy.py
• ocp_resources/maa_s_model.py
• ocp_resources/maa_s_subscription.py
• ocp_resources/resource.py

[rnetser]

/approve
/lgtm

[myakove]

/lgtm
/approve

[SB159]

/verified