Skip to content

fix: Retry project wait_for_status due to RBAC updates #2591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 24, 2025
Merged

fix: Retry project wait_for_status due to RBAC updates #2591

merged 1 commit into from
Nov 24, 2025

Conversation

@rnetser
Copy link
Collaborator

@rnetser rnetser commented Nov 24, 2025
edited by coderabbitai bot
Loading

Short description:

When a ProjectRequest is created, the project is created and the user is added to the project.
RBAC binding may not have propagated yet, causing transient 403 Forbidden errors, so we need to retry on ForbiddenError as well.

More details:
What this PR does / why we need it:
Which issue(s) this PR fixes:
Special notes for reviewer:
Bug:

Summary by CodeRabbit

Release Notes

  • Bug Fixes

    • Enhanced resilience of deployment process by automatically retrying on transient access permission errors that occur during role-based access control propagation.

  • Chores

    • Removed legacy continuous integration workflow file.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Nov 24, 2025
edited
Loading

Walkthrough

Removes GitHub Actions workflow for CI checks. Modifies resource management code to support customizable exception retries during status polling operations. Adds exceptions_dict parameter to Resource.wait_for_status and applies it in ProjectRequest.deploy for handling transient RBAC propagation errors.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Removal
.github/workflows/code-check.yml.old		 Deletes the code-check CI workflow that executed tox tests across Python 3.7–3.11 on pull requests.
ProjectRequest Exception Handling
ocp_resources/project_request.py		 Adds ForbiddenError import and imports DEFAULT_CLUSTER_RETRY_EXCEPTIONS and PROTOCOL_ERROR_EXCEPTION_DICT constants. Updates ProjectRequest.deploy to pass exceptions_dict to wait_for_status call, merging protocol errors, retry exceptions, and ForbiddenError with empty retry list for transient 403 errors during RBAC propagation.
Resource Retry Mechanism
ocp_resources/resource.py		 Adds exceptions_dict parameter to Resource.wait_for_status method with type dict[type[Exception], list[str]] and default merging PROTOCOL_ERROR_EXCEPTION_DICT and DEFAULT_CLUSTER_RETRY_EXCEPTIONS. Updates method signature, docstring, and TimeoutSampler invocation to support customizable exception retries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • ocp_resources/resource.py: Review the new exceptions_dict parameter addition to the public wait_for_status method to verify backward compatibility and correct default value merging.
  • ocp_resources/project_request.py: Verify the exceptions_dict construction correctly combines protocol errors, retry exceptions, and ForbiddenError, and validate the intent behind empty list for ForbiddenError.

Possibly related PRs

  • feat: Add retry on resource creation #2572: Adds similar exceptions_dict-driven retry mechanism to a different Resource method (create), suggesting a broader refactor pattern for exception handling across resource operations.

Suggested labels

size/XS, verified, branch-main, can-be-merged

Suggested reviewers

  • dbasunag
  • myakove

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description is incomplete. While it provides a short description explaining the RBAC propagation issue, most required template sections (More details, What this PR does/why we need it, Which issue(s) this PR fixes, Special notes for reviewer, and Bug) are empty or missing substantive content. Expand the PR description to fill in the remaining template sections with details about implementation approach, testing, related issue numbers, and any special considerations for reviewers.
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (1 passed)
Check name Status Explanation
Title check ✅ Passed The title 'fix: Retry project wait_for_status due to RBAC updates' directly and specifically describes the main change: adding retry logic to wait_for_status to handle RBAC propagation delays causing 403 Forbidden errors.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch retry-project-status2

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

  • Provide your own instructions using the high_level_summary_instructions setting.
  • Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
  • Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

  1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
  2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
  3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
  4. 📊 Contributor Summary — Include a Markdown table showing contributions:
    | Contributor | Lines Added | Lines Removed | Files Changed |
  5. ✔️ Additional Notes — Add any extra reviewer context.
    Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@redhat-qe-bot1
Copy link

redhat-qe-bot1 commented Nov 24, 2025

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

  • Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
  • Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
  • Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
  • Pre-commit Checks: pre-commit runs automatically if .pre-commit-config.yaml exists
  • Branch Labeling: Branch-specific labels are applied to track the target branch
  • Auto-verification: Auto-verified users have their PRs automatically marked as verified

📋 Available Commands

PR Status Management

  • /wip - Mark PR as work in progress (adds WIP: prefix to title)
  • /wip cancel - Remove work in progress status
  • /hold - Block PR merging (approvers only)
  • /hold cancel - Unblock PR merging
  • /verified - Mark PR as verified
  • /verified cancel - Remove verification status
  • /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)

Review & Approval

  • /lgtm - Approve changes (looks good to me)
  • /approve - Approve PR (approvers only)
  • /automerge - Enable automatic merging when all requirements are met (maintainers and approvers only)
  • /assign-reviewers - Assign reviewers based on OWNERS file
  • /assign-reviewer @username - Assign specific reviewer
  • /check-can-merge - Check if PR meets merge requirements

Testing & Validation

  • /retest tox - Run Python test suite with tox
  • /retest python-module-install - Test Python package installation
  • /retest conventional-title - Validate commit message format
  • /retest all - Run all available tests

Container Operations

  • /build-and-push-container - Build and push container image (tagged with PR number)
    • Supports additional build arguments: /build-and-push-container --build-arg KEY=value

Cherry-pick Operations

  • /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
    • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

  • /<label-name> - Add a label to the PR
  • /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

  1. Approval: /approve from at least one approver
  2. LGTM Count: Minimum 0 /lgtm from reviewers
  3. Status Checks: All required status checks must pass
  4. No Blockers: No WIP, hold, or conflict labels
  5. Verified: PR must be marked as verified (if verification is enabled)

📊 Review Process

Approvers and Reviewers

Approvers:

  • myakove
  • rnetser

Reviewers:

  • myakove
  • rnetser
Available Labels
  • hold
  • verified
  • wip
  • lgtm
  • approve
  • automerge

💡 Tips

  • WIP Status: Use /wip when your PR is not ready for review
  • Verification: The verified label is automatically removed on each new commit
  • Cherry-picking: Cherry-pick labels are processed when the PR is merged
  • Container Builds: Container images are automatically tagged with the PR number
  • Permission Levels: Some commands require approver permissions
  • Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

@redhat-qe-bot1 redhat-qe-bot1 mentioned this pull request Nov 24, 2025
Closed
@myakove
Copy link
Collaborator

myakove commented Nov 24, 2025

/approve

@myakove myakove enabled auto-merge (squash) November 24, 2025 17:19
@rnetser rnetser changed the title Fix: Retry project wait_for_status due to RBAC updates fix: Retry project wait_for_status due to RBAC updates Nov 24, 2025
@rnetser
Copy link
Collaborator Author

rnetser commented Nov 24, 2025

/retest conventional-title

@rnetser
Copy link
Collaborator Author

rnetser commented Nov 24, 2025

/verified

@myakove myakove merged commit da4d2c2 into main Nov 24, 2025
7 checks passed
@myakove myakove deleted the retry-project-status2 branch November 24, 2025 17:28
@rnetser
Copy link
Collaborator Author

rnetser commented Nov 25, 2025

/cherry-pick v4.20
/cherry-pick v4.19

@redhat-qe-bot
Copy link
Contributor

redhat-qe-bot commented Nov 25, 2025

Manual cherry-pick is needed
Cherry pick failed for da4d2c2 to v4.19:
To cherry-pick run:

git remote update
git checkout v4.19
git pull origin v4.19
git checkout -b retry-project-status2-v4.19
git cherry-pick da4d2c2af5ba411336ef7a1126652eecb79f3469
git push origin retry-project-status2-v4.19

redhat-qe-bot pushed a commit that referenced this pull request Nov 25, 2025
@rnetser
Fix: Project - allow retry (#2591)
03a4b4d
@redhat-qe-bot redhat-qe-bot mentioned this pull request Nov 25, 2025
Merged
@redhat-qe-bot
Copy link
Contributor

redhat-qe-bot commented Nov 25, 2025

Cherry-picked PR fix: Retry project wait_for_status due to RBAC updates into v4.20

redhat-qe-bot2 pushed a commit that referenced this pull request Nov 25, 2025
@redhat-qe-bot @rnetser
Fix: Project - allow retry (#2591) (#2594)
c3d2e83 
Co-authored-by: Ruth Netser <rnetser@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@myakove myakove myakove approved these changes

Assignees

@rnetser rnetser

Labels

approved-myakove branch-main can-be-merged cherry-pick-v4.19 cherry-pick-v4.20 lgtm-myakove size/M verified

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@rnetser @redhat-qe-bot1 @myakove @redhat-qe-bot @redhat-qe-bot2 @rh-bot-1