Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent bare metal machine config references from changing to existing machine configs #6674

Merged
merged 2 commits into from Sep 13, 2023
Merged

Prevent bare metal machine config references from changing to existing machine configs #6674

merged 2 commits into from Sep 13, 2023

Conversation

chrisdoherty4
Copy link
Member

Closes #6633.

In bare metal clusters users shouldn't be able to change machine configs. However, EKS-A incorrectly allowed users to change the machine config references to existing machine configs.

@chrisdoherty4 chrisdoherty4 changed the title Prevent bare metal machine config references from changing Prevent bare metal machine config references from changing to existing machine configs Sep 11, 2023
@eks-distro-bot eks-distro-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 11, 2023
@chrisdoherty4 chrisdoherty4 requested a review from a team September 11, 2023 21:15
@codecov
Copy link

codecov bot commented Sep 12, 2023
edited

Codecov Report

Patch coverage: 75.75% and no project coverage change.

Comparison is base (5126575) 75.62% compared to head (49ceb35) 75.63%.
Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #6674   +/-   ##
=======================================
  Coverage   75.62%   75.63%           
=======================================
  Files         473      473           
  Lines       38234    38265   +31     
=======================================
+ Hits        28916    28940   +24     
- Misses       7721     7726    +5     
- Partials     1597     1599    +2
Files Changed Coverage Δ
pkg/collection/set.go 100.00% <ø> (ø)
pkg/providers/tinkerbell/upgrade.go 62.66% <75.75%> (+1.29%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@chrisdoherty4
Copy link
Member Author

/approve

@eks-distro-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrisdoherty4

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jacobweinstock jacobweinstock mentioned this pull request Sep 12, 2023
Closed
@chrisdoherty4
Copy link
Member Author

/cherry-pick release-0.17

@eks-distro-pr-bot
Copy link
Contributor

@chrisdoherty4: once the present PR merges, I will cherry-pick it on top of release-0.17 in a new PR and assign it to you.

In response to this:

/cherry-pick release-0.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jacobweinstock
jacobweinstock reviewed Sep 12, 2023
View reviewed changes
pkg/providers/tinkerbell/upgrade.go Outdated Show resolved Hide resolved
pkg/providers/tinkerbell/upgrade.go Outdated Show resolved Hide resolved
@chrisdoherty4
Prevent bare metal machine config references from changing
e8de0b7 
In bare metal clusters users shouldn't be able to change machine
configs. However, EKS-A incorrectly allowed users to change the machine
config references to existing machine configs.
jacobweinstock
jacobweinstock reviewed Sep 13, 2023
View reviewed changes
pkg/providers/tinkerbell/upgrade.go Outdated
return errors.New("control plane machine config reference is immutable")
}

err = validateWorkerNodeGroupMachineConfigRefsUnchanged(prevSpec.Spec.WorkerNodeGroupConfigurations,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As it's not clear to me, I would be interested in a code comment or similar to describe why we might want these to be unchanged.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I knew, I would, sadly I don't. This PR merely adds a missing piece of the logic to correctly enforce the existing constraint.

pkg/providers/tinkerbell/upgrade.go Outdated Show resolved Hide resolved
jacobweinstock
jacobweinstock approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@jacobweinstock jacobweinstock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for shortening names :-) I know naming in many instances is very much personal preference.

@chrisdoherty4 chrisdoherty4 merged commit aef8f06 into aws:main Sep 13, 2023
8 of 10 checks passed
@chrisdoherty4 chrisdoherty4 deleted the patch/machine-config-changes branch September 13, 2023 22:28
@chrisdoherty4
Copy link
Member Author

/cherry-pick release-0.17

@eks-distro-pr-bot
Copy link
Contributor

@chrisdoherty4: #6674 failed to apply on top of branch "release-0.17":

Applying: Prevent bare metal machine config references from changing
Using index info to reconstruct a base tree...
M	pkg/providers/tinkerbell/upgrade.go
M	pkg/providers/tinkerbell/upgrade_test.go
M	pkg/validations/upgradevalidations/preflightvalidations_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/validations/upgradevalidations/preflightvalidations_test.go
Auto-merging pkg/providers/tinkerbell/upgrade_test.go
Auto-merging pkg/providers/tinkerbell/upgrade.go
Applying: Refactor tinkerbell new spec validation
Using index info to reconstruct a base tree...
M	pkg/providers/tinkerbell/upgrade.go
M	pkg/providers/tinkerbell/upgrade_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/providers/tinkerbell/upgrade_test.go
Auto-merging pkg/providers/tinkerbell/upgrade.go
CONFLICT (content): Merge conflict in pkg/providers/tinkerbell/upgrade.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 Refactor tinkerbell new spec validation
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-0.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@eks-distro-pr-bot
Copy link
Contributor

@chrisdoherty4: #6674 failed to apply on top of branch "release-0.17":

Applying: Prevent bare metal machine config references from changing
Using index info to reconstruct a base tree...
M	pkg/providers/tinkerbell/upgrade.go
M	pkg/providers/tinkerbell/upgrade_test.go
M	pkg/validations/upgradevalidations/preflightvalidations_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/validations/upgradevalidations/preflightvalidations_test.go
Auto-merging pkg/providers/tinkerbell/upgrade_test.go
Auto-merging pkg/providers/tinkerbell/upgrade.go
Applying: Refactor tinkerbell new spec validation
Using index info to reconstruct a base tree...
M	pkg/providers/tinkerbell/upgrade.go
M	pkg/providers/tinkerbell/upgrade_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/providers/tinkerbell/upgrade_test.go
Auto-merging pkg/providers/tinkerbell/upgrade.go
CONFLICT (content): Merge conflict in pkg/providers/tinkerbell/upgrade.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 Refactor tinkerbell new spec validation
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-0.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

chrisdoherty4 added a commit to chrisdoherty4/aws-eks-anywhere that referenced this pull request Sep 15, 2023
@chrisdoherty4
Prevent bare metal machine config references from changing to existin…
ab6f8b5 
…g machine configs (aws#6674)
@chrisdoherty4 chrisdoherty4 mentioned this pull request Sep 15, 2023
Merged
chrisdoherty4 added a commit to chrisdoherty4/aws-eks-anywhere that referenced this pull request Sep 15, 2023
@chrisdoherty4
Prevent bare metal machine config references from changing to existin…
e1fe4e0 
…g machine configs (aws#6674)
eks-distro-bot pushed a commit that referenced this pull request Sep 18, 2023
@chrisdoherty4
Prevent bare metal machine config references from changing to existin…
59022e4 
…g machine configs (#6674) (#6686)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobweinstock jacobweinstock jacobweinstock approved these changes

Assignees

@jacobweinstock jacobweinstock

Labels
approved lgtm size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bare Metal: Machine configs can be changed to existing machine configs
4 participants
@chrisdoherty4 @eks-distro-bot @eks-distro-pr-bot @jacobweinstock