SDN-4196: blocked-edges/*-OVNKubeMasterDSPrestop: Precise 'from' expressions

[wking]

From SDN-4196:

clusters that have upgraded from 4.10->4.11 will be vulnerable and will be affected by this issue when/if they eventually upgrade to 4.12.41+, 4.13.16+ or 4.14+

So this commit increases the precision on cfe51de (#4377)'s declarations, so updates into the regression like 4.12.40 -> 4.12.41 are labeled with the risk, while updates within post-regression releases like 4.12.41 -> 4.12.42 are not labeled with the risk (because those clusters must have already addressed the issue, or were never exposed in the first place).

Generated with:

$ sed -i 's/^from: .*/from: 4[.](11[.].*|12[.]([0-9]|[1-3][0-9]|40)[+].*)/' blocked-edges/4.12.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](12[.]([0-9]|[1-3][0-9]|40)|13[.]([0-9]|1[0-5]))[+].*/' blocked-edges/4.13.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](13[.]([0-9]|1[0-5])[+].*|14[.]0-.*)/' blocked-edges/4.14.*-OVNKubeMasterDSPrestop.yaml

But the floor raise in 17541bd (#4243) moved us past the regression point in 4.13.z -> 4.14 updates, so with the precise regexp, the risk was no longer used for any edges in that minor version bump:

$ hack/show-edges.py candidate-4.14 | grep '4[.]13[.].*OVNKubeMasterDSPrestop.* 4[.]14[.]'
...no hits...

So I'm dropping the 4.14 declarations entirely with:

$ rm -f blocked-edges/4.14.*OVNKubeMasterDSPrestop.yaml

17541bd's minor_min advice and 5592c46's PreRelease risk should be sufficient to keep folks from older 4.13.z from reaching impacted 4.14 without becoming aware of at least some risk.

[openshift-ci-robot]

@wking: This pull request references SDN-4196 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set.

In response to this:

From SDN-4196:

clusters that have upgraded from 4.10->4.11 will be vulnerable and will be affected by this issue when/if they eventually upgrade to 4.12.41+, 4.13.16+ or 4.14+

So this commit increases the precision on cfe51de (#4377)'s declarations, so updates into the regression like 4.12.40 -> 4.12.41 are labeled with the risk, while updates within post-regression releases like 4.12.41 -> 4.12.42 are not labeled with the risk (because those clusters must have already addressed the issue, or were never exposed in the first place).

Generated with:

$ sed -i 's/^from: .*/from: 4[.](11[.].*|12[.]([0-9]|[1-3][0-9]|40)[.].*)/' blocked-edges/4.12.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](12[.]([0-9]|[1-3][0-9]|40)|13[.]([0-9]|1[0-5]))[.].*/' blocked-edges/4.13.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](13[.]([0-9]|1[0-5])[.].*|14[.].*)/' blocked-edges/4.14.*-OVNKubeMasterDSPrestop.yaml

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@wking: This pull request references SDN-4196 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set.

In response to this:

From SDN-4196:

clusters that have upgraded from 4.10->4.11 will be vulnerable and will be affected by this issue when/if they eventually upgrade to 4.12.41+, 4.13.16+ or 4.14+

So this commit increases the precision on cfe51de (#4377)'s declarations, so updates into the regression like 4.12.40 -> 4.12.41 are labeled with the risk, while updates within post-regression releases like 4.12.41 -> 4.12.42 are not labeled with the risk (because those clusters must have already addressed the issue, or were never exposed in the first place).

Generated with:

$ sed -i 's/^from: .*/from: 4[.](11[.].*|12[.]([0-9]|[1-3][0-9]|40)[+].*)/' blocked-edges/4.12.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](12[.]([0-9]|[1-3][0-9]|40)|13[.]([0-9]|1[0-5]))[+].*/' blocked-edges/4.13.*-OVNKubeMasterDSPrestop.yaml
$ sed -i 's/^from: .*/from: 4[.](13[.]([0-9]|1[0-5])[+].*|14[.]0-.*)/' blocked-edges/4.14.*-OVNKubeMasterDSPrestop.yaml

But the floor raise in 17541bd (#4243) moved us past the regression point in 4.13.z -> 4.14 updates, so with the precise regexp, the risk was no longer used for any edges in that minor version bump:

$ hack/show-edges.py candidate-4.14 | grep '4[.]13[.].*OVNKubeMasterDSPrestop.* 4[.]14[.]'
...no hits...

So I'm dropping the 4.14 declarations entirely with:

$ rm -f blocked-edges/4.14.*OVNKubeMasterDSPrestop.yaml

17541bd's minor_min advice and 5592c46's PreRelease risk should be sufficient to keep folks from older 4.13.z from reaching impacted 4.14 without becoming aware of at least some risk.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@wking: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[petr-muller]

LGTM but holding for Lala

/hold

[LalatenduMohanty]

/lgtm

[LalatenduMohanty]

/hold cancel

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LalatenduMohanty, petr-muller, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [LalatenduMohanty,petr-muller,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment