Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts

[joelddiaz]

When setting up workload-identity on GCP, require that there is at least
one entry in .spec.serviceAccountNames so that we can properly restrict
which k8s ServiceAccounts can use the created GCP ServiceAccount.

[openshift-ci]

@joelddiaz: This pull request references Bugzilla bug 2036827, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @lwan-wanglin

In response to this:

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[joelddiaz]

/assign @akhil-rane

[codecov]

Codecov Report

Merging #440 (6ebbcf2) into master (2e091dd) will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #440      +/-   ##
==========================================
- Coverage   46.36%   46.35%   -0.02%     
==========================================
  Files          92       92              
  Lines        9204     9206       +2     
==========================================
  Hits         4267     4267              
- Misses       4417     4418       +1     
- Partials      520      521       +1     

Impacted Files	Coverage Δ
...kg/cmd/provisioning/gcp/create_service_accounts.go	51.76% <0.00%> (-0.62%)	⬇️

[akhil-rane]

/lgtm

[akhil-rane]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akhil-rane, joelddiaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [akhil-rane,joelddiaz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[joelddiaz]

/test e2e-gcp-manual-oidc

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[joelddiaz]

Nice! It's catching a real issue:
Failed to create IAM service accounts: Failed while processing each CredentialsRequest: CredentialsRequest openshift-cloud-credential-operator/openshift-cluster-api-gcp must provide at least one ServiceAccount in .spec.ServiceAccountNames

[akhil-rane]

Nice! It's catching a real issue: Failed to create IAM service accounts: Failed while processing each CredentialsRequest: CredentialsRequest openshift-cloud-credential-operator/openshift-cluster-api-gcp must provide at least one ServiceAccount in .spec.ServiceAccountNames

wow!

[openshift-ci]

@joelddiaz: An error was encountered adding this pull request to the external tracker bugs for bug 2036827 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details.

Full error message.

JSONRPC error 32000: Red Hat Bugzilla's database reported a query serialization error. Most likely this occurred because another user or process attempted to change the same data that you were attempting to change. Please press Back and retry the transaction.

 UPDATE bugs SET delta_ts = ? WHERE bug_id = ? at /var/www/html/bugzilla/Bugzilla/Bug.pm line 1517. 

Please contact an administrator to resolve this issue, then request a bug refresh with /bugzilla refresh.

In response to this:

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@joelddiaz: This pull request references Bugzilla bug 2036827. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

In response to this:

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[akhil-rane]

okay, I might have accidentally screwed something up here

[joelddiaz]

/bugzilla refresh

[openshift-ci]

@joelddiaz: This pull request references Bugzilla bug 2036827, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @lwan-wanglin

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[elmiko]

just fyi, created this PR to address the missing service accounts in the capi operator, openshift/cluster-capi-operator#26

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@joelddiaz: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-manual-oidc	6ebbcf2	link	false	/test e2e-gcp-manual-oidc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci]

@joelddiaz: All pull requests linked via external trackers have merged:

• openshift/cloud-credential-operator#440

Bugzilla bug 2036827 has been moved to the MODIFIED state.

In response to this:

Bug 2036827: ensure GCP CredsReq has a list of ServiceAccounts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[joelddiaz]

/hold
Need openshift/cluster-capi-operator#26 to merge first

[joelddiaz]

Nevermind. It already merged ¯_ (ツ)_/¯