-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2035903: handle resources with feature-gate annotation #444
Bug 2035903: handle resources with feature-gate annotation #444
Conversation
@joelddiaz: This pull request references Bugzilla bug 2035903, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @akhil-rane |
Codecov Report
@@ Coverage Diff @@
## master #444 +/- ##
==========================================
- Coverage 45.79% 45.74% -0.05%
==========================================
Files 92 92
Lines 9314 9336 +22
==========================================
+ Hits 4265 4271 +6
- Misses 4541 4556 +15
- Partials 508 509 +1
|
pkg/cmd/provisioning/constants.go
Outdated
// featureGateAnnotation is the annotation used to indicate that a specific manifest is hidden behind a feature gate. | ||
featureGateAnnotation = "release.openshift.io/feature-gate" | ||
// validTechPreviewAnnotationValue is the only valid value for the feature-gate annoation | ||
validTechPreviewAnnotationValue = "TechPreviewNoUpgrade" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use configv1.TechPreviewNoUpgrade
instead of defining your own variable for this.
cloud-credential-operator $ git --no-pager grep TechPreviewNoUpgrade
vendor/github.com/openshift/api/config/v1/types_feature.go: // TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
vendor/github.com/openshift/api/config/v1/types_feature.go: TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
vendor/github.com/openshift/api/config/v1/types_feature.go: TechPreviewNoUpgrade: newDefaultFeatures().
@joelddiaz Whether there is a way to not extract such CredentialsRequests when running |
pkg/cmd/provisioning/utils.go
Outdated
log.Printf("CredentialsRequests %s/%s has unexpected feature-gate value", cr.Namespace, cr.Name) | ||
|
||
} | ||
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will make it impossible for users to bootstrap a cluster as a TechPreviewNoUpgrade cluster on certain platforms right? I think this will break a number of release informing jobs and QE scenarios as we, as an org, decided a while back, bootstrapping as a TPNU cluster should be supported.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can just take a new CLI parameter to opt into processing these annotated manifests.
a3ee7be
to
098d68d
Compare
@joelddiaz: This pull request references Bugzilla bug 2035903, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
098d68d
to
408bf05
Compare
pkg/cmd/provisioning/utils.go
Outdated
} | ||
|
||
// Ingore CredentialsRequest with the feature-gate annotation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Ingore CredentialsRequest with the feature-gate annotation | |
// Ignore CredentialsRequest with the feature-gate annotation |
@@ -59,7 +59,8 @@ func deleteServiceIDCmd(cmd *cobra.Command, args []string) error { | |||
|
|||
func deleteServiceIDs(client ibmcloud.Client, accountID, name, credReqDir string, force bool) error { | |||
// Process directory | |||
credReqs, err := provisioning.GetListOfCredentialsRequests(credReqDir) | |||
// (always tech-preview==true because we should do a full cleanup to be on the safe side) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why brackets () ?
// (always tech-preview==true because we should do a full cleanup to be on the safe side) | |
// always tech-preview==true because we should do a full cleanup to be on the safe side |
pkg/cmd/provisioning/utils_test.go
Outdated
if credreq.Annotations == nil { | ||
credreq.Annotations = map[string]string{} | ||
} | ||
credreq.Annotations[featureGateAnnotation] = "TechPreviewNoUpgrade" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
credreq.Annotations[featureGateAnnotation] = "TechPreviewNoUpgrade" | |
credreq.Annotations[featureGateAnnotation] = configv1.TechPreviewNoUpgrade |
if value, ok := cr.Annotations[featureGateAnnotation]; ok { | ||
if !enableTechPreview { | ||
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | ||
continue | ||
} | ||
if value != string(configv1.TechPreviewNoUpgrade) { | ||
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | ||
continue | ||
} // else allow it to be added it to the list of CredReqs to process | ||
} | ||
|
||
credRequests = append(credRequests, cr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we ignore a CredentialsRequest if featureGateAnnotation
value is not equal to TechPreviewNoUpgrade
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's how I wrote it up. That is supposed to be an invalid value for the annotation and undefined. So just log it and move on...
// Handle CredentialsRequest with the feature-gate annotation | ||
if value, ok := cr.Annotations[featureGateAnnotation]; ok { | ||
if !enableTechPreview { | ||
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | ||
continue | ||
} | ||
if value != string(configv1.TechPreviewNoUpgrade) { | ||
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | ||
continue | ||
} // else allow it to be added it to the list of CredReqs to process | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIUC, first we should check if featureGateAnnotation
value is equal to TechPreviewNoUpgrade
and then check if tech preview is enabled?
// Handle CredentialsRequest with the feature-gate annotation | |
if value, ok := cr.Annotations[featureGateAnnotation]; ok { | |
if !enableTechPreview { | |
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | |
continue | |
} | |
if value != string(configv1.TechPreviewNoUpgrade) { | |
log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | |
continue | |
} // else allow it to be added it to the list of CredReqs to process | |
} | |
// Handle CredentialsRequest with the feature-gate annotation | |
if value, ok := cr.Annotations[featureGateAnnotation]; ok { | |
if value != string(configv1.TechPreviewNoUpgrade) { | |
log.Printf("Ignoring CredentialsRequest %s/%s with release.openshift.io/feature-gate annotation value %s", cr.Namespace, cr.Name, value) | |
continue | |
} | |
if !enableTechPreview { | |
log.Printf("Ignoring CredentialsRequest %s/%s with release.openshift.io/feature-gate annotation value %s", cr.Namespace, cr.Name, configv1.TechPreviewNoUpgrade) | |
continue | |
} | |
// else allow it to be added to the list of CredentialsRequests to process | |
} |
Cannot assume that a feature is enabled, and should not process them by default. We can revisit properly handling them going forward, but for now keep ccoctl from processing optional resources by default.
408bf05
to
88f718f
Compare
/test e2e-aws-manual-oidc-sts |
@joelddiaz: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test e2e-aws-manual-oidc |
/retest |
1 similar comment
/retest |
@@ -103,6 +104,7 @@ func NewCreateAllCmd() *cobra.Command { | |||
createAllCmd.PersistentFlags().StringVar(&CreateAllOpts.CredRequestDir, "credentials-requests-dir", "", "Directory containing files of CredentialsRequests to create IAM Roles for (can be created by running 'oc adm release extract --credentials-requests --cloud=aws' against an OpenShift release image)") | |||
createAllCmd.MarkPersistentFlagRequired("credentials-requests-dir") | |||
createAllCmd.PersistentFlags().StringVar(&CreateAllOpts.TargetDir, "output-dir", "", "Directory to place generated files (defaults to current directory)") | |||
createAllCmd.PersistentFlags().BoolVar(&CreateAllOpts.EnableTechPreview, "--enable-tech-preview", false, "Opt into processing CredentialsRequests marked as tech-preview") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joelddiaz "--enable-tech-preview" unnecessary --
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here is testcases for the PR https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitems?query=trello%3AOCPBUGSM%5C-38879, please help to review, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the --
is unnecessary. Pushed an update to the PR. Thanks!
This new parameter will allow ccoctl to either include or exclude any CredentialsRequest that is is processing based on the presence/value of the tech-preview annotation. Add some sanity checking that will ignore a CredReq with the tech-preview annotation, but with an unexpected value. Add test cases to cover the GetListOfCredentialsRequests function, and introduce a new test pattern for building resources that are needed for testing.
88f718f
to
4a2c157
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: akhil-rane, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@joelddiaz: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@joelddiaz: All pull requests linked via external trackers have merged: Bugzilla bug 2035903 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
First commit disables processing of resources with feature-gate annotation.
Second commit adds new --enable-tech-preview parameter which allows tech-preview-annotated resources through. Adds several test cases to cover it.