Bug 2035903: handle resources with feature-gate annotation #444
Conversation
openshift-ci
bot
added
the
approved
joelddiaz
changed the title
openshift-ci
bot
added
bugzilla/severity-medium
|
@joelddiaz: This pull request references Bugzilla bug 2035903, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @akhil-rane |
Codecov Report
@@ Coverage Diff @@
## master #444 +/- ##
==========================================
- Coverage 45.79% 45.74% -0.05%
==========================================
Files 92 92
Lines 9314 9336 +22
==========================================
+ Hits 4265 4271 +6
- Misses 4541 4556 +15
- Partials 508 509 +1
|
pkg/cmd/provisioning/constants.go
Outdated
| // featureGateAnnotation is the annotation used to indicate that a specific manifest is hidden behind a feature gate. | ||
| featureGateAnnotation = "release.openshift.io/feature-gate" | ||
| // validTechPreviewAnnotationValue is the only valid value for the feature-gate annoation | ||
| validTechPreviewAnnotationValue = "TechPreviewNoUpgrade" |
There was a problem hiding this comment.
You can use configv1.TechPreviewNoUpgrade instead of defining your own variable for this.
cloud-credential-operator $ git --no-pager grep TechPreviewNoUpgrade
vendor/github.com/openshift/api/config/v1/types_feature.go: // TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
vendor/github.com/openshift/api/config/v1/types_feature.go: TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
vendor/github.com/openshift/api/config/v1/types_feature.go: TechPreviewNoUpgrade: newDefaultFeatures().
|
@joelddiaz Whether there is a way to not extract such CredentialsRequests when running |
pkg/cmd/provisioning/utils.go
Outdated
| log.Printf("CredentialsRequests %s/%s has unexpected feature-gate value", cr.Namespace, cr.Name) | ||
|
|
||
| } | ||
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) |
There was a problem hiding this comment.
This will make it impossible for users to bootstrap a cluster as a TechPreviewNoUpgrade cluster on certain platforms right? I think this will break a number of release informing jobs and QE scenarios as we, as an org, decided a while back, bootstrapping as a TPNU cluster should be supported.
There was a problem hiding this comment.
We can just take a new CLI parameter to opt into processing these annotated manifests.
joelddiaz
force-pushed
the
ignore-tech-preview
branch
from
a3ee7be
to
098d68d
Compare
joelddiaz
changed the title
|
@joelddiaz: This pull request references Bugzilla bug 2035903, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
joelddiaz
force-pushed
the
ignore-tech-preview
branch
from
098d68d
to
408bf05
Compare
pkg/cmd/provisioning/utils.go
Outdated
| } | ||
|
|
||
| // Ingore CredentialsRequest with the feature-gate annotation |
There was a problem hiding this comment.
| // Ingore CredentialsRequest with the feature-gate annotation | |
| // Ignore CredentialsRequest with the feature-gate annotation |
| @@ -59,7 +59,8 @@ func deleteServiceIDCmd(cmd *cobra.Command, args []string) error { | |||
|
|
|||
| func deleteServiceIDs(client ibmcloud.Client, accountID, name, credReqDir string, force bool) error { | |||
| // Process directory | |||
| credReqs, err := provisioning.GetListOfCredentialsRequests(credReqDir) | |||
| // (always tech-preview==true because we should do a full cleanup to be on the safe side) | |||
There was a problem hiding this comment.
why brackets () ?
| // (always tech-preview==true because we should do a full cleanup to be on the safe side) | |
| // always tech-preview==true because we should do a full cleanup to be on the safe side |
pkg/cmd/provisioning/utils_test.go
Outdated
| if credreq.Annotations == nil { | ||
| credreq.Annotations = map[string]string{} | ||
| } | ||
| credreq.Annotations[featureGateAnnotation] = "TechPreviewNoUpgrade" |
There was a problem hiding this comment.
| credreq.Annotations[featureGateAnnotation] = "TechPreviewNoUpgrade" | |
| credreq.Annotations[featureGateAnnotation] = configv1.TechPreviewNoUpgrade |
| if value, ok := cr.Annotations[featureGateAnnotation]; ok { | ||
| if !enableTechPreview { | ||
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | ||
| continue | ||
| } | ||
| if value != string(configv1.TechPreviewNoUpgrade) { | ||
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | ||
| continue | ||
| } // else allow it to be added it to the list of CredReqs to process | ||
| } | ||
|
|
||
| credRequests = append(credRequests, cr) |
There was a problem hiding this comment.
Do we ignore a CredentialsRequest if featureGateAnnotation value is not equal to TechPreviewNoUpgrade?
There was a problem hiding this comment.
That's how I wrote it up. That is supposed to be an invalid value for the annotation and undefined. So just log it and move on...
| // Handle CredentialsRequest with the feature-gate annotation | ||
| if value, ok := cr.Annotations[featureGateAnnotation]; ok { | ||
| if !enableTechPreview { | ||
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | ||
| continue | ||
| } | ||
| if value != string(configv1.TechPreviewNoUpgrade) { | ||
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | ||
| continue | ||
| } // else allow it to be added it to the list of CredReqs to process | ||
| } |
There was a problem hiding this comment.
IIUC, first we should check if featureGateAnnotation value is equal to TechPreviewNoUpgrade and then check if tech preview is enabled?
| // Handle CredentialsRequest with the feature-gate annotation | |
| if value, ok := cr.Annotations[featureGateAnnotation]; ok { | |
| if !enableTechPreview { | |
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview annotation", cr.Namespace, cr.Name) | |
| continue | |
| } | |
| if value != string(configv1.TechPreviewNoUpgrade) { | |
| log.Printf("Ignoring CredentialsRequest %s/%s with tech-preview value %s", cr.Namespace, cr.Name, value) | |
| continue | |
| } // else allow it to be added it to the list of CredReqs to process | |
| } | |
| // Handle CredentialsRequest with the feature-gate annotation | |
| if value, ok := cr.Annotations[featureGateAnnotation]; ok { | |
| if value != string(configv1.TechPreviewNoUpgrade) { | |
| log.Printf("Ignoring CredentialsRequest %s/%s with release.openshift.io/feature-gate annotation value %s", cr.Namespace, cr.Name, value) | |
| continue | |
| } | |
| if !enableTechPreview { | |
| log.Printf("Ignoring CredentialsRequest %s/%s with release.openshift.io/feature-gate annotation value %s", cr.Namespace, cr.Name, configv1.TechPreviewNoUpgrade) | |
| continue | |
| } | |
| // else allow it to be added to the list of CredentialsRequests to process | |
| } |
Cannot assume that a feature is enabled, and should not process them by default. We can revisit properly handling them going forward, but for now keep ccoctl from processing optional resources by default.
joelddiaz
force-pushed
the
ignore-tech-preview
branch
from
408bf05
to
88f718f
Compare
|
/test e2e-aws-manual-oidc-sts |
|
@joelddiaz: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-aws-manual-oidc |
|
/retest |
1 similar comment
|
/retest |
| @@ -103,6 +104,7 @@ func NewCreateAllCmd() *cobra.Command { | |||
| createAllCmd.PersistentFlags().StringVar(&CreateAllOpts.CredRequestDir, "credentials-requests-dir", "", "Directory containing files of CredentialsRequests to create IAM Roles for (can be created by running 'oc adm release extract --credentials-requests --cloud=aws' against an OpenShift release image)") | |||
| createAllCmd.MarkPersistentFlagRequired("credentials-requests-dir") | |||
| createAllCmd.PersistentFlags().StringVar(&CreateAllOpts.TargetDir, "output-dir", "", "Directory to place generated files (defaults to current directory)") | |||
| createAllCmd.PersistentFlags().BoolVar(&CreateAllOpts.EnableTechPreview, "--enable-tech-preview", false, "Opt into processing CredentialsRequests marked as tech-preview") | |||
There was a problem hiding this comment.
@joelddiaz "--enable-tech-preview" unnecessary --
There was a problem hiding this comment.
and here is testcases for the PR https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitems?query=trello%3AOCPBUGSM%5C-38879, please help to review, thanks
There was a problem hiding this comment.
Yes, the -- is unnecessary. Pushed an update to the PR. Thanks!
This new parameter will allow ccoctl to either include or exclude any CredentialsRequest that is is processing based on the presence/value of the tech-preview annotation. Add some sanity checking that will ignore a CredReq with the tech-preview annotation, but with an unexpected value. Add test cases to cover the GetListOfCredentialsRequests function, and introduce a new test pattern for building resources that are needed for testing.
joelddiaz
force-pushed
the
ignore-tech-preview
branch
from
88f718f
to
4a2c157
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: akhil-rane, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@joelddiaz: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@joelddiaz: All pull requests linked via external trackers have merged: Bugzilla bug 2035903 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
First commit disables processing of resources with feature-gate annotation.
Second commit adds new --enable-tech-preview parameter which allows tech-preview-annotated resources through. Adds several test cases to cover it.