New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2047845: Requeue create on invalid credentials errors #249
Bug 2047845: Requeue create on invalid credentials errors #249
Conversation
@JoelSpeed: This pull request references Bugzilla bug 2047845, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/label backport-risk-assessed |
/approve |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/lgtm |
/retest-required |
/override ci/prow/generate The failure in the code generation seems unrelated to this PR, we haven't updated the file that's causing an error |
@JoelSpeed: Overrode contexts on behalf of JoelSpeed: ci/prow/generate In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@JoelSpeed: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed, lobziik The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/label cherry-pick-approved |
@JoelSpeed: All pull requests linked via external trackers have merged: Bugzilla bug 2047845 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.8 |
@damdo: new pull request created: #253 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Manual cherry pick of openshift/machine-api-provider-azure#11
In several CI examples linked within the BZ, we are seeing issues with the credentials just after they are created or rotated by the CCO. It looks like once the credentials are rotated they take a few minutes to propagate.
When the Machine already exists, this is fine because the exists call returns a 401 and we requeue.
If a new machine is added, at the moment, the invalid credentials cause it to go into a failed phase, even though, if we retried slightly later, it is likely the create would have succeeded.
This PR changes the behaviour so that 401 errors (ie the credentials you provided weren't valid) no longer fails create.
I think this is safe as we already have a number of checks in place around credentials already. If the format of the secret, or any of the values are invalid, the MachineScope fails to create.
The only reason this will cause a failure, as far as I can tell, is if we had valid credentials that have expired and need to be refreshed, in which case, this is not a terminal MAPI failure.