Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.7] Bug 1949941: add a scraper and an alert to check for old-style tokens #437

Merged
merged 2 commits into from Apr 28, 2021
Merged

[4.7] Bug 1949941: add a scraper and an alert to check for old-style tokens #437

merged 2 commits into from Apr 28, 2021

Conversation

stlaz
Copy link
Member

@stlaz stlaz commented Apr 21, 2021

Adds a scraper to check for presence of old OAuthAccess- or
OAuthAuthorizeTokens and an informative alert that informs of
deprecation of the tokens that do not adhere to the new hashed
token name format.

/assign @sttts

@openshift-ci-robot openshift-ci-robot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Apr 21, 2021
@openshift-ci-robot
Copy link
Contributor

@stlaz: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected the bug to target the "4.8.0" release, but it targets "4.7.z" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[4.7] Bug 1949941: add a scraper and an alert to check for old-style tokens

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 21, 2021
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 21, 2021
@stlaz stlaz changed the base branch from master to release-4.7 April 21, 2021 09:04
@openshift-ci-robot
Copy link
Contributor

@stlaz: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[4.7] Bug 1949941: add a scraper and an alert to check for old-style tokens

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 21, 2021
@stlaz
Copy link
Member Author

stlaz commented Apr 21, 2021

/retest
it probably tried to build that with current master as I chose the wrong base originally

@stlaz
add a scraper and an alert to check for old-style tokens
312ab66 
Adds a scraper to check for presence of old OAuthAccess- or
OAuthAuthorizeTokens and an informative alert that informs of
deprecation of the tokens that do not adhere to the new hashed
token name format.
@stlaz
go mod tidy && go mod vendor
67977a9
@sttts
Copy link
Contributor

sttts commented Apr 21, 2021

/lgtm
/approve

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 21, 2021
@stlaz
Copy link
Member Author

stlaz commented Apr 21, 2021

@openshift/sre-alert-sme we are introducing a new alert to 4.7, I was told that you may want to know :)

@stlaz
Copy link
Member Author

stlaz commented Apr 21, 2021
edited

/hold
for an SRE ack

for context: this is the final stage of the secure oauth token storage and we're doing this to make users aware of the changes from https://github.com/openshift/enhancements/blob/master/enhancements/authentication/oauth-resource-storage.md

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 21, 2021
@sttts
Copy link
Contributor

sttts commented Apr 21, 2021

/restart

@RiRa12621
Copy link

in the long run, we need to find a better way to inform customers of things on cluster that will be breaking in a future version but for now LGTM from our end as the info level alert doesn't have any impact.
If you have the capacity, it'd be great if you could add a small runbook for it to github.com/openshift/runbooks

@stlaz
Copy link
Member Author

stlaz commented Apr 21, 2021

/hold cancel
/retest

thanks for the review, I'll try to have a look at coming up with a runbook for this tomorrow

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 21, 2021
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Apr 22, 2021

@stlaz: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-agnostic-ipv6 7014b78 link /test e2e-agnostic-ipv6
ci/prow/e2e-aws-single-node 67977a9 link /test e2e-aws-single-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@stlaz
Copy link
Member Author

stlaz commented Apr 22, 2021

/hold
we need to remove the single node tests from 4.7 in this repo

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 22, 2021
@stlaz
Copy link
Member Author

stlaz commented Apr 22, 2021

/hold cancel
removed

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 22, 2021
@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link
Contributor

@openshift-bot: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dofinn
Copy link

dofinn commented Apr 23, 2021

/lgtm

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dofinn, stlaz, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link
Contributor

@openshift-bot: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link
Contributor

@openshift-bot: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link
Contributor

@openshift-bot: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

@openshift-ci-robot
Copy link
Contributor

@openshift-bot: This pull request references Bugzilla bug 1949941, which is invalid:

  • expected dependent Bugzilla bug 1944631 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Recalculating validity in case the underlying Bugzilla bug has changed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@stlaz
Copy link
Member Author

stlaz commented Apr 27, 2021

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Apr 27, 2021
@openshift-ci-robot
Copy link
Contributor

@stlaz: This pull request references Bugzilla bug 1949941, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.7.z) matches configured target release for branch (4.7.z)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1944631 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
  • dependent Bugzilla bug 1944631 targets the "4.8.0" release, which is one of the valid target releases: 4.8.0
  • bug has dependents

Requesting review from QA contact:
/cc @rhpmali

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@bparees bparees added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Apr 28, 2021
@openshift-merge-robot openshift-merge-robot merged commit c19a2ad into openshift:release-4.7 Apr 28, 2021
@openshift-ci-robot
Copy link
Contributor

@stlaz: All pull requests linked via external trackers have merged:

Bugzilla bug 1949941 has been moved to the MODIFIED state.

In response to this:

[4.7] Bug 1949941: add a scraper and an alert to check for old-style tokens

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sttts sttts sttts left review comments

@deads2k deads2k Awaiting requested review from deads2k

@rhpmali rhpmali Awaiting requested review from rhpmali

Assignees

@sttts sttts

@dofinn dofinn

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@stlaz @openshift-ci-robot @sttts @RiRa12621 @openshift-bot @dofinn @bparees @openshift-merge-robot