OCPBUGS-22749: Adjust NAD name by using unique-names-generator #13263
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@hstastna: This pull request references CNV-32926 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
component/network-attachment-definition
hstastna
force-pushed
the
BZ_Admin_can_create_network_shared_between_ns
branch
from
40b0edc
to
103aa9b
Compare
|
@avivtur @metalice @pcbailey @upalatucci @vojtechszocs please review |
1 similar comment
|
@avivtur @metalice @pcbailey @upalatucci @vojtechszocs please review |
|
i can see it already installed by another package, you can just import it without installing it with yarn add. |
Well, it didn't work when I tried to just import it. It acted like the package didn't exist. Did you try to just import it? |
|
hmm tried to import.. didn't get any errors, |
|
you are adding to fornend/package.json and its has |
Adjust the NetworkAttachmentDefinition name after its creation to make sure the name will be unique, to prevent creating a network shared between isolated namespaces. Fixes https://issues.redhat.com/browse/CNV-32926
hstastna
force-pushed
the
BZ_Admin_can_create_network_shared_between_ns
branch
from
103aa9b
to
6e77a4a
Compare
|
@metalice I've played with the code and it started to work even without adding the package anywhere. Weird that it didn't work previously. |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
@avivtur @metalice @pcbailey @upalatucci @vojtechszocs please review |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hstastna, pcbailey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/jira refresh |
|
@hstastna: This pull request references CNV-32926 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/jira refresh |
|
@hstastna: This pull request references CNV-32926 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@hstastna: This pull request references CNV-32926 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
hstastna
changed the title
openshift-ci-robot
added
the
jira/valid-bug
|
@hstastna: This pull request references Jira Issue OCPBUGS-22749, which is valid. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (ycui@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold Revision 6e77a4a was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest |
|
/hold Revision 6e77a4a was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
@hstastna: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@hstastna: Jira Issue OCPBUGS-22749: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-22749 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Fix included in accepted release 4.15.0-0.nightly-2023-11-04-080954 |
|
Fix included in accepted release 4.15.0-0.nightly-2024-02-12-213938 |
Fixes:
https://issues.redhat.com/browse/OCPBUGS-22749
Analysis / Root cause:
By using the "Create Network Attachment Definition" dialog, an administrator may create two NADs in two different namespaces that would be connected to a single L2 network. There is nothing in the UI that indicates that namespace isolation is breached.
Solution Description:
Adjust the NetworkAttachmentDefinition name after its creation to make sure the name will be unique, to prevent creating a network shared between isolated namespaces. Use
unique-names-generatorpackage to generate the unique names that are appended to the name filled in the form for creating NADs.Screen shots / Gifs for design review:
Before:
NADs with same names, shared NADs between the different namespaces can be created:
After:
Unique NADs names: