Skip to content

OCPBUGS-82497: 4.22 rebase 3.6.11#376

Open
dusk125 wants to merge 120 commits intoopenshift:openshift-4.22from
dusk125:4.22-rebase-3.6.11
Open

OCPBUGS-82497: 4.22 rebase 3.6.11#376
dusk125 wants to merge 120 commits intoopenshift:openshift-4.22from
dusk125:4.22-rebase-3.6.11

Conversation

@dusk125
Copy link
Copy Markdown

@dusk125 dusk125 commented May 7, 2026
edited
Loading

Rebase, conflict resolution, and go version reverts handled by Claude

❯ ./bin/etcd --version
etcd Version: 3.6.11
Git SHA: 5694f3b
Go Version: go1.24.13
Go OS/Arch: darwin/arm64

serathius and others added 30 commits September 23, 2025 17:47
@serathius
Reject watch request with -1 revision and make rangeEvents safe again…
3bb4470 
…st negative revision

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#20707 from k8s-infra-cherrypick-robot/cher…
4790130 
…ry-pick-20693-to-release-3.6

[release-3.6] Reject watch request with -1 revision to prevent invalid resync behavior on uncompacted etcd and make rangeEvents safe against negative revision.
@tchap
server/embed: Log EOF on DEBUG in TLS handshake
ee85ed3 
When EOF is encountered during TLS handshake, it is still logged as a
warning. This seems excessive and not really useful.

This patch ensures EOF is logged on debug only.

Signed-off-by: Ondra Kupka <okupka@redhat.com>
@ahrtr
Merge pull request etcd-io#20749 from k8s-infra-cherrypick-robot/cher…
3bbdd68 
…ry-pick-20568-to-release-3.6

[release-3.6] server/embed: Log EOF on DEBUG in TLS handshake
@ahrtr
Fix endpoint status not retuning the correct storage quota
4973fd4 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#20790 from ahrtr/20251012_quota_3.6
4dfe6c1
@hwdef
Bump go to 1.24.9
1e02301 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20801 from hwdef/release-36-bump-go1249
9d7222c 
[release-3.6] Bump go to 1.24.9
@xUser5000
test: add promote with auth e2e tests
e88e142 
Adds two test cases for the member promote operation when auth is
enabled. In the first case, the member promote request is submitted to
the leader, and in the second case it's submitted to the follower. The
leader case succeeds. In the other case, the follower forwards the
promote request to the leader. But, the forwarded request fails due to
a bug. The logs on the leader include this message:

```
failed to promote a member
```

as well as the error:

```
auth: user name is empty
```

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: fix cannot promote with auth from follower
5377bb9 
When auth is enabled, sending a promotion request to a follower node was failing because
the auth token was not being propagated when the follower forwards the request to the leader.

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: follow convention to extract auth token in cluster_util.go
76ee0bc 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
tests: use WaitLeader() in memberPromoteWithAuth()
db6be4c 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@ahrtr
Merge pull request etcd-io#20874 from k8s-infra-cherrypick-robot/cher…
52b2948 
…ry-pick-20792-to-release-3.6

[release-3.6] etcdserver: Fix: cannot promote member from follower when auth is enabled
@ahrtr
Add an e2e test cases to reproduce the '--force-new-cluster' can't re…
7d3fc02 
…move learner issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the '--force-new-cluster' can't clean up learners issue
523100b 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20896 from k8s-infra-cherrypick-robot/cher…
d1a3bee 
…ry-pick-20894-to-release-3.6

[release-3.6] Fix the issue that `--force-new-cluster` can't clean up learner after creating v2 snapshot
@ronaldngounou
Bump from go1.24.9 to go1.24.10
2c0db32 
Signed-off-by: ronaldngounou <ronald.ngounou@yahoo.com>
@ahrtr
Merge pull request etcd-io#20901 from ronaldngounou/release36-bump-go…
88b9794 
…12410

[release-3.6] Bump from go1.24.9 to go1.24.10
@mingl1
v3rpc: add and use getServerMetrics() with global metricsServerCached
145d927 
Signed-off-by: mingl1 <minglin.me@gmail.com>
@ahrtr
Merge pull request etcd-io#20905 from k8s-infra-cherrypick-robot/cher…
0745315 
…ry-pick-20887-to-release-3.6

[release-3.6] fix duplicate metrics collector registration attempted
@ivanvc
version: bump up to 3.6.6
d2809cf 
Signed-off-by: Ivan Valdes <iv@a.ki>
@ahrtr
Print token fingerprint instead of the original tokens in log messages
554dc70 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20941 from ahrtr/20251117_tokens_3.6
f185ce6 
[release-3.6] Print token fingerprint instead of the original tokens in log messages
@hwdef
Bump go to 1.24.11
97141e1 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20998 from hwdef/release36-bump-go-12411
dbaf5cf 
[release-3.6] Bump go to 1.24.11
@ivanvc
dependency: Bump golang.org/x/net from 0.38.0 to 0.45.0
61af088 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ahrtr
Merge pull request etcd-io#21024 from ivanvc/release-3.6-x-net-0.45.0
6bfd01c 
[release-3.6] dependency: Bump golang.org/x/crypto from 0.36.0 to 0.45.0
@joshjms
version: bump up to 3.6.7
e838ef1 
Signed-off-by: joshjms <joshjms1607@gmail.com>
@ivanvc
dependency: Bump golang.org/x/crypto from 0.42.0 to 0.45.0
f767aa2 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ivanvc
tools: explicitly require golang.org/x/tools/cmd/goimports
81c32a4 
Running genproto fails with:

% (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
stderr: /home/prow/go/pkg/mod/golang.org/x/tools@v0.38.0/cmd/goimports/goimports.go:23:2: missing go.sum entry for module providing package golang.org/x/telemetry/counter (imported by golang.org/x/tools/cmd/goimports); to add:
stderr: go get golang.org/x/tools/cmd/goimports@v0.38.0
FAIL: (code:1):
  % (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
Failed to install tool 'golang.org/x/tools/cmd/goimports'

Signed-off-by: Ivan Valdes <ivan@vald.es>
fuweid and others added 19 commits April 27, 2026 14:24
@fuweid
Merge pull request etcd-io#21668 from ahrtr/20260426_dep_3.6
bc2482b 
[release-3.6] Bump golang.org/x/image to v0.39.0 to resolve GO-2026-4962
@ahrtr
Merge pull request etcd-io#21667 from ahrtr/20260426_add_member
7d4b175 
[release-3.6] Fix the issue that cannot add a new member when one member is down, even if quorum is still satisfied
@ahrtr
move function CheckTxnAuth from package txn to apply
20e6f23 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Get all Put related auth check into a separate function 'checkPutAuth'
c387fa5 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21681 from ahrtr/20260428_auth_refactor
16a8a36 
[release-3.6] Refactor auth check for Put requests in TXN
@ahrtr
Add an integration test case to reproduce the read via PrevKv bypass …
3fe5746 
…rbac check issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Add an integration test to reproduce the issue of PutWithLease in a T…
fbbd0a1 
…XN bypass RBAC check

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the 'read via PrevKv' and 'Put with lease' in TXN bypass rbac che…
633de82 
…ck issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21685 from ahrtr/20260429_auth_3.6
d671fd0 
[release-3.6] Fix read access via PrevKv or lease attachment in a Put request in etcd transactions bypass RBAC authorization checks
@ivanvc
version: bump up to 3.6.11
ec166e2 
Signed-off-by: Ivan Valdes <iv@a.ki>
@dusk125
Merge remote-tracking branch 'openshift/openshift-4.22' into openshif…
225fe90 
…t-4.22-rebase-3.6.11

# Conflicts:
#	go.mod
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21668 from ahrtr…
abeb10c 
…/20260426_dep_3.6"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21586 from fuwei…
1a82e62 
…d/bump-go-to-1.25.9-36"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21531 from ahrtr…
24e3647 
…/20260327_dep"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21463 from ivanv…
5c7e836 
…c/release-3.6-go-1.25.8"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21440 from ArkaS…
98664cf 
…aha30/fix-cve-GO-2026-4559-3.6"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21393 from shuan…
7f08f12 
…1026/bump-3.6-to-gov1.25.7"
@dusk125 @claude
DOWNSTREAM: <drop>: update images
e8d515e 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@dusk125 @claude
UPSTREAM: <drop>: go mod tidy
5694f3b 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels May 7, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 7, 2026

@dusk125: This pull request references Jira Issue OCPBUGS-82497, which is valid.

7 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.22.0) matches configured target version for branch (4.22.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
  • release note text is set and does not match the template
  • dependent bug Jira Issue OCPBUGS-82495 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-82495 targets the "5.0.0" version, which is one of the valid target versions: 5.0.0
  • bug has dependents

Requesting review from QA contact:
/cc @sandeepknd

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

❯ ./bin/etcd --version
etcd Version: 3.6.11
Git SHA: 5694f3b
Go Version: go1.24.13
Go OS/Arch: darwin/arm64

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 7, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6eff4b65-4785-4d6d-beff-5ef5d18b4825

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested a review from sandeepknd May 7, 2026 16:01
@dusk125 dusk125 mentioned this pull request May 7, 2026
Closed
@openshift-ci openshift-ci Bot requested review from deads2k and tjungblu May 7, 2026 16:02
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 7, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dusk125

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 7, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 7, 2026

@dusk125: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/upstream-integration 5694f3b link false /test upstream-integration
ci/prow/e2e-aws-ovn-serial 5694f3b link true /test e2e-aws-ovn-serial
ci/prow/e2e-aws-ovn-upgrade 5694f3b link true /test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn 5694f3b link true /test e2e-aws-ovn
ci/prow/upstream-e2e 5694f3b link false /test upstream-e2e

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandeepknd sandeepknd Awaiting requested review from sandeepknd

@deads2k deads2k Awaiting requested review from deads2k

@tjungblu tjungblu Awaiting requested review from tjungblu

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.