Skip to content

OCPBUGS-82498: 4.21 rebase 3.6.11#377

Open
dusk125 wants to merge 119 commits intoopenshift:openshift-4.21from
dusk125:4.21-rebase-3.6.11
Open

OCPBUGS-82498: 4.21 rebase 3.6.11#377
dusk125 wants to merge 119 commits intoopenshift:openshift-4.21from
dusk125:4.21-rebase-3.6.11

Conversation

@dusk125
Copy link
Copy Markdown

@dusk125 dusk125 commented May 7, 2026

Rebase, conflict resolution, and go version reverts handled by Claude

❯ ./bin/etcd --version
etcd Version: 3.6.11
Git SHA: 2c01256
Go Version: go1.24.13
Go OS/Arch: darwin/arm64

serathius and others added 30 commits September 23, 2025 17:47
@serathius
Reject watch request with -1 revision and make rangeEvents safe again…
3bb4470 
…st negative revision

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#20707 from k8s-infra-cherrypick-robot/cher…
4790130 
…ry-pick-20693-to-release-3.6

[release-3.6] Reject watch request with -1 revision to prevent invalid resync behavior on uncompacted etcd and make rangeEvents safe against negative revision.
@tchap
server/embed: Log EOF on DEBUG in TLS handshake
ee85ed3 
When EOF is encountered during TLS handshake, it is still logged as a
warning. This seems excessive and not really useful.

This patch ensures EOF is logged on debug only.

Signed-off-by: Ondra Kupka <okupka@redhat.com>
@ahrtr
Merge pull request etcd-io#20749 from k8s-infra-cherrypick-robot/cher…
3bbdd68 
…ry-pick-20568-to-release-3.6

[release-3.6] server/embed: Log EOF on DEBUG in TLS handshake
@ahrtr
Fix endpoint status not retuning the correct storage quota
4973fd4 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#20790 from ahrtr/20251012_quota_3.6
4dfe6c1
@hwdef
Bump go to 1.24.9
1e02301 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20801 from hwdef/release-36-bump-go1249
9d7222c 
[release-3.6] Bump go to 1.24.9
@xUser5000
test: add promote with auth e2e tests
e88e142 
Adds two test cases for the member promote operation when auth is
enabled. In the first case, the member promote request is submitted to
the leader, and in the second case it's submitted to the follower. The
leader case succeeds. In the other case, the follower forwards the
promote request to the leader. But, the forwarded request fails due to
a bug. The logs on the leader include this message:

```
failed to promote a member
```

as well as the error:

```
auth: user name is empty
```

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: fix cannot promote with auth from follower
5377bb9 
When auth is enabled, sending a promotion request to a follower node was failing because
the auth token was not being propagated when the follower forwards the request to the leader.

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: follow convention to extract auth token in cluster_util.go
76ee0bc 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
tests: use WaitLeader() in memberPromoteWithAuth()
db6be4c 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@ahrtr
Merge pull request etcd-io#20874 from k8s-infra-cherrypick-robot/cher…
52b2948 
…ry-pick-20792-to-release-3.6

[release-3.6] etcdserver: Fix: cannot promote member from follower when auth is enabled
@ahrtr
Add an e2e test cases to reproduce the '--force-new-cluster' can't re…
7d3fc02 
…move learner issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the '--force-new-cluster' can't clean up learners issue
523100b 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20896 from k8s-infra-cherrypick-robot/cher…
d1a3bee 
…ry-pick-20894-to-release-3.6

[release-3.6] Fix the issue that `--force-new-cluster` can't clean up learner after creating v2 snapshot
@ronaldngounou
Bump from go1.24.9 to go1.24.10
2c0db32 
Signed-off-by: ronaldngounou <ronald.ngounou@yahoo.com>
@ahrtr
Merge pull request etcd-io#20901 from ronaldngounou/release36-bump-go…
88b9794 
…12410

[release-3.6] Bump from go1.24.9 to go1.24.10
@mingl1
v3rpc: add and use getServerMetrics() with global metricsServerCached
145d927 
Signed-off-by: mingl1 <minglin.me@gmail.com>
@ahrtr
Merge pull request etcd-io#20905 from k8s-infra-cherrypick-robot/cher…
0745315 
…ry-pick-20887-to-release-3.6

[release-3.6] fix duplicate metrics collector registration attempted
@ivanvc
version: bump up to 3.6.6
d2809cf 
Signed-off-by: Ivan Valdes <iv@a.ki>
@ahrtr
Print token fingerprint instead of the original tokens in log messages
554dc70 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20941 from ahrtr/20251117_tokens_3.6
f185ce6 
[release-3.6] Print token fingerprint instead of the original tokens in log messages
@hwdef
Bump go to 1.24.11
97141e1 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20998 from hwdef/release36-bump-go-12411
dbaf5cf 
[release-3.6] Bump go to 1.24.11
@ivanvc
dependency: Bump golang.org/x/net from 0.38.0 to 0.45.0
61af088 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ahrtr
Merge pull request etcd-io#21024 from ivanvc/release-3.6-x-net-0.45.0
6bfd01c 
[release-3.6] dependency: Bump golang.org/x/crypto from 0.36.0 to 0.45.0
@joshjms
version: bump up to 3.6.7
e838ef1 
Signed-off-by: joshjms <joshjms1607@gmail.com>
@ivanvc
dependency: Bump golang.org/x/crypto from 0.42.0 to 0.45.0
f767aa2 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ivanvc
tools: explicitly require golang.org/x/tools/cmd/goimports
81c32a4 
Running genproto fails with:

% (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
stderr: /home/prow/go/pkg/mod/golang.org/x/tools@v0.38.0/cmd/goimports/goimports.go:23:2: missing go.sum entry for module providing package golang.org/x/telemetry/counter (imported by golang.org/x/tools/cmd/goimports); to add:
stderr: go get golang.org/x/tools/cmd/goimports@v0.38.0
FAIL: (code:1):
  % (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
Failed to install tool 'golang.org/x/tools/cmd/goimports'

Signed-off-by: Ivan Valdes <ivan@vald.es>
ahrtr and others added 10 commits April 29, 2026 14:48
@ahrtr
Merge pull request etcd-io#21685 from ahrtr/20260429_auth_3.6
d671fd0 
[release-3.6] Fix read access via PrevKv or lease attachment in a Put request in etcd transactions bypass RBAC authorization checks
@ivanvc
version: bump up to 3.6.11
ec166e2 
Signed-off-by: Ivan Valdes <iv@a.ki>
@dusk125
Merge remote-tracking branch 'openshift/openshift-4.21' into 4.21-reb…
af4012d 
…ase-3.6.11

# Conflicts:
#	go.mod
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21668 from ahrtr…
2fccd54 
…/20260426_dep_3.6"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21586 from fuwei…
cf5d96a 
…d/bump-go-to-1.25.9-36"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21531 from ahrtr…
02bee4e 
…/20260327_dep"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21463 from ivanv…
2dfc8fb 
…c/release-3.6-go-1.25.8"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21440 from ArkaS…
43b477a 
…aha30/fix-cve-GO-2026-4559-3.6"
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21393 from shuan…
a83e622 
…1026/bump-3.6-to-gov1.25.7"
@dusk125 @claude
UPSTREAM: <drop>: go mod tidy
2c01256 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 7, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 7, 2026

@dusk125: This pull request references Jira Issue OCPBUGS-82498, which is invalid:

  • expected dependent Jira Issue OCPBUGS-82497 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is POST instead
  • expected dependent Jira Issue OCPBUGS-82497 to target a version in 4.22.0, but it targets "4.22.z" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Rebase, conflict resolution, and go version reverts handled by Claude

❯ ./bin/etcd --version
etcd Version: 3.6.11
Git SHA: 2c01256
Go Version: go1.24.13
Go OS/Arch: darwin/arm64

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 7, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c404fb7c-b121-4f25-b6ad-a2a32e4df211

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@dusk125 dusk125 mentioned this pull request May 7, 2026
Closed
@openshift-ci openshift-ci Bot requested review from hasbro17 and tjungblu May 7, 2026 16:06
@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 7, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 7, 2026

@dusk125: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/upstream-integration 2c01256 link false /test upstream-integration
ci/prow/e2e-aws-ovn-upgrade 2c01256 link true /test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn-serial 2c01256 link true /test e2e-aws-ovn-serial
ci/prow/upstream-e2e 2c01256 link false /test upstream-e2e
ci/prow/e2e-aws-ovn 2c01256 link true /test e2e-aws-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@tjungblu
Copy link
Copy Markdown

tjungblu commented May 8, 2026

/lgtm

/verified by @tjungblu

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 8, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 8, 2026

@tjungblu: This PR has been marked as verified by @tjungblu.

Details

In response to this:

/lgtm

/verified by @tjungblu

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 8, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 8, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dusk125, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dusk125
Copy link
Copy Markdown
Author

dusk125 commented May 8, 2026

/retest-required

@dusk125
Copy link
Copy Markdown
Author

dusk125 commented May 8, 2026

/hold
For #376 to merge

@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 8, 2026
@dusk125
Copy link
Copy Markdown
Author

dusk125 commented May 8, 2026

/label backport-risk-assessed

@openshift-ci openshift-ci Bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasbro17 hasbro17 Awaiting requested review from hasbro17

@tjungblu tjungblu Awaiting requested review from tjungblu

Assignees

@tjungblu tjungblu

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.