Bug 2037274: pkg/*: introduce x509_missing_san_total metric

[s-urbaniak]

This introduces a x509_missing_san_total metric for detecting legacy certificates for external identity providers who don't provide a SAN field, see openshift/enhancements#980 for details.

[openshift-ci]

@s-urbaniak: This pull request references Bugzilla bug 2031839, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @xingxingxia

In response to this:

[WIP] Bug 2031839: pkg/*: introduce x509_missing_san_total metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[s-urbaniak]

/bugzilla refresh

[openshift-ci]

@s-urbaniak: This pull request references Bugzilla bug 2031839, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @xingxingxia

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[s-urbaniak]

/test e2e-gcp

[s-urbaniak]

/test e2e-agnostic-upgrade

[openshift-ci]

@s-urbaniak: This pull request references Bugzilla bug 2031839, which is invalid:

• expected the bug to target the "4.9.z" release, but it targets "4.10.0" instead
• expected Bugzilla bug 2031839 to depend on a bug targeting a release in 4.10.0 and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[WIP] Bug 2031839: pkg/*: introduce x509_missing_san_total metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@s-urbaniak: This pull request references Bugzilla bug 2037274, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.9.z) matches configured target release for branch (4.9.z)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
• dependent bug Bugzilla bug 2037272 is in the state CLOSED (CURRENTRELEASE), which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
• dependent Bugzilla bug 2037272 targets the "4.10.0" release, which is one of the valid target releases: 4.10.0
• bug has dependents

Requesting review from QA contact:
/cc @xingxingxia

In response to this:

[WIP] Bug 2037274: pkg/*: introduce x509_missing_san_total metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[s-urbaniak]

/retest

[s-urbaniak]

1. If the Bugzilla associated with the PR has the "FastFix" keyword, the subjective assessment on the issue has already been done and a customer is impacted. These PRs should be prioritized for merge.
   • verified
   • does not apply
2. The bug has significant impact either through severity, reduction in supportability, or number of users affected.
   • verified
   • does not apply
3. For branches that are in the Maintenance lifecycle phase:
   • The bug is a critical fix, no reasonable workaround exists, and a recommendation for upgrade has been ruled out, or
   • The bug is a security related bug
   • Branch not in maintenance mode yet (current release + previous release for 90 days after current GA; everything older is in maintenance)
4. The severity field of the bug must be set to accurately reflect criticality.
   • verified
5. The PR was created with the cherry-pick bot OR the PR’s description is well formed with user-focused release notes that state the bug number, impact, cause, and resolution. Where appropriate, it should also contain information about how a user can identify whether a particular cluster is affected.
   • verified (here, concretely, we don't want this change to be present in master)

[s-urbaniak]

/label backport-risk-assessed

[stlaz]

/approve

[slaskawi]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ibihim, s-urbaniak, slaskawi, stlaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [stlaz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@s-urbaniak: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[xingxingxia]

Sorry for late sparing time checking on the 4.10 ON_QA bug 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional, labeling now:
/label cherry-pick-approved

[openshift-ci]

@s-urbaniak: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/cluster-kube-apiserver-operator#1274 is open

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state. Once unlinked, request a bug refresh with /bugzilla refresh.

Bugzilla bug 2037274 has not been moved to the MODIFIED state.

In response to this:

Bug 2037274: pkg/*: introduce x509_missing_san_total metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build oauth-server-container-v4.9.0-202311250023.p0.g1ee9925.assembly.stream for distgit oauth-server.
All builds following this will include this PR.