Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.8] Bug 1972687: openshift authorization proxy: escape header key values #219

Merged
merged 1 commit into from Jun 17, 2021
Merged

[release-4.8] Bug 1972687: openshift authorization proxy: escape header key values #219

merged 1 commit into from Jun 17, 2021

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #217

/assign s-urbaniak

@stlaz
openshift authorization proxy: escape header key values
8550c23 
The authorization.openshift.io RBAC proxy is taking values from
the Extra field of a UserInfo of a user that made a request against
this API. The fields of the map may generally contain values that
cannot appear in an HTTP header, like '/' that's commonly separating
an API annotation from the API version or resource.

Copy the k8s.io header escaping function and use it in the proxy
that's handling the OpenShift authorization API.
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jun 17, 2021
Merged
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 17, 2021

@openshift-cherrypick-robot: Detected clone of Bugzilla bug 1972383 with correct target release. Retitling PR to link to clone:
/retitle [release-4.8] Bug 1972687: openshift authorization proxy: escape header key values

In response to this:

[release-4.8] Bug 1972383: openshift authorization proxy: escape header key values

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot changed the title [release-4.8] Bug 1972383: openshift authorization proxy: escape header key values [release-4.8] Bug 1972687: openshift authorization proxy: escape header key values Jun 17, 2021
@openshift-ci openshift-ci bot added the bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. label Jun 17, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 17, 2021

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1972687, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.8.0) matches configured target release for branch (4.8.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1972383 is in the state MODIFIED, which is one of the valid states (MODIFIED, VERIFIED)
  • dependent Bugzilla bug 1972383 targets the "4.9.0" release, which is one of the valid target releases: 4.9.0
  • bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (liyao@redhat.com), skipping review request.

In response to this:

[release-4.8] Bug 1972687: openshift authorization proxy: escape header key values

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jun 17, 2021
@openshift-ci openshift-ci bot requested review from deads2k and sttts June 17, 2021 07:03
@stlaz
Copy link
Member

stlaz commented Jun 17, 2021

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 17, 2021
@sttts
Copy link
Contributor

sttts commented Jun 17, 2021

/lgtm
/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 17, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: openshift-cherrypick-robot, stlaz, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 17, 2021
@mfojtik mfojtik added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. staff-eng-approved Indicates a release branch PR has been approved by a staff engineer (formerly group/pillar lead). labels Jun 17, 2021
@mfojtik
Copy link
Member

mfojtik commented Jun 17, 2021

Approved as 4.8 GA blocker.

@stlaz
Copy link
Member

stlaz commented Jun 17, 2021

/retest
infra

@osherdp
Copy link
Member

osherdp commented Jun 17, 2021
edited

/test e2e-cmd
also seems infra-related

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

3 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@osherdp
Copy link
Member

osherdp commented Jun 17, 2021

/test e2e-aws

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@s-urbaniak
Copy link
Contributor

looking at the e2e failures there seems to be aws related issues.

@osherdp
Copy link
Member

osherdp commented Jun 17, 2021

Yes, there is some thread on announce-testplatform on slack

@openshift-merge-robot openshift-merge-robot merged commit 3949869 into openshift:release-4.8 Jun 17, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 17, 2021

@openshift-cherrypick-robot: All pull requests linked via external trackers have merged:

Bugzilla bug 1972687 has been moved to the MODIFIED state.

In response to this:

[release-4.8] Bug 1972687: openshift authorization proxy: escape header key values

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@chrisahl
Copy link

chrisahl commented Jun 21, 2021
edited

Is there any info on when this fix will show up in a new 4.8 RC? I assume 4.8.0-rc.1

@xbaran4 xbaran4 mentioned this pull request Jun 23, 2021
Closed
23 tasks
@skabashnyuk skabashnyuk mentioned this pull request Jun 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deads2k deads2k Awaiting requested review from deads2k

@sttts sttts Awaiting requested review from sttts

Assignees

@s-urbaniak s-urbaniak

@stlaz stlaz

@sttts sttts

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. staff-eng-approved Indicates a release branch PR has been approved by a staff engineer (formerly group/pillar lead).
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@openshift-cherrypick-robot @stlaz @sttts @mfojtik @osherdp @openshift-bot @s-urbaniak @chrisahl @openshift-merge-robot