Bug 1895053: Verify builds can mount proxy trustedCA #25778

adambkaplan · 2021-01-04T22:18:02Z

Verify builds can mount the cluster's custom PKI trust bundle if one is
set on the cluster proxy configuration. When mountProxyTrustedCA is
set to true, builds should add the container's trust bundle as a
read-only mount. The custom PKI should be readable during the build
execution, but should not be present in the resulting image.

openshift-ci-robot · 2021-01-04T22:18:06Z

@adambkaplan: This pull request references Bugzilla bug 1895093, which is invalid:

expected the bug to be open, but it isn't
expected the bug to target the "4.7.0" release, but it targets "4.6.z" instead
expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is CLOSED (ERRATA) instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

WIP - Bug 1895093: Verify builds can mount proxy trustedCA

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot · 2021-01-04T22:20:10Z

@adambkaplan: This pull request references Bugzilla bug 1895053, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.7.0) matches configured target release for branch (4.7.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

WIP - Bug 1895053: Verify builds can mount proxy trustedCA

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Verify builds can mount the cluster's custom PKI trust bundle if one is set on the cluster proxy configuration. When `mountProxyTrustedCA` is set to `true`, builds should add the container's trust bundle as a read-only mount. The custom PKI should be readable during the build execution, but should not be present in the resulting image.

wewang58 · 2021-04-02T06:59:49Z

/bugzilla cc-qa

openshift-ci-robot · 2021-04-02T06:59:53Z

@wewang58: This pull request references Bugzilla bug 1895053, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.8.0) matches configured target release for branch (4.8.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wewang58

In response to this:

/bugzilla cc-qa

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

wewang58 · 2021-04-02T07:00:10Z

/lgtm

openshift-ci-robot · 2021-04-02T07:00:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, wewang58

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~test/extended/OWNERS~~ [adambkaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

wewang58 · 2021-04-02T07:00:25Z

/label qe-approved

adambkaplan · 2021-04-07T14:59:47Z

/refresh

adambkaplan · 2021-04-09T18:48:47Z

@bparees something seems to be up with this PR. It is waiting on the status of a job that has never run.

ci/prow/e2e-metal-ipi-ovn-ipv6

bparees · 2021-04-09T18:50:41Z

/override ci/prow/e2e-metal-ipi-ovn-ipv6

openshift-ci-robot · 2021-04-09T18:50:42Z

@bparees: /override requires a failed status context to operate on.
The following unknown contexts were given:

ci/prow/e2e-metal-ipi-ovn-ipv6

Only the following contexts were expected:

ci/prow/e2e-agnostic-cmd
ci/prow/e2e-aws-csi
ci/prow/e2e-aws-disruptive
ci/prow/e2e-aws-fips
ci/prow/e2e-aws-serial
ci/prow/e2e-gcp
ci/prow/e2e-gcp-builds
ci/prow/e2e-gcp-csi
ci/prow/e2e-gcp-disruptive
ci/prow/e2e-gcp-upgrade
ci/prow/images
ci/prow/verify
ci/prow/verify-deps
tide

In response to this:

/override ci/prow/e2e-metal-ipi-ovn-ipv6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

bparees · 2021-04-09T18:52:04Z

@openshift/openshift-team-developer-productivity-test-platform can you take a look at why this PR is stuck? it wants a job result for a context that doesn't seem to exist.

we can manually merge it if need be, but i'd rather find a way to properly push it through.

alvaroaleman · 2021-04-09T18:56:21Z

/test e2e-metal-ipi-ovn-ipv6

bparees · 2021-04-09T18:59:09Z

/test e2e-metal-ipi-ovn-ipv6

wait....that worked? why didn't the override work then?

alvaroaleman · 2021-04-09T18:59:54Z

wait....that worked? why didn't the override work then?

Override only works with a status that exists and that status didn't exist

adambkaplan · 2021-04-12T14:19:07Z

/retest

adambkaplan · 2021-04-12T20:21:06Z

@bparees I've submitted a pr to make the metal-ipi-ovn-ipv6 test optional. openshift/release#17679

adambkaplan · 2021-04-12T20:21:21Z

/retest

bparees · 2021-04-12T20:48:58Z

/override ci/prow/e2e-metal-ipi-ovn-ipv6

openshift-ci-robot · 2021-04-12T20:49:02Z

@bparees: Overrode contexts on behalf of bparees: ci/prow/e2e-metal-ipi-ovn-ipv6

In response to this:

/override ci/prow/e2e-metal-ipi-ovn-ipv6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

adambkaplan · 2021-04-13T15:16:33Z

/retest

openshift-bot · 2021-04-17T10:24:40Z

/retest