New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-1705: Trim ACL names according to RFC1123 #1281
Conversation
We didn't consider this tiny hack that we do https://github.com/openshift/ovn-kubernetes/blob/44ad75466e486cce605e39513a3ecd9e0b306e7d/go-controller/pkg/libovsdbops/acl.go#L60 there when we wrote openshift#1259 and unit tests don't actually scream loudly for longer names. Without this PR we break users who have namespace names longer than 45 characters. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> Co-authored-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit b10ed7b)
@tssurya: GitHub didn't allow me to request PR reviews from the following users: and. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tssurya: This pull request references Jira Issue OCPBUGS-1705, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1705, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approved |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: trozet, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required |
/retest |
2 similar comments
/retest |
/retest |
@tssurya: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@tssurya: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-1705 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
In respect to #1282 (comment) It looks like the problem we were having is actually saving us from bigger problems. The whole logic of
We need to assume that the name might be cropped. Additionally (not directly relevant to this PR), I think that we should short-term (and to be back-portable):
The units tests don't actually account for a long namespace name :/ |
Oh I didn't know we are testing long namespaces, there should be more that 1 bug for that case. |
They will throw an error since they are strong references. And we are currently not able to verify if an ACL is referenced in more than one place. And an efficient implementation would probably reuse ACLs in different places if possible but keeping track of where would be complex from a client perspective, making this garbage collection a meaningful server feature to have and rely on. |
For 4.12? |
ovn is taking care of that, it will create only 1 logical_flow for equivalent ACLs
What kind of interface do you mean here? I still would expect to have DeleteACL if I have CreateACL function?
I don't have a timeline yet, it wasn't a high priority issue :( We may need to discuss if it is safe and makes sense to merge that to 4.12 |
This is not the same thing. Less NB DB space consumed and less northd processing time.
You can expect it, but you don't necessarily need to have it. Or we can have it and panic with the appropriate explanation so that no one is tempted to add it.
No, in that case I think we should have a separate bug that specifically targets this issue and can be assigned. |
I have opened https://issues.redhat.com/browse/OCPBUGS-1958 -> for the bug fix we need to take the approach we decided which is either remove the second case match in The long term fix which is a bit different needs to be discussed in the team meeting. |
I am working on a long term fix for at least a month already: https://issues.redhat.com/browse/SDN-3447 |
We can't backport the externalIDs fix and this current bug needs to be backportable, the externalIDs effort around telling who is the CMS is different from this bug. Thanks for creating the JIRA card! The bug needs to be fixed nevertheless. Let's talk more in the meeting. |
We didn't consider this tiny hack that we do
ovn-kubernetes/go-controller/pkg/libovsdbops/acl.go
Line 60 in 44ad754
Without this PR we break users who have namespace names longer than 45 characters.
Signed-off-by: Surya Seetharaman suryaseetharaman.9@gmail.com
Co-authored-by: Patryk Diak pdiak@redhat.com
(cherry picked from commit b10ed7b)
/cc @trozet and @jcaamano