New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-1750: Trim ACL names according to RFC1123 #1282
Conversation
@tssurya: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tssurya: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold |
7207d0c
to
b4bbe36
Compare
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tssurya: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
b4bbe36
to
ac0341e
Compare
/retest |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold cancel |
@tssurya Why do we need |
There is a place in the code: https://github.com/openshift/ovn-kubernetes/pull/1282/files#diff-cc83e19af1c257d5a09b711d5977d8f8c20beb34b7b5d3eb37b2f2c53ded1bf7L143 where we were calling |
Not sure if I follow this part, any place in code like efw or policies that call |
Ok. So comments about this:
|
How difficult would be to cherry pick |
… deleted. To make sure we don't forget about that, add port group and switch refs to DeleteACLs as args. UUIDs don't need to be cleaned up only if port group or switch is completely deleted. Update all DeleteACLs calls to cleanup refs. Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com> (cherry picked from commit c204519) Conflicts in 4.11 because openshift@e1f7da0#diff-ee54e95b45c5a079454546fed94fcef68b13d9dc6cd14e192585fe2465bcaefcL141 is missing: go-controller/pkg/libovsdbops/acl.go
Initially when the commit to cleanup ACLs was done in ovn-org/ovn-kubernetes#3038 I had assumed that ACL names weren't truncated to fit the 63 char length and thought they were like other fields. Based on that assumption there were two places in code where I used a predicate match based on acl names which was plain stupidity. This PR fixes that: 1) When the arp && arp || nd bug was being cleaned up, I was trying to be extra careful in matching on old exp: "arp" and the acl name. I deleted the second part of that logic since there can be cases where the entire suffix is missing like when the namespace is 63 chars. So let us stick to matching on acl.Match alone 2) When the deny default ACL duplicates per namespace were being updated - again I was matching on ACL names to exclude the arp policies. I replaced this with using acl.Match which is more reliable and accurate. In ovn-org/ovn-kubernetes#3181 we realised we had to trim the acls and we fixed that, but didn't fix the above two issues. So let's fix that up and also I added a unit test case with a long named namespace. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit 6f60497) Conflicts in 4.11: go-controller/pkg/ovn/policy_test.go because we are missing https://github.com/ovn-org/ovn-kubernetes/pull/3161/files#diff-2a5ea421d13f2f639ad217cada1f5c741e9ba6d68abcf431a700c0f68b71e04dR1729
QE testing passed on this PR covering all corner cases /label qe-approved |
/label cherry-pick-approved |
/retest |
/test e2e-hypershift |
@tssurya: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flavio-fernandes, jcaamano, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/jira refresh |
@flavio-fernandes: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/jira refresh |
@tssurya: This pull request references Jira Issue OCPBUGS-1750, which is valid. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@tssurya: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-1750 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Cherry picks #1281 and c204519
First cherry-pick had to be modified to use
libovsdbops.BuildACL
instead ofovn.BuildACL
since we are missing 44ad754 in 4.11Second cherry-pick had a very minor conflict outlined in the commit message.