Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-4655: [release-4.11] Don't delete equivalent ACLs by predicate, since it will fail if #1444

Merged
merged 1 commit into from Dec 21, 2022
Merged

OCPBUGS-4655: [release-4.11] Don't delete equivalent ACLs by predicate, since it will fail if #1444

merged 1 commit into from Dec 21, 2022

Conversation

npinaeva
Copy link
Member

Backport of #1406 (only the last commit, which is the fix)

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 13, 2022

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-4655: [release-4.11] Don't delete equivalent ACLs by predicate, since it will fail if

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Dec 13, 2022
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-4655, which is invalid:

  • expected dependent Jira Issue OCPBUGS-4286 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Backport of #1406 (only the last commit, which is the fix)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva
Don't delete equivalent ACLs by predicate, since it will fail if
eca2110 
equivalent ACL is not deleted from port group/switch.
e.g. on netpol sync, users (somehow) ended up with equivalent
default deny ACLs with different names, and extra ACL wasn't deleted.

Remove DeleteACLs and DeleteACLsOps functions, use
DeleteACLsFromPortGroups and RemoveACLsFromLogicalSwitchesWithPredicate
instead.
Hack unit tests, since we don't explicitly delete ACLs anymore, they
will be garbage collected by the ovsdb, but not by our unit test db.
Therefore, add dereferenced ACLs to the expected db state, remove that
when test server learns to garbage collect acls.

Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
(cherry picked from commit d4604ec)
(cherry picked from commit e074706)

Conflits:
	go-controller/pkg/ovn/egressfirewal_test.go: Updated to expect not garbage-collected ACLs
@npinaeva npinaeva force-pushed the fix-delete-equivalent-acls-4.11 branch from 9c11b7d to eca2110 Compare December 13, 2022 12:08
@npinaeva
Copy link
Member Author

/jira refresh

@npinaeva
Copy link
Member Author

/retest-required

@mffiedler
Copy link

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Dec 14, 2022
@npinaeva
Copy link
Member Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Dec 20, 2022
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-4655, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.11.z) matches configured target version for branch (4.11.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-4286 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE))
  • dependent Jira Issue OCPBUGS-4286 targets the "4.12.0" version, which is one of the valid target versions: 4.12.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jcaamano
Copy link
Contributor

/lgtm
/approve
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Dec 20, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 20, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 20, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jcaamano, npinaeva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 20, 2022
@npinaeva
Copy link
Member Author

/retest-required

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 35220a5 and 2 for PR HEAD eca2110 in total

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 20, 2022
edited

@npinaeva: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-ovn-hybrid-step-registry eca2110 link false /test e2e-ovn-hybrid-step-registry
ci/prow/e2e-vsphere-windows eca2110 link false /test e2e-vsphere-windows
ci/prow/e2e-hypershift eca2110 link false /test e2e-hypershift
ci/prow/e2e-vsphere-ovn eca2110 link false /test e2e-vsphere-ovn
ci/prow/e2e-aws-ovn-windows eca2110 link false /test e2e-aws-ovn-windows
ci/prow/4.11-upgrade-from-stable-4.10-local-gateway-e2e-aws-ovn-upgrade eca2110 link false /test 4.11-upgrade-from-stable-4.10-local-gateway-e2e-aws-ovn-upgrade

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 2fb221d and 1 for PR HEAD eca2110 in total

@openshift-merge-robot openshift-merge-robot merged commit d910c23 into openshift:release-4.11 Dec 21, 2022
@openshift-ci-robot
Copy link
Contributor

@npinaeva: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-4655 has been moved to the MODIFIED state.

In response to this:

Backport of #1406 (only the last commit, which is the fix)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva npinaeva deleted the fix-delete-equivalent-acls-4.11 branch December 21, 2022 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhat abhat Awaiting requested review from abhat

@JacobTanenbaum JacobTanenbaum Awaiting requested review from JacobTanenbaum

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@zhaozhanqi zhaozhanqi

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet