Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-27242: fix or ignore snyk errors for ocp storage repos #112

Merged
merged 1 commit into from Jan 19, 2024
Merged

OCPBUGS-27242: fix or ignore snyk errors for ocp storage repos #112

merged 1 commit into from Jan 19, 2024

Conversation

dobsonj
Copy link
Member

@dobsonj dobsonj commented Jan 18, 2024

Ignore these snyk errors. Lots of complaints about hardcoded credentials in e2e and unit tests (but no real credentials and nothing worth fixing IMO).

 ✗ [Low] Use of Hardcoded Credentials
   ID: 602b9960-4fad-4440-ad69-85dea373fc7c 
   Path: tests/e2e/vsan_stretched_cluster.go, line 131 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: fd883631-52c7-48ee-a6e3-d0f1e13abdb7 
   Path: tests/e2e/config_secret.go, line 95 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: b97e0c3d-7836-4879-959f-fad609a60717 
   Path: tests/e2e/preferential_topology.go, line 107 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 9d1f26a8-b3c5-4828-8e4b-d0679f5e384a 
   Path: tests/e2e/preferential_topology_disruptive.go, line 100 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 98633a4f-05ec-4188-a88b-7beaedf54a96 
   Path: tests/e2e/util.go, line 3808 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 4929863d-2f98-4056-8430-0dba7554fb65 
   Path: tests/e2e/util.go, line 4294 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: c49a1ac0-49ce-4cb3-90d5-63c019e992a9 
   Path: tests/e2e/topology_operation_strom_cases.go, line 96 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 83dc24b4-6a18-49b0-854d-090b6d3e9d9e 
   Path: tests/e2e/topology_multi_replica.go, line 120 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 675c5875-4278-4dfd-8dd6-837ef8dfe8a1 
   Path: tests/e2e/preferential_topology_snapshot.go, line 120 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 82dd36ca-5a65-4942-b109-ecc434c0c2b8 
   Path: tests/e2e/vsan_stretched_cluster_utils.go, line 572 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: d8ae7f8c-7d32-44a4-b5ae-caeabe8b5c91 
   Path: tests/e2e/statefulsets.go, line 90 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 0f50045d-5410-4213-91dd-6a21c175644f 
   Path: tests/e2e/csi_snapshot_basic.go, line 4260 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 107976f0-c220-43a9-8b3a-1b2f1e34a164 
   Path: tests/e2e/topology_site_down_cases.go, line 89 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
 ✗ [Low] Use of Hardcoded Credentials
   ID: f3cd692a-9648-40f1-bbf4-b725f644e49a 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 51 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 47c4eee8-9ec0-4de2-8ecc-7ec70d23bf4a 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 68 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: cbc3ad3f-dece-4e87-b6e9-3d77b2ab55c1 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 84 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 66be7770-6bba-4f87-a373-e46ed733003d 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 100 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: b9f42bae-389c-4cc3-b1e2-2b6688157b9c 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 120 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 896ffd96-5066-4e9d-9c02-f3499a9197e7 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 140 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: dd73e424-0ab8-42fa-a560-4c14bd804051 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 159 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 9814ba4d-f9f9-49e1-aa4e-9823ebcf77f7 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 178 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Use of Hardcoded Credentials
   ID: a7a99ac0-f974-4d5e-a877-a3e4349ee9c4 
   Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 198 
   Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
 ✗ [Low] Improper Certificate Validation
   ID: 55c9a0a6-4db2-481d-8987-f1815198e8ad 
   Path: tests/e2e/util.go, line 1478 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: 5c6eaed7-24e8-4359-8863-f845b43cfc02 
   Path: tests/e2e/util.go, line 1502 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: 0be1e0fa-6be7-467e-b1b8-2ea9fc82e638 
   Path: tests/e2e/util.go, line 1553 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: e2eae2fb-db28-458a-b584-15706c9ecace 
   Path: tests/e2e/util.go, line 1602 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: a78033fb-9ec0-4558-acf1-8923e53308aa 
   Path: tests/e2e/util.go, line 1628 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: f600c8f4-eb14-433f-905c-2045c5a71c59 
   Path: tests/e2e/util.go, line 1657 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: f37c9078-194c-46cb-807c-5e0da93d74fd 
   Path: tests/e2e/util.go, line 1682 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: cc70c0f4-ad8b-4fb3-bf8e-acd2b95ff437 
   Path: tests/e2e/util.go, line 1716 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: f6caf5bc-a4be-4667-822d-387b087eaa0f 
   Path: tests/e2e/util.go, line 1755 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: 08ef8763-2bd5-44a1-92dd-e62554ea2828 
   Path: tests/e2e/util.go, line 1789 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: 1669ea4d-a061-4549-a4d1-4adefb5d7339 
   Path: tests/e2e/util.go, line 1842 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: 75d0ffb5-a1b2-4f2a-a604-59e45b864e70 
   Path: tests/e2e/util.go, line 1873 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Improper Certificate Validation
   ID: d2580bd2-e3e7-490e-8ceb-d4af44f3a60f 
   Path: tests/e2e/util.go, line 1904 
   Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
 ✗ [Low] Use of Hardcoded Credentials
   ID: 8cec91d5-785c-4fbd-bbbb-69eb00b013e1 
   Path: tests/e2e/e2e_common.go, line 127 
   Info: Do not hardcode passwords in code. Found hardcoded saved in passorwdFilePath.
 ✗ [Low] Use of Hardcoded Credentials
   ID: c4a4d940-8e7c-4686-81b2-3d8916dca2aa 
   Path: tests/e2e/e2e_common.go, line 163 
   Info: Do not hardcode passwords in code. Found hardcoded saved in svcMasterPassword.

from https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/47618/rehearse-47618-pull-ci-openshift-vmware-vsphere-csi-driver-master-security/1745954195053219840

/cc @openshift/storage

@openshift-ci-robot openshift-ci-robot added jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jan 18, 2024
@openshift-ci-robot
Copy link

@dobsonj: This pull request references Jira Issue OCPBUGS-27242, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Ignore these snyk errors. Lots of complaints about hardcoded credentials in e2e and unit tests (but no real credentials and nothing worth fixing IMO).

✗ [Low] Use of Hardcoded Credentials
  ID: 602b9960-4fad-4440-ad69-85dea373fc7c 
  Path: tests/e2e/vsan_stretched_cluster.go, line 131 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: fd883631-52c7-48ee-a6e3-d0f1e13abdb7 
  Path: tests/e2e/config_secret.go, line 95 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: b97e0c3d-7836-4879-959f-fad609a60717 
  Path: tests/e2e/preferential_topology.go, line 107 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 9d1f26a8-b3c5-4828-8e4b-d0679f5e384a 
  Path: tests/e2e/preferential_topology_disruptive.go, line 100 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 98633a4f-05ec-4188-a88b-7beaedf54a96 
  Path: tests/e2e/util.go, line 3808 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 4929863d-2f98-4056-8430-0dba7554fb65 
  Path: tests/e2e/util.go, line 4294 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: c49a1ac0-49ce-4cb3-90d5-63c019e992a9 
  Path: tests/e2e/topology_operation_strom_cases.go, line 96 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 83dc24b4-6a18-49b0-854d-090b6d3e9d9e 
  Path: tests/e2e/topology_multi_replica.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 675c5875-4278-4dfd-8dd6-837ef8dfe8a1 
  Path: tests/e2e/preferential_topology_snapshot.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 82dd36ca-5a65-4942-b109-ecc434c0c2b8 
  Path: tests/e2e/vsan_stretched_cluster_utils.go, line 572 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: d8ae7f8c-7d32-44a4-b5ae-caeabe8b5c91 
  Path: tests/e2e/statefulsets.go, line 90 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 0f50045d-5410-4213-91dd-6a21c175644f 
  Path: tests/e2e/csi_snapshot_basic.go, line 4260 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 107976f0-c220-43a9-8b3a-1b2f1e34a164 
  Path: tests/e2e/topology_site_down_cases.go, line 89 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: f3cd692a-9648-40f1-bbf4-b725f644e49a 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 51 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 47c4eee8-9ec0-4de2-8ecc-7ec70d23bf4a 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 68 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: cbc3ad3f-dece-4e87-b6e9-3d77b2ab55c1 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 84 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 66be7770-6bba-4f87-a373-e46ed733003d 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 100 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: b9f42bae-389c-4cc3-b1e2-2b6688157b9c 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 896ffd96-5066-4e9d-9c02-f3499a9197e7 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 140 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: dd73e424-0ab8-42fa-a560-4c14bd804051 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 159 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 9814ba4d-f9f9-49e1-aa4e-9823ebcf77f7 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 178 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: a7a99ac0-f974-4d5e-a877-a3e4349ee9c4 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 198 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Improper Certificate Validation
  ID: 55c9a0a6-4db2-481d-8987-f1815198e8ad 
  Path: tests/e2e/util.go, line 1478 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 5c6eaed7-24e8-4359-8863-f845b43cfc02 
  Path: tests/e2e/util.go, line 1502 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 0be1e0fa-6be7-467e-b1b8-2ea9fc82e638 
  Path: tests/e2e/util.go, line 1553 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: e2eae2fb-db28-458a-b584-15706c9ecace 
  Path: tests/e2e/util.go, line 1602 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: a78033fb-9ec0-4558-acf1-8923e53308aa 
  Path: tests/e2e/util.go, line 1628 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f600c8f4-eb14-433f-905c-2045c5a71c59 
  Path: tests/e2e/util.go, line 1657 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f37c9078-194c-46cb-807c-5e0da93d74fd 
  Path: tests/e2e/util.go, line 1682 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: cc70c0f4-ad8b-4fb3-bf8e-acd2b95ff437 
  Path: tests/e2e/util.go, line 1716 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f6caf5bc-a4be-4667-822d-387b087eaa0f 
  Path: tests/e2e/util.go, line 1755 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 08ef8763-2bd5-44a1-92dd-e62554ea2828 
  Path: tests/e2e/util.go, line 1789 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 1669ea4d-a061-4549-a4d1-4adefb5d7339 
  Path: tests/e2e/util.go, line 1842 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 75d0ffb5-a1b2-4f2a-a604-59e45b864e70 
  Path: tests/e2e/util.go, line 1873 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: d2580bd2-e3e7-490e-8ceb-d4af44f3a60f 
  Path: tests/e2e/util.go, line 1904 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Use of Hardcoded Credentials
  ID: 8cec91d5-785c-4fbd-bbbb-69eb00b013e1 
  Path: tests/e2e/e2e_common.go, line 127 
  Info: Do not hardcode passwords in code. Found hardcoded saved in passorwdFilePath.
✗ [Low] Use of Hardcoded Credentials
  ID: c4a4d940-8e7c-4686-81b2-3d8916dca2aa 
  Path: tests/e2e/e2e_common.go, line 163 
  Info: Do not hardcode passwords in code. Found hardcoded saved in svcMasterPassword.

from https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/47618/rehearse-47618-pull-ci-openshift-vmware-vsphere-csi-driver-master-security/1745954195053219840

/cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from a team January 18, 2024 17:29
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dobsonj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 18, 2024
@dobsonj dobsonj mentioned this pull request Jan 18, 2024
Merged
@jsafrane
Copy link

/lgtm

@jsafrane
Copy link

/override ci/prow/e2e-vsphere-ovn-upgrade

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 19, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 19, 2024

@jsafrane: Overrode contexts on behalf of jsafrane: ci/prow/e2e-vsphere-ovn-upgrade

In response to this:

/override ci/prow/e2e-vsphere-ovn-upgrade

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 19, 2024

@dobsonj: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-zones fe8188b link false /test e2e-vsphere-zones

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit d6fd03a into openshift:master Jan 19, 2024
9 of 10 checks passed
@openshift-ci-robot
Copy link

@dobsonj: Jira Issue OCPBUGS-27242: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-27242 has not been moved to the MODIFIED state.

In response to this:

Ignore these snyk errors. Lots of complaints about hardcoded credentials in e2e and unit tests (but no real credentials and nothing worth fixing IMO).

✗ [Low] Use of Hardcoded Credentials
  ID: 602b9960-4fad-4440-ad69-85dea373fc7c 
  Path: tests/e2e/vsan_stretched_cluster.go, line 131 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: fd883631-52c7-48ee-a6e3-d0f1e13abdb7 
  Path: tests/e2e/config_secret.go, line 95 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: b97e0c3d-7836-4879-959f-fad609a60717 
  Path: tests/e2e/preferential_topology.go, line 107 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 9d1f26a8-b3c5-4828-8e4b-d0679f5e384a 
  Path: tests/e2e/preferential_topology_disruptive.go, line 100 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 98633a4f-05ec-4188-a88b-7beaedf54a96 
  Path: tests/e2e/util.go, line 3808 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 4929863d-2f98-4056-8430-0dba7554fb65 
  Path: tests/e2e/util.go, line 4294 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: c49a1ac0-49ce-4cb3-90d5-63c019e992a9 
  Path: tests/e2e/topology_operation_strom_cases.go, line 96 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 83dc24b4-6a18-49b0-854d-090b6d3e9d9e 
  Path: tests/e2e/topology_multi_replica.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 675c5875-4278-4dfd-8dd6-837ef8dfe8a1 
  Path: tests/e2e/preferential_topology_snapshot.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 82dd36ca-5a65-4942-b109-ecc434c0c2b8 
  Path: tests/e2e/vsan_stretched_cluster_utils.go, line 572 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: d8ae7f8c-7d32-44a4-b5ae-caeabe8b5c91 
  Path: tests/e2e/statefulsets.go, line 90 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 0f50045d-5410-4213-91dd-6a21c175644f 
  Path: tests/e2e/csi_snapshot_basic.go, line 4260 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: 107976f0-c220-43a9-8b3a-1b2f1e34a164 
  Path: tests/e2e/topology_site_down_cases.go, line 89 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in User.
✗ [Low] Use of Hardcoded Credentials
  ID: f3cd692a-9648-40f1-bbf4-b725f644e49a 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 51 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 47c4eee8-9ec0-4de2-8ecc-7ec70d23bf4a 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 68 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: cbc3ad3f-dece-4e87-b6e9-3d77b2ab55c1 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 84 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 66be7770-6bba-4f87-a373-e46ed733003d 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 100 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: b9f42bae-389c-4cc3-b1e2-2b6688157b9c 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 120 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 896ffd96-5066-4e9d-9c02-f3499a9197e7 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 140 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: dd73e424-0ab8-42fa-a560-4c14bd804051 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 159 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: 9814ba4d-f9f9-49e1-aa4e-9823ebcf77f7 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 178 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Use of Hardcoded Credentials
  ID: a7a99ac0-f974-4d5e-a877-a3e4349ee9c4 
  Path: pkg/syncer/admissionhandler/validatepvcannotationforvolumehealth_test.go, line 198 
  Info: Do not hardcode credentials in code. Found hardcoded credential used in _.
✗ [Low] Improper Certificate Validation
  ID: 55c9a0a6-4db2-481d-8987-f1815198e8ad 
  Path: tests/e2e/util.go, line 1478 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 5c6eaed7-24e8-4359-8863-f845b43cfc02 
  Path: tests/e2e/util.go, line 1502 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 0be1e0fa-6be7-467e-b1b8-2ea9fc82e638 
  Path: tests/e2e/util.go, line 1553 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: e2eae2fb-db28-458a-b584-15706c9ecace 
  Path: tests/e2e/util.go, line 1602 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: a78033fb-9ec0-4558-acf1-8923e53308aa 
  Path: tests/e2e/util.go, line 1628 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f600c8f4-eb14-433f-905c-2045c5a71c59 
  Path: tests/e2e/util.go, line 1657 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f37c9078-194c-46cb-807c-5e0da93d74fd 
  Path: tests/e2e/util.go, line 1682 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: cc70c0f4-ad8b-4fb3-bf8e-acd2b95ff437 
  Path: tests/e2e/util.go, line 1716 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: f6caf5bc-a4be-4667-822d-387b087eaa0f 
  Path: tests/e2e/util.go, line 1755 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 08ef8763-2bd5-44a1-92dd-e62554ea2828 
  Path: tests/e2e/util.go, line 1789 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 1669ea4d-a061-4549-a4d1-4adefb5d7339 
  Path: tests/e2e/util.go, line 1842 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: 75d0ffb5-a1b2-4f2a-a604-59e45b864e70 
  Path: tests/e2e/util.go, line 1873 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Improper Certificate Validation
  ID: d2580bd2-e3e7-490e-8ceb-d4af44f3a60f 
  Path: tests/e2e/util.go, line 1904 
  Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Low] Use of Hardcoded Credentials
  ID: 8cec91d5-785c-4fbd-bbbb-69eb00b013e1 
  Path: tests/e2e/e2e_common.go, line 127 
  Info: Do not hardcode passwords in code. Found hardcoded saved in passorwdFilePath.
✗ [Low] Use of Hardcoded Credentials
  ID: c4a4d940-8e7c-4686-81b2-3d8916dca2aa 
  Path: tests/e2e/e2e_common.go, line 163 
  Info: Do not hardcode passwords in code. Found hardcoded saved in svcMasterPassword.

from https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/47618/rehearse-47618-pull-ci-openshift-vmware-vsphere-csi-driver-master-security/1745954195053219840

/cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-bot
Copy link

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-vmware-vsphere-csi-driver-container-v4.16.0-202401191549.p0.gd6fd03a.assembly.stream for distgit ose-vmware-vsphere-csi-driver.
All builds following this will include this PR.

@openshift-ci-robot openshift-ci-robot mentioned this pull request Jan 19, 2024
Merged
@openshift-merge-robot
Copy link

Fix included in accepted release 4.16.0-0.nightly-2024-01-21-092529

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jsafrane jsafrane

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dobsonj @openshift-ci-robot @jsafrane @openshift-bot @openshift-merge-robot