Skip to content

OCPBUGS-17733: [release-4.13] remove shared VPC cred request#972

Merged
openshift-merge-robot merged 1 commit intoopenshift:release-4.13from
patrickdillon:413-drop-shared-vpc-cred-req
Aug 15, 2023
Merged

OCPBUGS-17733: [release-4.13] remove shared VPC cred request#972
openshift-merge-robot merged 1 commit intoopenshift:release-4.13from
patrickdillon:413-drop-shared-vpc-cred-req

Conversation

@patrickdillon
Copy link
Contributor

@patrickdillon patrickdillon commented Aug 14, 2023

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

@patrickdillon
[release-4.13] remove shared VPC cred request
fef0db0 
Backporting credential requests has the potential of breaking upgrades,
specifically if clusters are running in mint mode and have removed
the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS
shared VPC feature. The rest of the feature remains intact so that
it can be utilized by managed services which does not depend on
credential requests.
@openshift-ci openshift-ci bot requested review from candita and rfredette August 14, 2023 20:20
@gcs278
Copy link
Contributor

gcs278 commented Aug 14, 2023

/assign @gcs278

@patrickdillon
Copy link
Contributor Author

patrickdillon commented Aug 15, 2023

/retitle OCPBUGS-17733: [release-4.13] remove shared VPC cred request

@patrickdillon
Copy link
Contributor Author

patrickdillon commented Aug 15, 2023

/jira refresh

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Aug 15, 2023

@patrickdillon: No Jira issue is referenced in the title of this pull request.
To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@patrickdillon patrickdillon changed the title [release-4.13] remove shared VPC cred request OCPBUGS-17733: [release-4.13] remove shared VPC cred request Aug 15, 2023
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels Aug 15, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Aug 15, 2023

@patrickdillon: This pull request references Jira Issue OCPBUGS-17733, which is invalid:

  • expected Jira Issue OCPBUGS-17733 to depend on a bug targeting a version in 4.14.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Aug 15, 2023
@patrickdillon
Copy link
Contributor Author

patrickdillon commented Aug 15, 2023

This pull request references Jira Issue OCPBUGS-17733, which is invalid:

expected Jira Issue OCPBUGS-17733 to depend on a bug targeting a version in 4.14.0 and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

We will need to override this, as this bug is directly applicable to 4.13. There is no 4.14 bug.

@gcs278
Copy link
Contributor

gcs278 commented Aug 15, 2023

Pod pending timeout. - Something unexpected happened with CI infra.
/retest

@gcs278
Copy link
Contributor

gcs278 commented Aug 15, 2023

Thanks for this fix. Sounds like we are all on the same page with reverting this change. Will still need someone to apply jira/valid-bug label, but I'll approve and lgtm in preparation. CC: @Miciah
/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 15, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 15, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gcs278

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 15, 2023
@Miciah
Copy link
Contributor

Miciah commented Aug 15, 2023

#966 added the sts:AssumeRole permission to the CredentialsRequest, and #966 is in the 4.13.9 release. #966 is expected to cause problems on clusters that run cloud-credential-operator in mint mode where the root secret has been removed. For this reason, upgrades to 4.13.9 will be conditionally blocked for potentially impacted clusters. #972 removes the permission and is intended to ship in the next z-stream release to avoid causing these problems.
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Aug 15, 2023
@sdodson sdodson added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 15, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Aug 15, 2023

/retest-required

Remaining retests: 0 against base HEAD 78a28b2 and 2 for PR HEAD fef0db0 in total

@Miciah
Copy link
Contributor

Miciah commented Aug 15, 2023

e2e-aws-ovn failed, but the error is unrelated to the changes in this PR.
/override ci/prow/e2e-aws-ovn

@patrickdillon patrickdillon mentioned this pull request Aug 15, 2023
Merged
@Miciah
Copy link
Contributor

Miciah commented Aug 15, 2023

/override ci/prow/e2e-aws-ovn

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 15, 2023

@Miciah: Overrode contexts on behalf of Miciah: ci/prow/e2e-aws-ovn

Details

In response to this:

/override ci/prow/e2e-aws-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot openshift-merge-robot merged commit 2ecad04 into openshift:release-4.13 Aug 15, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 15, 2023

@Miciah: Overrode contexts on behalf of Miciah: ci/prow/e2e-aws-ovn

Details

In response to this:

e2e-aws-ovn failed, but the error is unrelated to the changes in this PR.
/override ci/prow/e2e-aws-ovn

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Aug 15, 2023

@patrickdillon: Jira Issue OCPBUGS-17733: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-17733 has been moved to the MODIFIED state.

Details

In response to this:

Backporting credential requests has the potential of breaking upgrades, specifically if clusters are running in mint mode and have removed the root credentials during z-stream upgrades.

This commit removes the 4.13 bump to the cred request for the AWS shared VPC feature. The rest of the feature remains intact so that it can be utilized by managed services which does not depend on credential requests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 15, 2023

@patrickdillon: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-single-node fef0db0 link false /test e2e-aws-ovn-single-node

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Aug 24, 2023

Fix included in accepted release 4.13.0-0.nightly-2023-08-24-052924

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@candita candita Awaiting requested review from candita

@rfredette rfredette Awaiting requested review from rfredette

Assignees

@gcs278 gcs278

@lihongan lihongan

@melvinjoseph86 melvinjoseph86

@ShudiLi ShudiLi

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@patrickdillon @gcs278 @openshift-ci-robot @Miciah @openshift-merge-robot @sdodson @lihongan @melvinjoseph86 @ShudiLi