OCPBUGS-35855: Wire dry run option to Image API server operations

[ardaguclu]

Some of API servers that run in openshift-apiserver do not support dry run (like Image). So that when user passes --dry-run=server in oc for image related resources (as described in the linked issue), it actually performs the operation instead of simulating the operation and outputs the result. This is unwanted and disruptive behavior that may lead to undesired consequences.

The reason of the issue is dry-run option is not wired through the storage layer of Image. This PR tries to achieve this.

[openshift-ci-robot]

@ardaguclu: This pull request references Jira Issue OCPBUGS-35855, which is invalid:

• expected the bug to target the "4.20.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

API servers that run in openshift-apiserver do not support dry run. So that when user passes --dry-run=server in oc for image related resources (as described in the linked issue), it actually performs the operation instead of simulating the operation and outputs the result. This is unwanted and disruptive behavior that may lead to undesired issues.

As a result, this PR detects the dry run usage from the options (for the commands Create, Update and Delete) and returns bad request to the user. This is backwards compatible change because it is completely wrong performing operations to openshift-apiserver by also passing dry run.

Other resources may experience this problem. However, in order to keep the scope of this PR limited, this PR only focuses on image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

/hold
until pre-merge tests are done and verified that this works.

[ardaguclu]

/jira refresh

[openshift-ci-robot]

@ardaguclu: This pull request references Jira Issue OCPBUGS-35855, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@ardaguclu: This pull request references Jira Issue OCPBUGS-35855, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

API servers that run in openshift-apiserver do not support dry run. So that when user passes --dry-run=server in oc for image related resources (as described in the linked issue), it actually performs the operation instead of simulating the operation and outputs the result. This is unwanted and disruptive behavior that may lead to undesired consequences.

As a result, this PR detects the dry run usage from the options (for the commands Create, Update and Delete) and returns bad request to the user. This is backwards compatible change because it is completely wrong performing operations to openshift-apiserver by also passing dry run.

Other resources may experience this problem. However, in order to keep the scope of this PR limited, this PR only focuses on image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[zhouying7780]

/label qe-approved

[openshift-ci-robot]

@ardaguclu: This pull request references Jira Issue OCPBUGS-35855, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.0) matches configured target version for branch (4.20.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @zhouying7780

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Some of API servers that run in openshift-apiserver do not support dry run (like Image). So that when user passes --dry-run=server in oc for image related resources (as described in the linked issue), it actually performs the operation instead of simulating the operation and outputs the result. This is unwanted and disruptive behavior that may lead to undesired consequences.

The reason of the issue is dry-run option is not wired through the storage layer of Image. This PR tries to achieve this.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ardaguclu]

Tests have completed and patch worked;
/hold cancel

[flavianmissi]

/approve

[p0lyn0mial]

I'm wondering why we don't just pass the entire options object. At the very least, it would work for the update branch, though there's also the create branch to consider.

One benefit would be that we could also keep track of field owners. Maybe that's something we can improve in the future.

For now, would it make sense to create a small helper function that generates the supported options?

For example:

func updateOptionsToSupportedUpdateOptions(opts *metav1.UpdateOptions) *metav1.UpdateOptions {
	if opts == nil {
		return nil
	}
	return &metav1.UpdateOptions{
		DryRun: opts.DryRun,
	}
}

func updateOptionsToSupportedCreateOptions(opts *metav1.UpdateOptions) *metav1.CreateOptions {
	if opts == nil {
		return nil
	}
	return &metav1.CreateOptions{
		DryRun: opts.DryRun,
	}
}

please also consider adding comments to these functions explaining that maybe in the future the list of supported options could be extended (field ownership)

[ardaguclu]

Carrying fieldManager field in options may create conflicts, if there is another resource that uses server side apply. So I deliberately only carry the dry run options which makes this PR is a safe change.
But for the long term I agree with you, fieldManager field can also be carried as well. So that I've applied to your suggestion and moved the logic under helper functions.

Please let me know what you think. Thanks for review.

[ardaguclu]

looks flaky
/retest

[p0lyn0mial]

/lgtm

[ardaguclu]

@p0lyn0mial I forgot to rename all the usages of internalimageutil. I've updated the code. Would you mind tagging again?. Thanks.

[p0lyn0mial]

/lgtm

Also many thanks for the PR!

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, flavianmissi, p0lyn0mial

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/image/OWNERS [flavianmissi,p0lyn0mial]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ardaguclu]

/retest

[openshift-ci]

@ardaguclu: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@ardaguclu: Jira Issue OCPBUGS-35855: Some pull requests linked via external trackers have merged:

• openshift/openshift-apiserver#511

The following pull requests linked via external trackers have not merged:

• openshift/origin#29834 is open

These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-35855 has not been moved to the MODIFIED state.

In response to this:

Some of API servers that run in openshift-apiserver do not support dry run (like Image). So that when user passes --dry-run=server in oc for image related resources (as described in the linked issue), it actually performs the operation instead of simulating the operation and outputs the result. This is unwanted and disruptive behavior that may lead to undesired consequences.

The reason of the issue is dry-run option is not wired through the storage layer of Image. This PR tries to achieve this.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-openshift-apiserver
This PR has been included in build ose-openshift-apiserver-container-v4.20.0-202505271846.p0.g67ae490.assembly.stream.el9.
All builds following this will include this PR.

[wangke19]

/cherry-pick release-4.19

[openshift-cherrypick-robot]

@wangke19: new pull request created: #524

In response to this:

/cherry-pick release-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.