Skip to content

OCPBUGS-1428: fix service account token secret reference (#2862) #396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 17, 2022
Merged

OCPBUGS-1428: fix service account token secret reference (#2862) #396

merged 1 commit into from
Nov 17, 2022

Conversation

awgreene
Copy link
Contributor

Problem: The filterSecretsBySAName function attempts to identify all service account token secrets related to a serviceAccount. To do so, the filterSecretsBySAName function uses a range-for loop to iterate over entries in the secrets argument. If a valid service account token secret is found, a pointer to the range-for loop's value variable is added to a map of results. Unfortunately, if a valid entry is found in the middle of the list of secrets, the value returned by the range-for loop is updated, causes the entry in the map to change.

Solution: Add a pointer to the actual secret instead of the range-for loop's value variable.

Signed-off-by: Alexander Greene [email protected]

Upstream-repository: operator-lifecycle-manager
Upstream-commit: caab6c52ec532dc82c7178eebb0377bd80d1e82a

@awgreene
(bug) Fix service account token secret reference (#2862)
76f19a2 
Problem: The filterSecretsBySAName function attempts to identify all
service account token secrets related to a serviceAccount. To do so,
the filterSecretsBySAName function uses a range-for loop to iterate
over entries in the secrets argument. If a valid service account token
secret is found, a pointer to the range-for loop's value variable is
added to a map of results. Unfortunately, if a valid entry is found in
the middle of the list of secrets, the value returned by the range-for
loop is updated, causes the entry in the map to change.

Solution: Add a pointer to the actual secret instead of the range-for
loop's value variable.

Signed-off-by: Alexander Greene <[email protected]>

Upstream-repository: operator-lifecycle-manager
Upstream-commit: caab6c52ec532dc82c7178eebb0377bd80d1e82a
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 30, 2022
@awgreene awgreene changed the title (bug) Fix service account token secret reference (#2862) OCPBUGS-1428: fix service account token secret reference (#2862) Sep 30, 2022
@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Sep 30, 2022
@openshift-ci-robot
Copy link

@awgreene: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Problem: The filterSecretsBySAName function attempts to identify all service account token secrets related to a serviceAccount. To do so, the filterSecretsBySAName function uses a range-for loop to iterate over entries in the secrets argument. If a valid service account token secret is found, a pointer to the range-for loop's value variable is added to a map of results. Unfortunately, if a valid entry is found in the middle of the list of secrets, the value returned by the range-for loop is updated, causes the entry in the map to change.

Solution: Add a pointer to the actual secret instead of the range-for loop's value variable.

Signed-off-by: Alexander Greene [email protected]

Upstream-repository: operator-lifecycle-manager
Upstream-commit: caab6c52ec532dc82c7178eebb0377bd80d1e82a

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Xia-Zhao-rh
Copy link

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Oct 8, 2022
@Xia-Zhao-rh
Copy link

/retest

3 similar comments
@awgreene
Copy link
Contributor Author

/retest

@Xia-Zhao-rh
Copy link

/retest

@Xia-Zhao-rh
Copy link

/retest

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is invalid:

  • expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Nov 2, 2022
@openshift-ci-robot
Copy link

@jianzhangbjz: This pull request references Jira Issue OCPBUGS-1428, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @Xia-Zhao-rh

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Nov 2, 2022
@openshift-ci openshift-ci bot requested a review from Xia-Zhao-rh November 2, 2022 03:14
@awgreene
Copy link
Contributor Author

awgreene commented Nov 4, 2022

/retest

@Xia-Zhao-rh
Copy link

/retest

1 similar comment
@awgreene
Copy link
Contributor Author

/retest

@awgreene
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot
Copy link

@awgreene: This pull request references Jira Issue OCPBUGS-1428, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @Xia-Zhao-rh

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@oceanc80
Copy link
Contributor

/lgtm

dinhxuanvu
dinhxuanvu approved these changes Nov 16, 2022
View reviewed changes
Copy link
Member

@dinhxuanvu dinhxuanvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 16, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 16, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awgreene, dinhxuanvu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [awgreene,dinhxuanvu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Xia-Zhao-rh
Copy link

/retest

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 17, 2022

@awgreene: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit 104da7e into openshift:master Nov 17, 2022
@openshift-ci-robot
Copy link

@awgreene: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-1428 has been moved to the MODIFIED state.

In response to this:

Problem: The filterSecretsBySAName function attempts to identify all service account token secrets related to a serviceAccount. To do so, the filterSecretsBySAName function uses a range-for loop to iterate over entries in the secrets argument. If a valid service account token secret is found, a pointer to the range-for loop's value variable is added to a map of results. Unfortunately, if a valid entry is found in the middle of the list of secrets, the value returned by the range-for loop is updated, causes the entry in the map to change.

Solution: Add a pointer to the actual secret instead of the range-for loop's value variable.

Signed-off-by: Alexander Greene [email protected]

Upstream-repository: operator-lifecycle-manager
Upstream-commit: caab6c52ec532dc82c7178eebb0377bd80d1e82a

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@awgreene
Copy link
Contributor Author

/cherry-pick release-4.12

@awgreene awgreene deleted the ocpbugs-1428 branch November 17, 2022 16:20
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Nov 17, 2022
Merged
@openshift-cherrypick-robot
Copy link

@awgreene: new pull request created: #412

In response to this:

/cherry-pick release-4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-bot pushed a commit to openshift-bot/operator-framework-olm that referenced this pull request Mar 15, 2025
@dependabot
Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.0 (openshift#396
8aa5195 
)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.4 to 0.20.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.4...v0.20.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Upstream-repository: api
Upstream-commit: 0879cf09fcb6d753d923363ba032ad70ceabdc1a
@openshift-bot openshift-bot mentioned this pull request Mar 15, 2025
Merged
grokspawn pushed a commit to grokspawn/operator-framework-olm that referenced this pull request Jun 11, 2025
@dependabot @grokspawn
Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.0 (openshift#396
8690ee5 
)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.4 to 0.20.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.19.4...v0.20.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Upstream-repository: api
Upstream-commit: 0879cf09fcb6d753d923363ba032ad70ceabdc1a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinhxuanvu dinhxuanvu dinhxuanvu approved these changes

@benluddy benluddy Awaiting requested review from benluddy

@perdasilva perdasilva Awaiting requested review from perdasilva

@Xia-Zhao-rh Xia-Zhao-rh Awaiting requested review from Xia-Zhao-rh

Assignees

@oceanc80 oceanc80

@dinhxuanvu dinhxuanvu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@awgreene @openshift-ci-robot @Xia-Zhao-rh @jianzhangbjz @oceanc80 @openshift-cherrypick-robot @dinhxuanvu @openshift-merge-robot