Skip to content

OCPBUGS-5294: backport cert rotation fix #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 16, 2023
Merged

OCPBUGS-5294: backport cert rotation fix #428

merged 4 commits into from
Jan 16, 2023

Conversation

perdasilva
Copy link
Contributor

Problem: There was a bug in fixed in 4.11 where the operator service certificates were not being rotated properly. The current bug asks use to backport those fixed to 4.10

The backported commits are:

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 13, 2023

@perdasilva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-5294: backport cert rotation fix

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jan 13, 2023
@openshift-ci-robot
Copy link

@perdasilva: This pull request references Jira Issue OCPBUGS-5294, which is invalid:

  • expected Jira Issue OCPBUGS-5294 to depend on a bug targeting a version in 4.11.0, 4.11.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Problem: There was a bug in fixed in 4.11 where the operator service certificates were not being rotated properly. The current bug asks use to backport those fixed to 4.10

The backported commits are:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from dinhxuanvu and hasbro17 January 13, 2023 11:06
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 13, 2023
@perdasilva
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot
Copy link

@perdasilva: This pull request references Jira Issue OCPBUGS-5294, which is invalid:

  • bug is open, matching expected state (open)
  • bug target version (4.10.z) matches configured target version for branch (4.10.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • bug has dependents
  • dependent bug OCPBUGSM-36848 is not in the required OCPBUGS project

All dependent bugs must be part of the OCPBUGS project. If you are backporting a fix that was originally tracked in Bugzilla, follow these steps to handle the backport:

  1. Create a new bug in the OCPBUGS Jira project to match the original bugzilla bug. The important fields that should match are the title, description, target version, and status.
  2. Use the Jira UI to clone the Jira bug, then in the clone bug:
    a. Set the target version to the release you are cherrypicking to.
    b. Add an issue link “is blocked by”, which links to the original jira bug
  3. Use the cherrypick github command to create the cherrypicked PR. Once that new PR is created, retitle the PR and replace the BUG XXX: with OCPBUGS-XXX: to match the new Jira story.

Note that the mirrored bug in OCPBUGSM should not be involved in this process at all.

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@perdasilva
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jan 13, 2023
@openshift-ci-robot
Copy link

@perdasilva: This pull request references Jira Issue OCPBUGS-5294, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.10.z) matches configured target version for branch (4.10.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-5819 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE))
  • dependent Jira Issue OCPBUGS-5819 targets the "4.11.z" version, which is one of the valid target versions: 4.11.0, 4.11.z
  • bug has dependents

Requesting review from QA contact:
/cc @jianzhangbjz

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from jianzhangbjz January 13, 2023 11:12
@perdasilva perdasilva force-pushed the OCPBUGS-5294-backport-cert-rotation-fix branch from 8c36965 to 7347755 Compare January 13, 2023 13:32
perdasilva and others added 4 commits January 13, 2023 14:50
@perdasilva
update vendor
3b709d3 
Signed-off-by: perdasilva <[email protected]>
@perdasilva
Add importas linting configuration to enforce common package import n…
60cd997 
…aming (#2715)

    * Add importas linting configuration to enforce common package import naming

    Signed-off-by: timflannagan <[email protected]>

    * cmd,pkg,test: Fix linting violations

    Signed-off-by: timflannagan <[email protected]>

Upstream-repository: operator-lifecycle-manager
Upstream-commit: 2194336a87354972a9bc7ea93395571f83147cf6
Signed-off-by: perdasilva <[email protected]>
@perdasilva
Fix csv.status.RotatedAt update (#2752)
4bf7fe7 
Signed-off-by: Per Goncalves da Silva <[email protected]>
Signed-off-by: perdasilva <[email protected]>

Co-authored-by: Per Goncalves da Silva <[email protected]>
Upstream-repository: operator-lifecycle-manager
Upstream-commit: d87319abbd63a0553bd6d37f9125faba7bd40fd5
@perdasilva
Refactor installer to surface certificate rotation (#2775)
f778e0d 
Signed-off-by: perdasilva <[email protected]>
Upstream-repository: operator-lifecycle-manager
Upstream-commit: 9ced412f3e263b8827680dc0ad3477327cd9a508
@perdasilva perdasilva force-pushed the OCPBUGS-5294-backport-cert-rotation-fix branch from 7347755 to f778e0d Compare January 13, 2023 13:55
@perdasilva
Copy link
Contributor Author

/retest

1 similar comment
@perdasilva
Copy link
Contributor Author

/retest

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 15, 2023

@perdasilva: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jianzhangbjz
Copy link
Contributor

Passed, details: https://issues.redhat.com/browse/OCPBUGS-5294
/cherry-pick approved
/lgtm

@openshift-cherrypick-robot
Copy link

@jianzhangbjz: once the present PR merges, I will cherry-pick it on top of approved in a new PR and assign it to you.

In response to this:

Passed, details: https://issues.redhat.com/browse/OCPBUGS-5294
/cherry-pick approved
/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianzhangbjz
Copy link
Contributor

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jan 16, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 16, 2023
@perdasilva
Copy link
Contributor Author

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Jan 16, 2023
@openshift-merge-robot openshift-merge-robot merged commit 8892eeb into openshift:release-4.10 Jan 16, 2023
@openshift-ci-robot
Copy link

@perdasilva: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-5294 has been moved to the MODIFIED state.

In response to this:

Problem: There was a bug in fixed in 4.11 where the operator service certificates were not being rotated properly. The current bug asks use to backport those fixed to 4.10

The backported commits are:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot
Copy link

@jianzhangbjz: cannot checkout approved: error checking out approved: exit status 1. output: error: pathspec 'approved' did not match any file(s) known to git

In response to this:

Passed, details: https://issues.redhat.com/browse/OCPBUGS-5294
/cherry-pick approved
/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinhxuanvu dinhxuanvu Awaiting requested review from dinhxuanvu

@hasbro17 hasbro17 Awaiting requested review from hasbro17

@jianzhangbjz jianzhangbjz Awaiting requested review from jianzhangbjz

Assignees

@bandrade bandrade

@jianzhangbjz jianzhangbjz

@kuiwang02 kuiwang02

@Xia-Zhao-rh Xia-Zhao-rh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@perdasilva @openshift-ci-robot @jianzhangbjz @openshift-cherrypick-robot @bandrade @openshift-merge-robot @kuiwang02 @Xia-Zhao-rh