Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.16] NO-JIRA: quota.sh: 4.16 no longer creates legacy API tokens #28810

Merged
merged 1 commit into from
May 20, 2024
Merged

[release-4.16] NO-JIRA: quota.sh: 4.16 no longer creates legacy API tokens #28810

merged 1 commit into from
May 20, 2024

Conversation

openshift-cherrypick-robot
Copy link

This is an automated cherry-pick of #28808

/assign petr-muller

@petr-muller
quota.sh: OCP 4.16 no longer creates legacy API tokens
e56469f 
The `quota.sh` testcase is making assumptions on how many secrets are automatically created in namespaces, and this number is lower in OCP 4.16.

Context provided by Luis Sanchez:
> As of OCP 4.11, service account API token secrets (now referred to as “legacy”) were no longer generated automatically for each service account.
> All users were supposed to migrate to using the TokenRequest API.
>  Unfortunately, the integrated image registry was also generating a legacy service account API token for its own use, and some users started to accidentally pick up the token intended for the image registry and missed migrating to the TokenRequest API.
> Starting in v4.15, if the image registry is not enabled, the tokens will not be generated. The image registry is still enabled by default, so again another missed opportunity to catch people not using the TokenRequest API.
> Finally, in v4.16 the image registry no longer generates the legacy service account API token at all.

Based on the above, it seems that the testcase should be improved to expect some specific conditions (and e.g. dont allow high numbers for 4.16 clusters) but @soltysh indicated there's an intent to port this testcase to Go, so any logic improvements will be done at that time and for now we can just allow several smaller counts.
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 17, 2024
Merged
@openshift-ci openshift-ci bot requested review from knobunc and p0lyn0mial May 17, 2024 17:14
soltysh
soltysh approved these changes May 17, 2024
View reviewed changes
Copy link
Member

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label May 17, 2024
@soltysh
Copy link
Member

soltysh commented May 17, 2024

/label acknowledge-critical-fixes-only

@openshift-ci openshift-ci bot added acknowledge-critical-fixes-only Indicates if the issuer of the label is OK with the policy. lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 17, 2024
LalatenduMohanty
LalatenduMohanty approved these changes May 17, 2024
View reviewed changes
Copy link
Member

@LalatenduMohanty LalatenduMohanty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LalatenduMohanty, openshift-cherrypick-robot, soltysh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 17, 2024
edited

@openshift-cherrypick-robot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-single-node-upgrade e56469f link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-vsphere-ovn-dualstack-primaryv6 e56469f link false /test e2e-vsphere-ovn-dualstack-primaryv6
ci/prow/e2e-aws-ovn-single-node-serial e56469f link false /test e2e-aws-ovn-single-node-serial
ci/prow/e2e-aws-ovn-upgrade e56469f link false /test e2e-aws-ovn-upgrade
ci/prow/e2e-metal-ipi-ovn-dualstack-local-gateway e56469f link false /test e2e-metal-ipi-ovn-dualstack-local-gateway

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ardaguclu ardaguclu mentioned this pull request May 20, 2024
Merged
@soltysh soltysh added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels May 20, 2024
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 3aac758 and 2 for PR HEAD e56469f in total

@openshift-merge-bot openshift-merge-bot bot merged commit 3c10005 into openshift:release-4.16 May 20, 2024
21 of 26 checks passed
@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-tests-container-v4.16.0-202405201532.p0.g3c10005.assembly.stream.el9 for distgit openshift-enterprise-tests.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soltysh soltysh soltysh approved these changes

@LalatenduMohanty LalatenduMohanty LalatenduMohanty approved these changes

@knobunc knobunc Awaiting requested review from knobunc

@p0lyn0mial p0lyn0mial Awaiting requested review from p0lyn0mial

Assignees

@dgoodwin dgoodwin

@petr-muller petr-muller

@adambkaplan adambkaplan

@sayan-biswas sayan-biswas

@kasturinarra kasturinarra

@jadhaj jadhaj

@pamoedom pamoedom

@jitendar-singh jitendar-singh

@prietyc123 prietyc123

@gangwgr gangwgr

Labels
acknowledge-critical-fixes-only Indicates if the issuer of the label is OK with the policy. approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet