Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-18039

periodic-ci-openshift-release-master-nightly-4.12-credentials-request-freeze failure

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • 4.12.z
    • Networking / router
    • None
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-nightly-4.12-credentials-request-freeze/1694380719461109760 is failing

      Version-Release number of selected component (if applicable):

      Nightlies

      How reproducible:

      100%

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

      Comparing 4.12.0-0.nightly-2023-08-17-171705 ( registry.build03.ci.openshift.org/ci-op-jqdlis84/release@sha256:4f4e786d8d49e4d8cab22c33dbbe25fd7ce3a3ce62fd6933212c46fefd547eed ) credentials requests against the expected requests from 4.12.0-rc.0 ( registry.build03.ci.openshift.org/ci-op-jqdlis84/release@sha256:8a1e9cb09d37cd6180913a629ecfa328b5de98512ba590c440b4097d181130b7 ).
Extracted release payload created at 2022-11-10T19:12:02Z
Extracted release payload created at 2023-08-17T17:18:56Z
diff -ru frozen/0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml latest/0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml
--- frozen/0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml    2023-08-23 16:09:25.548988557 +0000
+++ latest/0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml    2023-08-23 16:09:29.823076247 +0000
@@ -18,6 +18,7 @@
     - action:
       - elasticloadbalancing:DescribeLoadBalancers
       - route53:ListHostedZones
+      - route53:ListTagsForResources
       - route53:ChangeResourceRecordSets
       - tag:GetResources
       effect: Allow
CredentialsRequest manifests in registry.build03.ci.openshift.org/ci-op-jqdlis84/release@sha256:4f4e786d8d49e4d8cab22c33dbbe25fd7ce3a3ce62fd6933212c46fefd547eed diverge from registry.build03.ci.openshift.org/ci-op-jqdlis84/release@sha256:8a1e9cb09d37cd6180913a629ecfa328b5de98512ba590c440b4097d181130b7.  This can cause trouble for Manual credentialsMode clusters ( https://docs.openshift.com/container-platform/4.9/installing/installing_aws/manually-creating-iam.html , and similarly for other clouds) perfoming patch updates (4.y.z -> 4.y.z'), because current Manual-mode guards only apply to minor updates (4.y.z -> 4.(y+1).z').  Find the team who introduced the change, and discuss whether the change is required (and acceptably documented in release notes for folks running Manual-mode clusters), in which case bump the oldest-supported-credentials-request config for the job to freeze on the new state ( grep for oldest-supported-credentials-request to find config locations like https://github.com/openshift/release/blob/0c7ecf26dfc04f9c64632e34d7a5ebcf42d69b99/ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml#L74-L77 ).  Until https://issues.redhat.com/browse/DPTP-2731 is implemented, you will need to wait for a new candidate payload that includes your changes to be available before bumping this value.  If you decide the change is not required, have the relevant team revert their change.

      Expected results:

       

      Additional info:

      OCPBUGS-15467 backported this change to 4.12

            mmasters1@redhat.com Miciah Masters
            angoldst@redhat.com Andy Goldstein (Inactive)
            Melvin Joseph Melvin Joseph
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: