search

openshift / image-registry

OpenShift cluster image registry
Apache License 2.0
44 stars 73 forks source link

OCPBUGS-35335: use SelfAccessReview to obtain user info #404

Closed flavianmissi closed 3 months ago

flavianmissi commented 3 months ago

This fixes cases where openshift is running with external users (and the user api is unavailable).

Note that the SelfAccessReview is new on k8s 1.28, and we had vendored 1.27 so I had to upgrade to the latest. Because of this api bump, backports will have to be made manually, bumping the openshift and k8s api corresponding to the openshift version (1.29 for 4.16, 1.28 for 4.15).

openshift-ci-robot commented 3 months ago

@flavianmissi: This pull request references Jira Issue OCPBUGS-35335, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/image-registry/pull/404): >This fixes cases where openshift is running with external users (and the user api is unavailable). > >--- > >Note that the SelfAccessReview is new on k8s 1.28, and we had vendored 1.27 so I had to upgrade to the latest. >Because of this api bump, backports will have to be made manually, bumping the openshift and k8s api corresponding to the openshift version (1.29 for 4.16, 1.28 for 4.15). Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fimage-registry). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
flavianmissi commented 3 months ago

/jira refresh

openshift-ci-robot commented 3 months ago

@flavianmissi: This pull request references Jira Issue OCPBUGS-35335, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @xiuwang

In response to [this](https://github.com/openshift/image-registry/pull/404#issuecomment-2167982710): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fimage-registry). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
flavianmissi commented 3 months ago

/assign @dmage

flavianmissi commented 3 months ago

so far the test failures look unrelated to the changes.. /retest

flavianmissi commented 3 months ago

test failures are unrelated to the changes in this PR /retest

xiuwang commented 3 months ago

/label qe-approved /label cherry-pick-approved

Launch a hypershift hosted cluster using payload image which built from this code. And configure external oidc auth for HCP cluster. Run the failed image registry cases in 4.15-amd64-nightly-aws-rosa-hcp-capi-stage-f7 , all suitable cases are passed.

openshift-ci-robot commented 3 months ago

@flavianmissi: This pull request references Jira Issue OCPBUGS-35335, which is valid.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @xiuwang

In response to [this](https://github.com/openshift/image-registry/pull/404): >This fixes cases where openshift is running with external users (and the user api is unavailable). > >--- > >Note that the SelfAccessReview is new on k8s 1.28, and we had vendored 1.27 so I had to upgrade to the latest. >Because of this api bump, backports will have to be made manually, bumping the openshift and k8s api corresponding to the openshift version (1.29 for 4.16, 1.28 for 4.15). Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fimage-registry). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci[bot] commented 3 months ago

@flavianmissi: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
dmage commented 3 months ago

/lgtm

openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dmage, flavianmissi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/image-registry/blob/master/OWNERS)~~ [dmage,flavianmissi] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dmage, flavianmissi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/image-registry/blob/master/OWNERS)~~ [dmage,flavianmissi] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 3 months ago

@flavianmissi: Jira Issue OCPBUGS-35335: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-35335 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/image-registry/pull/404): >This fixes cases where openshift is running with external users (and the user api is unavailable). > >--- > >Note that the SelfAccessReview is new on k8s 1.28, and we had vendored 1.27 so I had to upgrade to the latest. >Because of this api bump, backports will have to be made manually, bumping the openshift and k8s api corresponding to the openshift version (1.29 for 4.16, 1.28 for 4.15). Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fimage-registry). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-bot commented 3 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-registry-container-v4.17.0-202406171342.p0.gf6ef41b.assembly.stream.el9 for distgit openshift-enterprise-registry. All builds following this will include this PR.