OCPBUGS-36183: pkg/cli/admin/prune/renderedmachineconfigs: 'Error dry-run deleting'

openshift / oc

The OpenShift Command Line, part of OKD

https://www.openshift.org

Apache License 2.0

196 stars 377 forks source link

OCPBUGS-36183: pkg/cli/admin/prune/renderedmachineconfigs: 'Error dry-run deleting' #1807

Closed wking closed 3 months ago

wking commented 3 months ago

The old wording like:

$ oc adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e: deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
...

and:

$ oc --as system:admin adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
DRY RUN: Deleted rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e
...

spooked me by not being really explicit that dry-run API calls were being made. Bumping the logging:

$ oc --v=8 adm prune renderedmachineconfigs
...
I0625 10:49:36.291173    7200 request.go:1212] Request Body: {"kind":"DeleteOptions","apiVersion":"machineconfiguration.openshift.io/v1","dryRun":["All"]}
I0625 10:49:36.291209    7200 round_trippers.go:463] DELETE https://api.build02.gcp.ci.openshift.org:6443/apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-master-3fff60688940de967f8aa44e5aa0e87e
...

shows "dryRun":["All"]. But this commit moves us to really explicitly dry-run wording like:

$ ./oc adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Error dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
...

and:

$ ./oc --as system:admin adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e
...

While the --confirm output now looks like:

$ ./oc adm prune renderedmachineconfigs --confirm
Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
...

and:

$ ./oc --as system:admin adm prune renderedmachineconfigs --confirm
deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e
...

openshift-ci-robot commented 3 months ago

@wking: This pull request references Jira Issue OCPBUGS-36183, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @sergiordlr

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/oc/pull/1807): >The old wording like: > >```console >$ oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e: deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >DRY RUN: Deleted rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >spooked my by not being really explicit that dry-run API calls were being made. Bumping the logging: > >```console >$ oc --v=8 adm prune renderedmachineconfigs >... >I0625 10:49:36.291173 7200 request.go:1212] Request Body: {"kind":"DeleteOptions","apiVersion":"machineconfiguration.openshift.io/v1","dryRun":["All"]} >I0625 10:49:36.291209 7200 round_trippers.go:463] DELETE https://api.build02.gcp.ci.openshift.org:6443/apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` >shows `"dryRun":["All"]`. But this commit moves us to really explicitly dry-run wording like: > >```console >$ ./oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >While the `--confirm` output now looks like: > >```console >$ ./oc adm prune renderedmachineconfigs --confirm >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs --confirm >deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

openshift-ci-robot commented 3 months ago

@wking: This pull request references Jira Issue OCPBUGS-36183, which is valid.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @sergiordlr

In response to [this](https://github.com/openshift/oc/pull/1807): >The old wording like: > >```console >$ oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e: deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >DRY RUN: Deleted rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >spooked me by not being really explicit that dry-run API calls were being made. Bumping the logging: > >```console >$ oc --v=8 adm prune renderedmachineconfigs >... >I0625 10:49:36.291173 7200 request.go:1212] Request Body: {"kind":"DeleteOptions","apiVersion":"machineconfiguration.openshift.io/v1","dryRun":["All"]} >I0625 10:49:36.291209 7200 round_trippers.go:463] DELETE https://api.build02.gcp.ci.openshift.org:6443/apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` >shows `"dryRun":["All"]`. But this commit moves us to really explicitly dry-run wording like: > >```console >$ ./oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >While the `--confirm` output now looks like: > >```console >$ ./oc adm prune renderedmachineconfigs --confirm >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs --confirm >deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

openshift-ci[bot] commented 3 months ago

@wking: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

djoshy commented 3 months ago

/lgtm

Not sure QE review is necessary, but holding just in case

/hold

openshift-ci[bot] commented 3 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: djoshy, wking, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[pkg/cli/admin/prune/renderedmachineconfigs/OWNERS](https://github.com/openshift/oc/blob/master/pkg/cli/admin/prune/renderedmachineconfigs/OWNERS)~~ [djoshy,yuqi-zhang] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

sergiordlr commented 3 months ago

Verified using IPI on AWS

To verify this PR we created a new non-admin user and added "machine-config-daemon" clusterrole to this new user (can list, watch, get but cannot delete machineconfigs)

We got:

With non-admin user

# DRY RUN
$ oc  adm prune renderedmachineconfigs 
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Skip dry-run deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
Error dry-run deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937 failed: machineconfigs.machineconfiguration.openshift.io "rendered-worker-0c329cf7ed4bd036cce325143a1f6937" is forbidden: User "sregidor" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
Skip dry-run deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use

# CONFIRM
$ oc  adm prune renderedmachineconfigs  --confirm
Skip deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
Error deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937 failed: machineconfigs.machineconfiguration.openshift.io "rendered-worker-0c329cf7ed4bd036cce325143a1f6937" is forbidden: User "sregidor" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
Skip deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use

With admin user

# DRY RUN
 oc adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Skip dry-run deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
dry-run deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937
Skip dry-run deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use

# CONFIRM
$ oc adm prune renderedmachineconfigs --confirm
Skip deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937
Skip deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use

Automated test cases were adapted and they passed

"[sig-mco] MCO Author:ptalgulk-NonHyperShiftHOST-NonPreRelease-Longduration-73148-prune renderedmachineconfigs [Disruptive] [Serial]"
"[sig-mco] MCO Author:ptalgulk-NonHyperShiftHOST-NonPreRelease-Longduration-73155-prune renderedmachineconfigs in updating pools[Disruptive] [Serial]"

/unhold /label qe-approved

openshift-ci-robot commented 3 months ago

@wking: Jira Issue OCPBUGS-36183: All pull requests linked via external trackers have merged:

openshift/oc#1807

Jira Issue OCPBUGS-36183 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/oc/pull/1807): >The old wording like: > >```console >$ oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e: deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >DRY RUN: Deleted rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >spooked me by not being really explicit that dry-run API calls were being made. Bumping the logging: > >```console >$ oc --v=8 adm prune renderedmachineconfigs >... >I0625 10:49:36.291173 7200 request.go:1212] Request Body: {"kind":"DeleteOptions","apiVersion":"machineconfiguration.openshift.io/v1","dryRun":["All"]} >I0625 10:49:36.291209 7200 round_trippers.go:463] DELETE https://api.build02.gcp.ci.openshift.org:6443/apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` >shows `"dryRun":["All"]`. But this commit moves us to really explicitly dry-run wording like: > >```console >$ ./oc adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >Error dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` > >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs >Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs. >dry-run deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` > >While the `--confirm` output now looks like: > >```console >$ ./oc adm prune renderedmachineconfigs --confirm >Error deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e failed: machineconfigs.machineconfiguration.openshift.io "rendered-master-3fff60688940de967f8aa44e5aa0e87e" is forbidden: User "wking" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope >... >``` >and: > >```console >$ ./oc --as system:admin adm prune renderedmachineconfigs --confirm >deleting rendered MachineConfig rendered-master-3fff60688940de967f8aa44e5aa0e87e >... >``` Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Foc). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

openshift-bot commented 3 months ago

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-cli-container-v4.17.0-202406271757.p0.g4b158b2.assembly.stream.el9 for distgit openshift-enterprise-cli. All builds following this will include this PR.