Closed wking closed 3 months ago
@wking: This pull request references Jira Issue OCPBUGS-36183, which is valid. The bug has been moved to the POST state.
Requesting review from QA contact: /cc @sergiordlr
The bug has been updated to refer to the pull request using the external bug tracker.
@wking: This pull request references Jira Issue OCPBUGS-36183, which is valid.
Requesting review from QA contact: /cc @sergiordlr
@wking: all tests passed!
Full PR test history. Your PR dashboard.
/lgtm
Not sure QE review is necessary, but holding just in case
/hold
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: djoshy, wking, yuqi-zhang
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Verified using IPI on AWS
To verify this PR we created a new non-admin user and added "machine-config-daemon" clusterrole to this new user (can list, watch, get but cannot delete machineconfigs)
We got:
With non-admin user
# DRY RUN
$ oc adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Skip dry-run deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
Error dry-run deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937 failed: machineconfigs.machineconfiguration.openshift.io "rendered-worker-0c329cf7ed4bd036cce325143a1f6937" is forbidden: User "sregidor" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
Skip dry-run deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use
# CONFIRM
$ oc adm prune renderedmachineconfigs --confirm
Skip deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
Error deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937 failed: machineconfigs.machineconfiguration.openshift.io "rendered-worker-0c329cf7ed4bd036cce325143a1f6937" is forbidden: User "sregidor" cannot delete resource "machineconfigs" in API group "machineconfiguration.openshift.io" at the cluster scope
Skip deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use
With admin user
# DRY RUN
oc adm prune renderedmachineconfigs
Dry run enabled - no modifications will be made. Add --confirm to remove rendered machine configs.
Skip dry-run deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
dry-run deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937
Skip dry-run deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use
# CONFIRM
$ oc adm prune renderedmachineconfigs --confirm
Skip deleting rendered MachineConfig rendered-master-bf2b52e3684a907f19fbbd8f4bf518e7 as it's currently in use
deleting rendered MachineConfig rendered-worker-0c329cf7ed4bd036cce325143a1f6937
Skip deleting rendered MachineConfig rendered-worker-dcb7fbf2b8bcd67f3eee69c80412ceb1 as it's currently in use
Automated test cases were adapted and they passed
"[sig-mco] MCO Author:ptalgulk-NonHyperShiftHOST-NonPreRelease-Longduration-73148-prune renderedmachineconfigs [Disruptive] [Serial]"
"[sig-mco] MCO Author:ptalgulk-NonHyperShiftHOST-NonPreRelease-Longduration-73155-prune renderedmachineconfigs in updating pools[Disruptive] [Serial]"
/unhold /label qe-approved
@wking: Jira Issue OCPBUGS-36183: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-36183 has been moved to the MODIFIED state.
[ART PR BUILD NOTIFIER]
This PR has been included in build openshift-enterprise-cli-container-v4.17.0-202406271757.p0.g4b158b2.assembly.stream.el9 for distgit openshift-enterprise-cli. All builds following this will include this PR.
The old wording like:
and:
spooked me by not being really explicit that dry-run API calls were being made. Bumping the logging:
shows
"dryRun":["All"]
. But this commit moves us to really explicitly dry-run wording like:and:
While the
--confirm
output now looks like:and: