Closed Neo2308 closed 3 months ago
@rashmigottipati could you help review this PR?
@everettraven could you review this PR again?
@everettraven could you review this PR since its blocking https://github.com/operator-framework/operator-sdk/pull/6736?
@everettraven / @rashmigottipati can you help review this PR? This blocking work on the 1.29 bump
Made the specified changes. @everettraven, @acornett21 could you review again?
The e2e-molecule test failure seems to be due to an environment issue, I don't seem to have the permissions to retrigger it. @joelanford could you help retrigger the checks?
@Neo2308 I think I've re-ran this test 2 or 3 times, and it's still failing.
@acornett21 could you help fix the build failure?
@Neo2308 It looks like this is a python dep issue, I took this code as a base and raised #80 with a few changes and all seems well. I reached out on k8s slack to try to get some time to talk about this PR and #80 and #79.
Rebased the PR onto latest master. @acornett21 could you approve the workflow runs?
The sanity tests are passing locally now, @acornett21 / @everettraven could you run approve the workflow runs?
@Neo2308 It doesn't appear that you generated the lock
file correctly, you need to follow the instructions in the images/Readme file. But even if that is generated correctly there are still other issues, since version of requests
needed to get past the CVE does not support the use case (protocol) we are using.
https://github.com/Azure/azure-iot-sdk-python/issues/1182
Controller Logs
{"level":"error","ts":"2024-06-25T14:43:26Z","logger":"runner","msg":"Traceback (most recent call last):\n File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 633, in send\n conn = self.get_connection_with_tls_context(\n File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 489, in get_connection_with_tls_context\n conn = self.poolmanager.connection_from_host(\n File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 246, in connection_from_host\n return self.connection_from_context(request_context)\n File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 258, in connection_from_context\n raise URLSchemeUnknown(scheme)\nurllib3.exceptions.URLSchemeUnknown: Not supported URL scheme http+unix\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner/__main__.py\", line 874, in main\n res = run(**run_options)\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner/interface.py\", line 210, in run\n r.run()\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 118, in run\n self.status_callback('starting')\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 106, in status_callback\n ansible_runner.plugins[plugin].status_handler(self.config, status_data)\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 35, in status_handler\n status = send_request(plugin_config['runner_url'],\n File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 18, in send_request\n return session.post(url_actual, headers=headers, json=(data))\n File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 637, in post\n return self.request(\"POST\", url, data=data, json=json, **kwargs)\n File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 589, in request\n resp = self.send(prep, **send_kwargs)\n File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 703, in send\n r = adapter.send(request, **kwargs)\n File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 637, in send\n raise InvalidURL(e, request=request)\nrequests.exceptions.InvalidURL: Not supported URL scheme http+unix\n","job":"7062013831693068113","name":"bootstrap-token-abcdef","namespace":"kube-system","error":"exit status 1","stacktrace":"github.com/operator-framework/ansible-operator-plugins/internal/ansible/runner.(*runner).Run.func1\n\tansible-operator-plugins/internal/ansible/runner/runner.go:269"}
I'm not really sure how we work around this, since I'm not well versed in python.
I poised this question in k8s slack https://kubernetes.slack.com/archives/C017UU45SHL/p1719326921876759
@acornett21 Should we consider reverting the request package bump and ignore the security warning coming from it for now? By the way, really appreciate your help so far on this PR!
@Neo2308 After the discussion in slack, @everettraven agrees the path forward for now is to revert the ansible-core
changes and ignore the CVE in both docker files. I believe the ID would be 71064
.
@acornett21 Made the changes. Could you review?
@everettraven could you review/approve this PR as well?
Relates to: https://github.com/operator-framework/operator-sdk/issues/6651