search

operator-framework / ansible-operator-plugins

Experimental extraction/refactoring of the Operator SDK's ansible operator plugin
Apache License 2.0
9 stars 20 forks source link

Update k8s dependencies #67

Closed Neo2308 closed 3 months ago

Neo2308 commented 5 months ago

Relates to: https://github.com/operator-framework/operator-sdk/issues/6651

Neo2308 commented 5 months ago

@rashmigottipati could you help review this PR?

Neo2308 commented 4 months ago

@everettraven could you review this PR again?

Neo2308 commented 4 months ago

@everettraven could you review this PR since its blocking https://github.com/operator-framework/operator-sdk/pull/6736?

Neo2308 commented 4 months ago

@everettraven / @rashmigottipati can you help review this PR? This blocking work on the 1.29 bump

Neo2308 commented 4 months ago

Made the specified changes. @everettraven, @acornett21 could you review again?

Neo2308 commented 4 months ago

The e2e-molecule test failure seems to be due to an environment issue, I don't seem to have the permissions to retrigger it. @joelanford could you help retrigger the checks?

acornett21 commented 4 months ago

@Neo2308 I think I've re-ran this test 2 or 3 times, and it's still failing.

Neo2308 commented 3 months ago

@acornett21 could you help fix the build failure?

acornett21 commented 3 months ago

@Neo2308 It looks like this is a python dep issue, I took this code as a base and raised #80 with a few changes and all seems well. I reached out on k8s slack to try to get some time to talk about this PR and #80 and #79.

Neo2308 commented 3 months ago

Rebased the PR onto latest master. @acornett21 could you approve the workflow runs?

Neo2308 commented 3 months ago

The sanity tests are passing locally now, @acornett21 / @everettraven could you run approve the workflow runs?

acornett21 commented 3 months ago

@Neo2308 It doesn't appear that you generated the lock file correctly, you need to follow the instructions in the images/Readme file. But even if that is generated correctly there are still other issues, since version of requests needed to get past the CVE does not support the use case (protocol) we are using.

https://github.com/Azure/azure-iot-sdk-python/issues/1182

Controller Logs

{"level":"error","ts":"2024-06-25T14:43:26Z","logger":"runner","msg":"Traceback (most recent call last):\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 633, in send\n    conn = self.get_connection_with_tls_context(\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 489, in get_connection_with_tls_context\n    conn = self.poolmanager.connection_from_host(\n  File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 246, in connection_from_host\n    return self.connection_from_context(request_context)\n  File \"/usr/local/lib/python3.9/site-packages/urllib3/poolmanager.py\", line 258, in connection_from_context\n    raise URLSchemeUnknown(scheme)\nurllib3.exceptions.URLSchemeUnknown: Not supported URL scheme http+unix\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/__main__.py\", line 874, in main\n    res = run(**run_options)\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/interface.py\", line 210, in run\n    r.run()\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 118, in run\n    self.status_callback('starting')\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner/runner.py\", line 106, in status_callback\n    ansible_runner.plugins[plugin].status_handler(self.config, status_data)\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 35, in status_handler\n    status = send_request(plugin_config['runner_url'],\n  File \"/usr/local/lib/python3.9/site-packages/ansible_runner_http/events.py\", line 18, in send_request\n    return session.post(url_actual, headers=headers, json=(data))\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 637, in post\n    return self.request(\"POST\", url, data=data, json=json, **kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 589, in request\n    resp = self.send(prep, **send_kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/sessions.py\", line 703, in send\n    r = adapter.send(request, **kwargs)\n  File \"/usr/local/lib/python3.9/site-packages/requests/adapters.py\", line 637, in send\n    raise InvalidURL(e, request=request)\nrequests.exceptions.InvalidURL: Not supported URL scheme http+unix\n","job":"7062013831693068113","name":"bootstrap-token-abcdef","namespace":"kube-system","error":"exit status 1","stacktrace":"github.com/operator-framework/ansible-operator-plugins/internal/ansible/runner.(*runner).Run.func1\n\tansible-operator-plugins/internal/ansible/runner/runner.go:269"}

I'm not really sure how we work around this, since I'm not well versed in python.

I poised this question in k8s slack https://kubernetes.slack.com/archives/C017UU45SHL/p1719326921876759

Neo2308 commented 3 months ago

@acornett21 Should we consider reverting the request package bump and ignore the security warning coming from it for now? By the way, really appreciate your help so far on this PR!

acornett21 commented 3 months ago

@Neo2308 After the discussion in slack, @everettraven agrees the path forward for now is to revert the ansible-core changes and ignore the CVE in both docker files. I believe the ID would be 71064.

Neo2308 commented 3 months ago

@acornett21 Made the changes. Could you review?

Neo2308 commented 3 months ago

@everettraven could you review/approve this PR as well?