OCPBUGS-2895: Azure: Fix DiskEncryptionSet regex validation #6513

SudoBrendan · 2022-10-21T20:22:51Z

Current validation excludes upper-case letters. I expanded the test suite to cover some of the ugliest (legitimate) names possible.

SudoBrendan · 2022-10-21T20:28:40Z

pkg/types/azure/validation/disk_test.go

@@ -47,7 +45,7 @@ func TestValidateDiskEncryption(t *testing.T) {
 			name:      "invalid disk encryption set (platform is stack cloud)",
 			pool:      validDiskEncryptionMachinePool(),
 			cloudName: azure.StackCloud,
-			expected:  fmt.Sprintf(`diskEncryptionSet.diskEncryptionSet: Invalid value: azure.DiskEncryptionSet{SubscriptionID:"%s", ResourceGroup:"%s", Name:"%s"}: disk encryption sets are not supported on this platform`, subscriptionID, resourceGroup, diskEncryptionSetName),
+			expected:  fmt.Sprintf(`diskEncryptionSet.diskEncryptionSet: Invalid value: azure.DiskEncryptionSet{SubscriptionID:"%s", ResourceGroup:".+", Name:"%s"}: disk encryption sets are not supported on this platform`, subscriptionID, diskEncryptionSetName),


Unfortunately, this string is used as a regex itself, and since RGs allow characters like ., (, and ), we can't use that and still get a match.

r4f4 · 2022-10-27T07:38:38Z

/retitle OCPBUGS-2895: Azure: Fix DiskEncryptionSet regex validation

openshift-ci-robot · 2022-10-27T07:38:43Z

@SudoBrendan: This pull request references Jira Issue OCPBUGS-2895, which is invalid:

expected the bug to target the "4.12.0" version, but it targets "4.11" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Current validation excludes upper-case letters. I expanded the test suite to cover some of the ugliest (legitimate) names possible.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

r4f4 · 2022-10-27T07:39:27Z

/jira refresh

openshift-ci-robot · 2022-10-27T07:39:33Z

@r4f4: This pull request references Jira Issue OCPBUGS-2895, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.12.0) matches configured target version for branch (4.12.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @MayXuQQ

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

MayXuQQ · 2022-10-27T16:24:47Z

pre-merge build: registry.build05.ci.openshift.org/ci-ln-frpjg32/release:latest
clusterName: maxu-e2e-V12345678-eastus-16589
[INFO] Creating keyvault and disk encryption set in maxu-e2e-V12345678-eastus-rg
10-28 00:20:13.344 Creating keyvault maxu-e2e-V12345678-eastus-16589-kv in maxu-e2e-V12345678-eastus-rg
10-28 00:20:13.344 Running Command: az keyvault create -n maxu-e2e-V12345678-eastus-16589-kv -g maxu-e2e-V12345678-eastus-rg --enable-purge-protection true
10-28 00:20:14.715 ERROR: Parameter 'vault_name' must conform to the following pattern: '^[a-zA-Z0-9-]{3,24}$'.

r4f4 · 2022-10-27T16:32:05Z

pre-merge build: registry.build05.ci.openshift.org/ci-ln-frpjg32/release:latest clusterName: maxu-e2e-V12345678-eastus-16589 [INFO] Creating keyvault and disk encryption set in maxu-e2e-V12345678-eastus-rg 10-28 00:20:13.344 Creating keyvault maxu-e2e-V12345678-eastus-16589-kv in maxu-e2e-V12345678-eastus-rg 10-28 00:20:13.344 Running Command: az keyvault create -n maxu-e2e-V12345678-eastus-16589-kv -g maxu-e2e-V12345678-eastus-rg --enable-purge-protection true 10-28 00:20:14.715 ERROR: Parameter 'vault_name' must conform to the following pattern: '^[a-zA-Z0-9-]{3,24}$'.

So the keyvault name is too long?

$: echo "maxu-e2e-V12345678-eastus-16589-kv" | wc -c
35

Where is that name coming from?

cblecker · 2022-10-27T16:40:13Z

/retest

MayXuQQ · 2022-10-27T16:48:59Z

with the cluster_name_prefix=maxu-e2e-V1234
[INFO] Generating manifests files.....
10-28 00:44:40.031 level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: metadata.name: Invalid value: "maxu-e2e-V1234": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)*')

r4f4 · 2022-10-27T17:18:24Z

with the cluster_name_prefix=maxu-e2e-V1234 [INFO] Generating manifests files..... 10-28 00:44:40.031 level=error msg=failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: metadata.name: Invalid value: "maxu-e2e-V1234": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(.a-z0-9?)*')

You cannot use uppercase character in metadata.name. So maxu-e2e-v1234 should work instead of maxu-e2e-V1234.

SudoBrendan · 2022-10-27T22:09:59Z

Just for a bit of clarity: the new functionality we are testing should be to have a DiskEncryptionSet that includes any upper-case letters in its name. In addition, we should test a DiskEncrptionSet that resides within a ResourceGroup with upper-case letters. All other fields in the installer-config should be conforming to their standard validations.

I did also modify the code to accept upper-case letters in the subscription ID, so it might be worth adding those as well.

MayXuQQ · 2022-10-28T11:09:28Z

how to test the bug , now the subdomain domain name can not contains uppercase, blocked use uppercase in the cluster name?

patrickdillon · 2022-10-28T13:54:44Z

/approve
/lgtm

openshift-ci · 2022-10-28T13:55:09Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: patrickdillon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~pkg/types/azure/OWNERS~~ [patrickdillon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

cblecker · 2022-10-28T14:16:13Z

/cherry-pick release-4.11

openshift-cherrypick-robot · 2022-10-28T14:16:15Z

@cblecker: once the present PR merges, I will cherry-pick it on top of release-4.11 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

patrickdillon · 2022-10-28T14:27:17Z

/skip

openshift-ci-robot · 2022-10-28T16:18:48Z

@openshift-bot: This pull request references Jira Issue OCPBUGS-2895, which is invalid:

expected the bug to target the "4.13.0" version, but it targets "4.12.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

The requirements for Jira bugs have changed (Jira issues linked to PRs on main branch need to target OCP 4.12), recalculating validity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

r4f4 · 2022-10-28T18:49:45Z

/jira refresh

openshift-ci-robot · 2022-10-28T18:49:51Z

@r4f4: This pull request references Jira Issue OCPBUGS-2895, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.13.0) matches configured target version for branch (4.13.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @MayXuQQ

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

patrickdillon · 2022-10-28T18:52:47Z

/cherry-pick release-4.12

openshift-cherrypick-robot · 2022-10-28T18:52:48Z

@patrickdillon: once the present PR merges, I will cherry-pick it on top of release-4.12 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

patrickdillon · 2022-10-28T19:24:37Z

/label backport-risk-assessed

cblecker · 2022-10-29T12:55:06Z

/retest

openshift-ci · 2022-10-29T13:46:29Z

@SudoBrendan: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-azure-ovn-shared-vpc	`c56fbd1`	link	false	`/test e2e-azure-ovn-shared-vpc`
ci/prow/e2e-azurestack	`c56fbd1`	link	false	`/test e2e-azurestack`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

r4f4 · 2022-10-29T17:52:10Z

error: unable to create a release: operator "cluster-capi-operator" contained an invalid image-references file: no input image tag named "ibmcloud-cluster-api-controllers"

This is a known error in the IBM cloud provider. We'll have to wait until Monday for it to be resolved.

MayXuQQ · 2022-10-29T17:53:10Z

checked with

  platform:
    azure:
      encryptionAtHost: true
      osDisk:
        diskEncryptionSet: &1
          resourceGroup: MAXU-DISK2-RG
          name: MAXU-DISK2-des

and

diskEncryptionSet: &1
  resourceGroup: maxu-disk-rg
  name: MAXU-DISK-des

MayXuQQ · 2022-10-29T17:53:45Z

/label qe-approved

r4f4 · 2022-10-31T12:12:14Z

/retest-required

sdodson · 2022-10-31T12:49:34Z

/override ci/prow/e2e-aws-ovn
/override ci/prow/e2e-azure-ovn
/override ci/prow/images
This is due to image build problems due to the recent brancing and missing tags on ibmcloud-cluster-api-controllers.

openshift-ci · 2022-10-31T12:50:06Z

@sdodson: Overrode contexts on behalf of sdodson: ci/prow/e2e-aws-ovn, ci/prow/e2e-azure-ovn, ci/prow/images

In response to this:

/override ci/prow/e2e-aws-ovn
/override ci/prow/e2e-azure-ovn
/override ci/prow/images
This is due to image build problems due to the recent brancing and missing tags on ibmcloud-cluster-api-controllers.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

sdodson · 2022-10-31T12:50:29Z

ART is aware and putting in a temporary fix in openshift-eng/ocp-build-data#2129

openshift-ci-robot · 2022-10-31T12:55:12Z

@SudoBrendan: All pull requests linked via external trackers have merged:

openshift/installer#6513

Jira Issue OCPBUGS-2895 has been moved to the MODIFIED state.

In response to this:

Current validation excludes upper-case letters. I expanded the test suite to cover some of the ugliest (legitimate) names possible.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-cherrypick-robot · 2022-10-31T12:56:53Z

@cblecker: new pull request created: #6537

In response to this:

/cherry-pick release-4.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-cherrypick-robot · 2022-10-31T12:57:50Z

@patrickdillon: new pull request created: #6538

In response to this:

/cherry-pick release-4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Fix DiskEncryptionSet regex validation

c56fbd1

openshift-ci bot requested review from jhixson74 and m1kola October 21, 2022 20:23

SudoBrendan commented Oct 21, 2022

View reviewed changes

SudoBrendan mentioned this pull request Oct 21, 2022

4.11 revendor Azure/ARO-RP#2339

Closed

22 tasks

openshift-ci bot changed the title ~~Azure: Fix DiskEncryptionSet regex validation~~ OCPBUGS-2895: Azure: Fix DiskEncryptionSet regex validation Oct 27, 2022

openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Oct 27, 2022

openshift-ci bot requested a review from MayXuQQ October 27, 2022 07:39

openshift-ci bot assigned patrickdillon Oct 28, 2022

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 28, 2022

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 28, 2022

openshift-ci-robot added jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. and removed bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Oct 28, 2022

openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Oct 28, 2022

openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Oct 29, 2022

openshift-merge-robot merged commit 61a7629 into openshift:master Oct 31, 2022

openshift-cherrypick-robot mentioned this pull request Oct 31, 2022

[release-4.11] OCPBUGS-2983: Azure: Fix DiskEncryptionSet regex validation #6537

Merged

openshift-cherrypick-robot mentioned this pull request Oct 31, 2022

[release-4.12] OCPBUGS-2984: Azure: Fix DiskEncryptionSet regex validation #6538

Merged

patrickdillon mentioned this pull request Oct 31, 2022

Remove Azure disk encryption validation #6539

Closed

patrickdillon mentioned this pull request Dec 12, 2024

API-1843: FeatureGate(d) KMS encryption openshift/api#2035

Open

OCPBUGS-2895: Azure: Fix DiskEncryptionSet regex validation #6513

OCPBUGS-2895: Azure: Fix DiskEncryptionSet regex validation #6513

Conversation

SudoBrendan commented Oct 21, 2022

SudoBrendan Oct 21, 2022

Choose a reason for hiding this comment

r4f4 commented Oct 27, 2022

openshift-ci-robot commented Oct 27, 2022

r4f4 commented Oct 27, 2022

openshift-ci-robot commented Oct 27, 2022

MayXuQQ commented Oct 27, 2022

r4f4 commented Oct 27, 2022

cblecker commented Oct 27, 2022

MayXuQQ commented Oct 27, 2022

r4f4 commented Oct 27, 2022

SudoBrendan commented Oct 27, 2022

MayXuQQ commented Oct 28, 2022

patrickdillon commented Oct 28, 2022

openshift-ci bot commented Oct 28, 2022

cblecker commented Oct 28, 2022

openshift-cherrypick-robot commented Oct 28, 2022

patrickdillon commented Oct 28, 2022

openshift-ci-robot commented Oct 28, 2022

r4f4 commented Oct 28, 2022

openshift-ci-robot commented Oct 28, 2022

patrickdillon commented Oct 28, 2022

openshift-cherrypick-robot commented Oct 28, 2022

patrickdillon commented Oct 28, 2022

cblecker commented Oct 29, 2022

openshift-ci bot commented Oct 29, 2022 • edited Loading

r4f4 commented Oct 29, 2022

MayXuQQ commented Oct 29, 2022

MayXuQQ commented Oct 29, 2022

r4f4 commented Oct 31, 2022

sdodson commented Oct 31, 2022

openshift-ci bot commented Oct 31, 2022

sdodson commented Oct 31, 2022

openshift-ci-robot commented Oct 31, 2022

openshift-cherrypick-robot commented Oct 31, 2022

openshift-cherrypick-robot commented Oct 31, 2022

openshift-ci bot commented Oct 29, 2022 •

edited

Loading