Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: aes-gcm proof #1446

Closed
wants to merge 1 commit into from
Closed

WIP: aes-gcm proof #1446

wants to merge 1 commit into from

Conversation

dgrisonnet
Copy link
Member

No description provided.

@dgrisonnet
aes-gcm proof
7997bb2 
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 16, 2023
@openshift-ci openshift-ci bot requested review from mfojtik and p0lyn0mial February 16, 2023 17:34
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 16, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 16, 2023

@dgrisonnet: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gcp-operator-encryption-rotation-single-node 7997bb2 link false /test e2e-gcp-operator-encryption-rotation-single-node
ci/prow/e2e-gcp-operator-encryption 7997bb2 link true /test e2e-gcp-operator-encryption
ci/prow/e2e-aws-operator-disruptive-single-node 7997bb2 link false /test e2e-aws-operator-disruptive-single-node
ci/prow/e2e-gcp-operator-single-node 7997bb2 link false /test e2e-gcp-operator-single-node

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@dgrisonnet dgrisonnet mentioned this pull request Feb 21, 2023
Merged
@dgrisonnet
Copy link
Member Author

dgrisonnet commented Feb 22, 2023
edited
Loading

The following scenario were successfully manually tested via cluster-bot:

  • identity -> aescbc -> aesgcm -> identity
  • identity -> aesgcm -> identity -> aesgcm

Once the library-go and api PRs are merged, I'll open a new PR to bump the dependencies and add an e2e test in the operator.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 22, 2023
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dgrisonnet
Copy link
Member Author

Encryption job failures are unrelated, restarting them.

/test e2e-gcp-operator-encryption
/test e2e-gcp-operator-encryption-rotation-single-node

@dgrisonnet
Copy link
Member Author

dgrisonnet commented Feb 22, 2023
edited
Loading

The e2e-gcp-operator-encryption-rotation-single-node test might be broken since the following was set on the apiserver object to force migration but never cleaned up so the cluster was kept in an non upgradeable state:

                "unsupportedConfigOverrides": {
                    "encryption": {
                        "reason": "test-key-rotation-dgc4"
                    }
                }

@dgrisonnet
Copy link
Member Author

This was also the case in the rotation job that succeeded but the unsupportedconfigoverrides controller didn't pick it up in time and so didn't report unupgradeable.

https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_cluster-kube-apiserver-operator/1446/pull-ci-openshift-cluster-kube-apiserver-operator-master-e2e-gcp-operator-encryption-rotation/1626273509153968128/artifacts/e2e-gcp-operator-encryption-rotation/gather-extra/artifacts/kubeapiserver.json

@dgrisonnet
Copy link
Member Author

Opened https://issues.redhat.com/browse/OCPBUGS-7890 to cleanup the unsupported config post migration.

@dgrisonnet
Copy link
Member Author

/test e2e-gcp-operator-encryption
/test e2e-gcp-operator-encryption-rotation-single-node

@dgrisonnet dgrisonnet closed this Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfojtik mfojtik Awaiting requested review from mfojtik

@p0lyn0mial p0lyn0mial Awaiting requested review from p0lyn0mial

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dgrisonnet @openshift-merge-robot