Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix propagation of annotations from sandbox to container #5078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 2 commits into from
Jul 26, 2021
Merged

Fix propagation of annotations from sandbox to container #5078

openshift-merge-robot merged 2 commits into from
Jul 26, 2021

Conversation

@frasertweedale
Copy link
Contributor

@frasertweedale frasertweedale commented Jul 15, 2021
edited
Loading

Commit 8cf3222 introduces some
extra processing of seccomp-related sandbox annotations. But it
introduced a regression where most sandbox annotations are no longer
propagated to the container annotations. Add an else clause to
ensure we propagate all the sandbox annotations to the container's
OCI configuration.

What type of PR is this?

/kind bug

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes: #5077

Does this PR introduce a user-facing change?

None

@openshift-ci openshift-ci bot added kind/bug Categorizes issue or PR as related to a bug. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Jul 15, 2021
@openshift-ci openshift-ci bot requested a review from nalind July 15, 2021 14:23
@openshift-ci openshift-ci bot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 15, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 15, 2021

Hi @frasertweedale. Thanks for your PR.

I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from c4db2fe to 5a64d0d Compare July 15, 2021 14:23
@haircommander
Copy link
Member

haircommander commented Jul 15, 2021

/ok-to-test

thanks @frasertweedale , since you also want it in 4.8
/cherry-pick release-1.21

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Jul 15, 2021

@haircommander: once the present PR merges, I will cherry-pick it on top of release-1.21 in a new PR and assign it to you.

Details

In response to this:

/ok-to-test

thanks @frasertweedale , since you also want it in 4.8
/cherry-pick release-1.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jul 15, 2021
@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 15, 2021

/retest

saschagrunert
saschagrunert reviewed Jul 16, 2021
View reviewed changes
@mrunalp
Copy link
Member

mrunalp commented Jul 16, 2021

@saschagrunert @haircommander We need tests here to make sure we don't regress again in the future.

@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from 5a64d0d to 0bbbe4a Compare July 19, 2021 07:18
@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 19, 2021

@saschagrunert @haircommander We need tests here to make sure we don't regress again in the future.

I am unfamiliar with the test suite. If someone would identify a test that would make a good "template" for testing this behaviour, I'll be happy to have a go. Otherwise it might be better use of everyone's time overall for someone more familiar with cri-o test suite to contribute a test.

@saschagrunert
Copy link
Member

saschagrunert commented Jul 19, 2021

@saschagrunert @haircommander We need tests here to make sure we don't regress again in the future.

Otherwise it might be better use of everyone's time overall for someone more familiar with cri-o test suite to contribute a test.

Sure thing, we can follow-up on that in a separate PR 👍

TomSweeneyRedHat
TomSweeneyRedHat reviewed Jul 19, 2021
View reviewed changes
Copy link
Contributor

@TomSweeneyRedHat TomSweeneyRedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
assuming happy tests

@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from 0bbbe4a to 92202e0 Compare July 20, 2021 00:57
@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 20, 2021

/retest

@haircommander
Copy link
Member

haircommander commented Jul 20, 2021

/approve
@saschagrunert @mrunalp I'll give y'all the final lgtm

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 20, 2021
@codecov
Copy link

codecov bot commented Jul 20, 2021
edited
Loading

Codecov Report

Merging #5078 (17d73a2) into master (0fc6d47) will increase coverage by 0.00%.
The diff coverage is 0.00%.

❗ Current head 17d73a2 differs from pull request most recent head 34ddc81. Consider uploading reports for the commit 34ddc81 to get more accurate results

@@           Coverage Diff           @@
##           master    #5078   +/-   ##
=======================================
  Coverage   43.95%   43.96%           
=======================================
  Files         110      110           
  Lines       11440    11436    -4     
=======================================
- Hits         5029     5028    -1     
+ Misses       5934     5931    -3     
  Partials      477      477

@haircommander
Copy link
Member

haircommander commented Jul 20, 2021

ah @frasertweedale I thinki you need to run gofmt -s -w pkg/container/container.go

@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from 92202e0 to 82dd8c3 Compare July 20, 2021 22:25
@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 21, 2021

I fixed the lint nit and also added the regression test.

@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 21, 2021

/retest

@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 21, 2021

CI seems to be stalled somehow...

@haircommander
Copy link
Member

haircommander commented Jul 22, 2021

yeah we're unfortunately dealing with a cert rotation issue right now, thanks for the patience

@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 23, 2021

/retest

@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch 2 times, most recently from f5e7eaf to 3cd9a17 Compare July 23, 2021 04:56
@frasertweedale frasertweedale changed the title Fix propgation of annotations from sandbox to container Fix propagation of annotations from sandbox to container Jul 23, 2021
@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from 3cd9a17 to 17d73a2 Compare July 23, 2021 08:48
@frasertweedale
Fix propagation of annotations from sandbox to container
5e0334f 
Commit 8cf3222 introduces some
extra processing of seccomp-related sandbox annotations.  But it
introduced a regression where most sandbox annotations are no longer
propagated to the container annotations.  Simplify the logic and add
an `else` clause to ensure we propagate all the sandbox annotations
to the container's OCI configuration.

Fixes: cri-o#5077
Signed-off-by: Fraser Tweedale <[email protected]>
@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from 17d73a2 to a458874 Compare July 23, 2021 20:55
@frasertweedale frasertweedale force-pushed the fix/5077-propagate-sandbox-annotations branch from a458874 to 34ddc81 Compare July 23, 2021 21:00
@frasertweedale
Copy link
Contributor Author

frasertweedale commented Jul 24, 2021

/retest

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 24, 2021
edited
Loading

@frasertweedale: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Rerun command
ci/openshift-jenkins/e2e_crun_cgroupv2 34ddc81 link /test e2e_cgroupv2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

saschagrunert
saschagrunert approved these changes Jul 26, 2021
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 26, 2021
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 26, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: frasertweedale, haircommander, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [haircommander,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 49a8247 into cri-o:master Jul 26, 2021
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 26, 2021
Merged
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented Jul 26, 2021

@haircommander: new pull request created: #5124

Details

In response to this:

/ok-to-test

thanks @frasertweedale , since you also want it in 4.8
/cherry-pick release-1.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@frasertweedale frasertweedale deleted the fix/5077-propagate-sandbox-annotations branch July 26, 2021 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp

@runcom runcom Awaiting requested review from runcom

@nalind nalind Awaiting requested review from nalind

+1 more reviewer

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@saschagrunert saschagrunert

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

regression: sandbox annotations are not propagated to container annotations

7 participants

@frasertweedale @haircommander @openshift-cherrypick-robot @mrunalp @saschagrunert @TomSweeneyRedHat @openshift-merge-robot