Skip to content

OCPBUGS-29900:fix the Metric cco_credentials_mode issue #901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jianping-shu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OCPBUGS-29900:fix the Metric cco_credentials_mode issue #901

jianping-shu wants to merge 1 commit into from

Conversation

@jianping-shu
Copy link

@jianping-shu jianping-shu commented Aug 25, 2025
edited
Loading

See OCPBUGS-29900 for the details.

Try to use AI tools to facilitate the bug fix.
(1) Tried deepwiki, its answers were positioning related code functions and providing the fix suggestions
https://deepwiki.com/search/for-aws-sts-cluster-metric-cco_6fe2f619-3e29-4d31-8aeb-5c85a8f589db

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 25, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 25, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Aug 25, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Aug 25, 2025

@jianping-shu: This pull request references Jira Issue OCPBUGS-29900, which is invalid:

  • expected the bug to target the "4.20.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

See OCPBUGS-29900 for the details.

Try to use AI tools to facilitate the bug fix.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 25, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jianping-shu
Once this PR has been reviewed and has the lgtm label, please assign suhanime for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jianping-shu
Copy link
Author

jianping-shu commented Aug 26, 2025

To use utils.IsTimedTokenCluster is a better and more efficient solution than func credRequestIsPodIdentity which is called for every CR in func processCR. And it did fix the issue.
Need check if it is safe to remove func credRequestIsPodIdentity.

@jianping-shu jianping-shu force-pushed the OCPBUGS-29900 branch 2 times, most recently from 048c8ad to 067cc61 Compare September 10, 2025 07:41
@jianping-shu jianping-shu marked this pull request as ready for review September 11, 2025 00:15
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 11, 2025
@openshift-ci openshift-ci bot requested review from dlom and suhanime September 11, 2025 00:15
@codecov
Copy link

codecov bot commented Sep 15, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.81%. Comparing base (f019679) to head (5f9e984).
⚠️ Report is 25 commits behind head on master.

Files with missing lines Patch % Lines
pkg/operator/metrics/metrics.go 66.66% 2 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #901      +/-   ##
==========================================
- Coverage   46.93%   46.81%   -0.12%     
==========================================
  Files          97       97              
  Lines       11943    11931      -12     
==========================================
- Hits         5605     5586      -19     
- Misses       5720     5730      +10     
+ Partials      618      615       -3
Files with missing lines Coverage Δ
pkg/operator/metrics/metrics.go 42.94% <66.66%> (-4.15%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 15, 2025

@jianping-shu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn 5f9e984 link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-qe 5f9e984 link false /test e2e-aws-qe

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jianping-shu
Copy link
Author

jianping-shu commented Sep 15, 2025

@jstuever @dlom please help review this PR when you got time, TIA

@jstuever
Copy link
Contributor

jstuever commented Sep 30, 2025

/cc

@openshift-ci openshift-ci bot requested a review from jstuever September 30, 2025 21:43
jstuever
jstuever requested changes Nov 4, 2025
View reviewed changes
Copy link
Contributor

@jstuever jstuever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My apologies for taking so long to review this PR. I wanted to make sure I fully understood the manualpodidentity use case. I don't think AI provided the right solution here. It is clear that manualpodidentity is intended to show that at least one secret is actually using short term tokens. However, this solution instead shows that the cluster is configured to use short term tokens without verifying that any of the secrets are actually configured to do so.

Instead, this PR needs to figure out if credRequestIsPodIdenty() is returning false when there are short term tokens being used, and if so, resolve why that is happening. As it is currently written, there is no logic for the GCP platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jstuever jstuever jstuever requested changes

@dlom dlom Awaiting requested review from dlom

@suhanime suhanime Awaiting requested review from suhanime

Assignees

No one assigned

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-low Referenced Jira bug's severity is low for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jianping-shu @openshift-ci-robot @jstuever