Skip to content

OCPBUGS-94014: Rebase v3.6.12 for 5.0/4.23#390

Open
dusk125 wants to merge 12 commits into
openshift:mainfrom
dusk125:rebase-v3.6.12
Open

OCPBUGS-94014: Rebase v3.6.12 for 5.0/4.23#390
dusk125 wants to merge 12 commits into
openshift:mainfrom
dusk125:rebase-v3.6.12

Conversation

@dusk125

@dusk125 dusk125 commented Jun 29, 2026

Copy link
Copy Markdown

Summary by CodeRabbit

  • New Features

    • Added support for updating learner members while preserving learner status.
    • Added stronger validation for file and directory inputs in utility commands.
  • Bug Fixes

    • Improved handling of member attribute updates, including peer URL changes.
    • Tightened auth checks for maintenance status operations.
    • Fixed tests and command flows to better handle invalid or inaccessible paths.
  • Chores

    • Updated the Go toolchain and bumped related module versions across the project.
    • Updated the public version number to 3.6.12.

silentred and others added 12 commits May 8, 2026 21:06
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
…mberupdate-learner

[release-3.6] bugfix: MemberUpdate implicitly and unexpectedly promotes a learner
… of panic when given non-existent paths

Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
…nvalid-datadir

[release-3.6] etcdutl: validate data file path instead of panic
- replace user.Current().Name == "root" with os.Getuid() == 0.
- drop os/user import and user.Current() error path.
- backport of etcd-io#21788
- address: etcd-io#21787

Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
…elease-3.6

[release-3.6] client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
Signed-off-by: kunal.behbudzade <kunal.behbudzade@btsgrp.com>
Signed-off-by: Ian Chechin <ian00chechin@gmail.com>
[release-3.6] server: allow non-admin maintenance status
Signed-off-by: Ivan Valdes <iv@a.ki>
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Walkthrough

Bumps etcd to v3.6.12 and Go toolchain to 1.25.10 across all modules. Fixes UpdateRaftAttributes to update only PeerURLs (preserving IsLearner). Changes maintenance Status auth from isPermitted to requireAuthInfo. Adds path validation helpers to etcdutl commands. Adds a learner member update integration test.

Changes

Go toolchain and v3.6.12 module version bump

Layer / File(s) Summary
Version constant and toolchain
api/version/version.go, .go-version, api/go.mod, client/pkg/go.mod, client/v3/go.mod, etcdctl/go.mod, etcdutl/go.mod, go.mod, pkg/go.mod, server/go.mod, tests/go.mod, tools/*/go.mod
Version bumped to 3.6.12, Go toolchain to 1.25.10, and all internal go.etcd.io/etcd/*/v3 require entries updated from v3.6.11 to v3.6.12.

Functional fixes and new features

Layer / File(s) Summary
UpdateRaftAttributes: partial PeerURLs update preserving learner state
server/etcdserver/api/membership/cluster.go, server/etcdserver/api/membership/cluster_test.go, tests/integration/clientv3/cluster_test.go
UpdateRaftAttributes now updates only RaftAttributes.PeerURLs instead of the full RaftAttributes struct, adds early return for absent members, and a new learner test case plus integration test verify IsLearner is preserved after peer URL update.
Maintenance Status auth fix
server/etcdserver/api/v3rpc/maintenance.go, tests/common/maintenance_auth_test.go
authMaintenanceServer.Status calls requireAuthInfo instead of isPermitted; test updates expectOperationError from true to false for user-authenticated Status.
etcdutl path validation
etcdutl/etcdutl/common.go, etcdutl/etcdutl/defrag_command.go, etcdutl/etcdutl/hashkv_command.go, etcdutl/etcdutl/migrate_command.go, etcdutl/etcdutl/snapshot_command.go
New validateDataDir and validateFilePath helpers added; wired as early-exit checks in DefragData, calculateHashKV, migrateCommandFunc, and SnapshotStatusCommandFunc.
Test cleanup: superuser detection
client/pkg/fileutil/fileutil_test.go
Replaces user.Current() root check with os.Getuid() == 0 in TestIsDirWriteable, removing the os/user import.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

  • deads2k
  • sandeepknd
  • tjungblu
🚥 Pre-merge checks | ✅ 4 | ❌ 11

❌ Failed checks (1 warning, 10 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 9.09% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Stable And Deterministic Test Names ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test Structure And Quality ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Microshift Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Single Node Openshift (Sno) Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Topology-Aware Scheduling Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ote Binary Stdout Contract ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ipv6 And Disconnected Network Test Compatibility ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Weak-Crypto ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Container-Privileges ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Sensitive-Data-In-Logs ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: rebasing to v3.6.12 for the 5.0/4.23 branches.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@etcdutl/etcdutl/common.go`:
- Around line 41-43: validateFilePath currently only checks os.Stat, so it still
accepts directories and lets invalid inputs reach later backend code. Update
validateFilePath in common.go to verify the path is a regular file (or
explicitly reject directories) after Stat, and return an error for directory
inputs so callers like hashkv and snapshot status get the expected early
validation.

In `@server/etcdserver/api/membership/cluster.go`:
- Around line 628-635: The info log in the cluster membership path is exposing
raw internal peer URLs via raftAttr.PeerURLs, which can leak topology. Update
the logging in the member update flow around the existing c.lg.Info call to
remove the full URL list and instead log a safer identifier such as the member
ID and/or the count of peer URLs. Keep the rest of the diagnostic context intact
while ensuring no internal hostnames are emitted.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b9478df3-5295-4859-a5e8-d6504f93016a

📥 Commits

Reviewing files that changed from the base of the PR and between bf6c009 and b92e343.

📒 Files selected for processing (25)
  • .go-version
  • api/go.mod
  • api/version/version.go
  • client/pkg/fileutil/fileutil_test.go
  • client/pkg/go.mod
  • client/v3/go.mod
  • etcdctl/go.mod
  • etcdutl/etcdutl/common.go
  • etcdutl/etcdutl/defrag_command.go
  • etcdutl/etcdutl/hashkv_command.go
  • etcdutl/etcdutl/migrate_command.go
  • etcdutl/etcdutl/snapshot_command.go
  • etcdutl/go.mod
  • go.mod
  • pkg/go.mod
  • server/etcdserver/api/membership/cluster.go
  • server/etcdserver/api/membership/cluster_test.go
  • server/etcdserver/api/v3rpc/maintenance.go
  • server/go.mod
  • tests/common/maintenance_auth_test.go
  • tests/go.mod
  • tests/integration/clientv3/cluster_test.go
  • tools/mod/go.mod
  • tools/rw-heatmaps/go.mod
  • tools/testgrid-analysis/go.mod

Comment thread etcdutl/etcdutl/common.go
Comment thread server/etcdserver/api/membership/cluster.go
@dusk125 dusk125 changed the title NO-JIRA: Rebase v3.6.12 for 5.0/4.23 OCPBUGS-94014: Rebase v3.6.12 for 5.0/4.23 Jun 29, 2026
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jun 29, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@dusk125: This pull request references Jira Issue OCPBUGS-94014, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sandeepknd

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary by CodeRabbit

  • New Features

  • Added support for updating learner members while preserving learner status.

  • Added stronger validation for file and directory inputs in utility commands.

  • Bug Fixes

  • Improved handling of member attribute updates, including peer URL changes.

  • Tightened auth checks for maintenance status operations.

  • Fixed tests and command flows to better handle invalid or inaccessible paths.

  • Chores

  • Updated the Go toolchain and bumped related module versions across the project.

  • Updated the public version number to 3.6.12.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested a review from sandeepknd June 29, 2026 17:32
@dusk125

dusk125 commented Jun 30, 2026

Copy link
Copy Markdown
Author

/test all

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown

@dusk125: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/upstream-integration b92e343 link false /test upstream-integration
ci/prow/upstream-e2e b92e343 link false /test upstream-e2e
ci/prow/e2e-aws-ovn-upgrade b92e343 link true /test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn b92e343 link true /test e2e-aws-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants