Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-844 skip empty cert paths #320

Merged
merged 1 commit into from
Apr 5, 2023
Merged

NETOBSERV-844 skip empty cert paths #320

merged 1 commit into from
Apr 5, 2023

Conversation

jpinsonneau
Copy link
Contributor

@jpinsonneau jpinsonneau commented Apr 4, 2023
edited
Loading

This fix avoid the case when empty cert paths are provided to console plugin making it crash:

        - '-loki-status-ca-path'
        - /var/loki-status-certs-ca/service-ca.crt
        - '-loki-status-user-cert-path'
        - ''
        - '-loki-status-user-key-path'
        - ''

Set tls: true without using statusUrl to reproduce this error

@jpinsonneau jpinsonneau requested review from jotak and Amoghrd April 4, 2023 16:07
@Amoghrd
Copy link
Contributor

Amoghrd commented Apr 4, 2023

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Apr 4, 2023
@codecov
Copy link

codecov bot commented Apr 4, 2023
edited
Loading

Codecov Report

Merging #320 (2b408c6) into main (e1532e4) will increase coverage by 0.06%.
The diff coverage is 87.80%.

@@            Coverage Diff             @@
##             main     #320      +/-   ##
==========================================
+ Coverage   50.84%   50.90%   +0.06%     
==========================================
  Files          43       43              
  Lines        5096     5080      -16     
==========================================
- Hits         2591     2586       -5     
+ Misses       2300     2293       -7     
+ Partials      205      201       -4
Flag Coverage Δ
unittests 50.90% <87.80%> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
controllers/ebpf/agent_controller.go 83.25% <0.00%> (+1.00%) ⬆️
controllers/reconcilers/client_helper.go 46.09% <ø> (ø)
controllers/flowlogspipeline/flp_common_objects.go 85.25% <66.66%> (-0.03%) ⬇️
pkg/helper/certificates.go 75.30% <66.66%> (-0.31%) ⬇️
controllers/consoleplugin/consoleplugin_objects.go 93.84% <100.00%> (+0.13%) ⬆️
...trollers/consoleplugin/consoleplugin_reconciler.go 62.96% <100.00%> (+0.78%) ⬆️
controllers/flowcollector_controller.go 53.90% <100.00%> (-0.19%) ⬇️
controllers/flowlogspipeline/flp_ingest_objects.go 74.62% <100.00%> (ø)
...trollers/flowlogspipeline/flp_ingest_reconciler.go 63.71% <100.00%> (+1.32%) ⬆️
...ntrollers/flowlogspipeline/flp_monolith_objects.go 88.88% <100.00%> (ø)
... and 3 more

... and 1 file with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@github-actions
Copy link

github-actions bot commented Apr 4, 2023

New images:

  • quay.io/netobserv/network-observability-operator:260fa40
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-260fa40
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-260fa40

They will expire after two weeks.

Catalog source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-260fa40
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Apr 4, 2023
@jotak
Copy link
Member

jotak commented Apr 5, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 5, 2023
@jpinsonneau
Copy link
Contributor Author

/approve

@openshift-ci
Copy link

openshift-ci bot commented Apr 5, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpinsonneau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Apr 5, 2023
@openshift-merge-robot openshift-merge-robot merged commit e143bf6 into netobserv:main Apr 5, 2023
jotak added a commit to jotak/network-observability-operator that referenced this pull request May 9, 2023
@jotak
NETOBSERV-972 check if cluster admin via namespaces
175f3b3 
Follow-up on netobserv#320, which relaxed the permission checks performed when
lokiAuth is DISABLED: after discussion, we roll back to a more strict
approach; however to mitigate the limitation of TokenReview (it doesn't
provide a reliable way to check for cluster admins right), we verify
that the user can list namespaces, assuming this is a cluster admin
capability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jotak jotak Awaiting requested review from jotak

@Amoghrd Amoghrd Awaiting requested review from Amoghrd

Assignees

@jotak jotak

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jpinsonneau @Amoghrd @jotak @openshift-merge-robot