Bug 1609179

Summary: oc patch returns return code 1 if resource does not need patching
Product: OpenShift Container Platform Reporter: Ger-Jan te Dorsthorst <gtedorst>
Component: ocAssignee: Juan Vallejo <jvallejo>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-11 07:22:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ger-Jan te Dorsthorst 2018-07-27 08:32:53 UTC 
Description of problem:

The behaviour of 'oc patch' has changed with OCP 3.9. If a resource does not require patching, 'oc patch' now returns an exit code of 1 instead of 0. We've identified that this does appear to be an intentional change upstream [1]. However the change breaks existing automation of 'oc patch', e.g. its use in ansible or other scripts.

[1] https://github.com/kubernetes/kubernetes/commit/dfef8574cfc71f5b148f3f1d687b50660794b305#diff-def56c6f251836aa7686f7cdc30ce71d

It is of course possible to parse the output of 'oc patch', but the customer behind this bug report feels exiting with 0 would be the appropriate behaviour in this situation.

Also, the change does not appear to be documented in Openshift (or Kubernetes) release notes.

Version-Release number of selected component (if applicable):

oc v3.9.33
kubernetes v1.9.1+a0ce1bc657

How reproducible:

[user@host 39]$ oc create configmap testcm --from-literal=key1=value1
configmap "testcm" created

[user@host 39]$ ./oc version
oc v3.9.33
kubernetes v1.9.1+a0ce1bc657
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://host.example.com:443
openshift v3.9.27
kubernetes v1.9.1+a0ce1bc657

[user@host 39]$ ./oc patch cm testcm -p '{"data":{"key1":"value1"}}'
configmap "testcm" not patched

[user@host 39]$ echo $?
1

[user@host 39]$ cd ../37
[user@host 37]$ ./oc version
oc v3.7.52
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://host.example.com:443
openshift v3.9.27
kubernetes v1.9.1+a0ce1bc657

[user@host 37]$ ./oc patch cm testcm -p '{"data":{"key1":"value1"}}'
configmap "testcm" not patched

[user@host 37]$ echo $?
0

Actual results:

oc patch exits with code 1 in case resource doesn't need patching

Expected results:

oc patch exits with code 0 in case resource doesn't need patching
Comment 2 Xingxing Xia 2018-07-27 09:52:00 UTC 
The issue comes from the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1311786
Comment 3 Ger-Jan te Dorsthorst 2018-07-27 10:20:48 UTC 
It seems the patch code would need to differentiate between multiple conditions leading to a 'not patched' result [1].

1. nothing was patched because resource did not need patching -> exit code 0
2. nothing was patched because the patch wasn't valid, or because of some other error -> exit code 1

[1] https://access.redhat.com/solutions/3345621
Comment 4 Juan Vallejo 2018-07-27 20:05:32 UTC 
Upstream PR: https://github.com/kubernetes/kubernetes/pull/66725

This patch slightly alters the behavior of the "patch" command to reflect the following scenarios:

1. nothing was patched because the resource did not need patching -> "<object> not patched" and "exit code 0"
2. nothing was patched because the patch was invalid or due to an unexpected error -> "<object> not patched" and "exit code 1"
3. any other case -> "<object> patched" and "exit code 0"
Comment 5 Juan Vallejo 2018-07-27 20:09:15 UTC 
Origin PR: https://github.com/openshift/origin/pull/20456
Comment 6 Juan Vallejo 2018-08-01 17:39:11 UTC 
https://github.com/openshift/origin/pull/20456 has merged. Moving to MODIFIED
Comment 8 Xingxing Xia 2018-08-27 09:51:27 UTC 
Verified in v3.11.0-0.22.0, the result is same as comment 4
Comment 10 errata-xmlrpc 2018-10-11 07:22:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652