Description of problem: Edit machineset with same machine deletion hook name succeed, but should failed and give error message directly, though when reconciling(scale machineset replica to 0, then scale machineset replica to 1) it print error info in machineset-controller log. I0120 10:32:13.376166 1 controller.go:277] Too few replicas for machine.openshift.io/v1beta1, Kind=MachineSet openshift-machine-api/huliu-043-kfqpx-worker-northcentralus, need 1, creating 1 I0120 10:32:13.382536 1 machine_webhook.go:522] Validate webhook called for Machine: huliu-043-kfqpx-worker-northcentralus-5jpc9 E0120 10:32:13.383496 1 controller.go:169] Failed to reconcile MachineSet "openshift-machine-api/huliu-043-kfqpx-worker-northcentralus": failed to sync machines: admission webhook "validation.machine.machine.openshift.io" denied the request: spec.lifecycleHooks.preDrain[1].name: Forbidden: hook names must be unique within a lifecycle stage, the following hook name is already set: drain1 Other negative cases all failed and give error message directly. Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2022-01-17-223655 How reproducible: Always Steps to Reproduce: 1.Edit a machineset with same machine deletion hook name, for example lifecycleHooks: preDrain: - name: drain1 owner: drain-controller1 - name: drain1 owner: drain-controller2 liuhuali@Lius-MacBook-Pro huali-test % oc edit machineset huliu-043-kfqpx-worker-northcentralus machineset.machine.openshift.io/huliu-043-kfqpx-worker-northcentralus edited liuhuali@Lius-MacBook-Pro huali-test % oc get machineset huliu-043-kfqpx-worker-northcentralus -o yaml apiVersion: machine.openshift.io/v1beta1 kind: MachineSet metadata: annotations: machine.openshift.io/GPU: "0" machine.openshift.io/memoryMb: "16384" machine.openshift.io/vCPU: "4" creationTimestamp: "2022-01-20T07:00:19Z" generation: 4 labels: machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx machine.openshift.io/cluster-api-machine-role: worker machine.openshift.io/cluster-api-machine-type: worker name: huliu-043-kfqpx-worker-northcentralus namespace: openshift-machine-api resourceVersion: "64894" uid: d34247af-4459-413c-9248-fd95bbe842a6 spec: replicas: 3 selector: matchLabels: machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx machine.openshift.io/cluster-api-machineset: huliu-043-kfqpx-worker-northcentralus template: metadata: labels: machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx machine.openshift.io/cluster-api-machine-role: worker machine.openshift.io/cluster-api-machine-type: worker machine.openshift.io/cluster-api-machineset: huliu-043-kfqpx-worker-northcentralus spec: lifecycleHooks: preDrain: - name: drain1 owner: drain-controller1 - name: drain1 owner: drain-controller2 metadata: {} providerSpec: value: apiVersion: machine.openshift.io/v1beta1 credentialsSecret: name: azure-cloud-credentials namespace: openshift-machine-api image: offer: "" publisher: "" resourceID: /resourceGroups/huliu-043-kfqpx-rg/providers/Microsoft.Compute/images/huliu-043-kfqpx sku: "" version: "" kind: AzureMachineProviderSpec location: northcentralus managedIdentity: huliu-043-kfqpx-identity metadata: creationTimestamp: null networkResourceGroup: huliu-043-kfqpx-rg osDisk: diskSizeGB: 128 managedDisk: storageAccountType: Premium_LRS osType: Linux publicIP: false publicLoadBalancer: huliu-043-kfqpx resourceGroup: huliu-043-kfqpx-rg subnet: huliu-043-kfqpx-worker-subnet userDataSecret: name: worker-user-data vmSize: Standard_D4s_v3 vnet: huliu-043-kfqpx-vnet zone: "" status: availableReplicas: 3 fullyLabeledReplicas: 3 observedGeneration: 4 readyReplicas: 3 replicas: 3 liuhuali@Lius-MacBook-Pro huali-test % Actual results: Machineset edit successfully Expected results: Machineset edit failed and give error message Additional info: https://issues.redhat.com/browse/OCPCLOUD-1348 Tried with other negative cases all failed and give error message directly Case 1 edit machine with empty name # machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" was not valid: # * spec.lifecycleHooks.preDrain.name: Required value Case 2 edit machine with empty owner # machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" was not valid: # * spec.lifecycleHooks.preDrain.owner: Required value Case 3 edit machine with same name liuhuali@Lius-MacBook-Pro huali-test % oc edit machine huliu-043-kfqpx-worker-northcentralus-4v8fs error: machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" could not be patched: admission webhook "validation.machine.machine.openshift.io" denied the request: spec.lifecycleHooks.preDrain[1].name: Forbidden: hook names must be unique within a lifecycle stage, the following hook name is already set: drain1 You can run `oc replace -f /var/folders/yc/y9zy01jn3f51r9knbpsm_55r0000gn/T/oc-edit-434914432.yaml` to try this update again. Case 4 edit machineset with empty name # machinesets.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus" was not valid: # * spec.template.spec.lifecycleHooks.preDrain.name: Required value Case 5 edit machineset with empty owner # machinesets.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus" was not valid: # * spec.template.spec.lifecycleHooks.preDrain.owner: Required value
We are already adding openapi validation for the duplicate names so this should be fixed by the PR I've attached
The PR merged and is in the latest nightly
Verified on 4.10.0-0.nightly-2022-01-21-074618, Edit machineset with same machine deletion hook name failed and give error message directly now. Steps: 1.Edit a machineset with same machine deletion hook name, for example lifecycleHooks: preDrain: - name: drain1 owner: drain-controller1 - name: drain1 owner: drain-controller2 liuhuali@Lius-MacBook-Pro huali-test % oc edit machineset huliu-045-nvsdk-invalid 2.save failed and get error message directly # machinesets.machine.openshift.io "huliu-045-nvsdk-invalid" was not valid: # * spec.template.spec.lifecycleHooks.preDrain[1]: Duplicate value: map[string]interface {}{"name":"drain1"}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056