Bug 2042906 - Edit machineset with same machine deletion hook name succeed
Summary: Edit machineset with same machine deletion hook name succeed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.10
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.10.0
Assignee: Joel Speed
QA Contact: Huali Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-20 10:44 UTC by Huali Liu
Modified: 2022-03-10 16:41 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-10 16:40:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-api-operator pull 979 0 None open Bug 2042366: Update openshift/api to include list-map fixes for lifecycle hooks 2022-01-20 10:56:04 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:41:09 UTC

Description Huali Liu 2022-01-20 10:44:57 UTC 
Description of problem:
Edit machineset with same machine deletion hook name succeed, but should failed and give error message directly, though when reconciling(scale machineset replica to 0, then scale machineset replica to 1) it print error info in machineset-controller log. 
I0120 10:32:13.376166       1 controller.go:277] Too few replicas for machine.openshift.io/v1beta1, Kind=MachineSet openshift-machine-api/huliu-043-kfqpx-worker-northcentralus, need 1, creating 1
I0120 10:32:13.382536       1 machine_webhook.go:522] Validate webhook called for Machine: huliu-043-kfqpx-worker-northcentralus-5jpc9
E0120 10:32:13.383496       1 controller.go:169] Failed to reconcile MachineSet "openshift-machine-api/huliu-043-kfqpx-worker-northcentralus": failed to sync machines: admission webhook "validation.machine.machine.openshift.io" denied the request: spec.lifecycleHooks.preDrain[1].name: Forbidden: hook names must be unique within a lifecycle stage, the following hook name is already set: drain1

Other negative cases all failed and give error message directly.


Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2022-01-17-223655

How reproducible:
Always

Steps to Reproduce:
1.Edit a machineset with same machine deletion hook name, for example
      lifecycleHooks:
        preDrain:
        - name: drain1
          owner: drain-controller1
        - name: drain1
          owner: drain-controller2

liuhuali@Lius-MacBook-Pro huali-test % oc edit machineset huliu-043-kfqpx-worker-northcentralus
machineset.machine.openshift.io/huliu-043-kfqpx-worker-northcentralus edited

liuhuali@Lius-MacBook-Pro huali-test % oc get machineset huliu-043-kfqpx-worker-northcentralus -o yaml
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
  annotations:
    machine.openshift.io/GPU: "0"
    machine.openshift.io/memoryMb: "16384"
    machine.openshift.io/vCPU: "4"
  creationTimestamp: "2022-01-20T07:00:19Z"
  generation: 4
  labels:
    machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx
    machine.openshift.io/cluster-api-machine-role: worker
    machine.openshift.io/cluster-api-machine-type: worker
  name: huliu-043-kfqpx-worker-northcentralus
  namespace: openshift-machine-api
  resourceVersion: "64894"
  uid: d34247af-4459-413c-9248-fd95bbe842a6
spec:
  replicas: 3
  selector:
    matchLabels:
      machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx
      machine.openshift.io/cluster-api-machineset: huliu-043-kfqpx-worker-northcentralus
  template:
    metadata:
      labels:
        machine.openshift.io/cluster-api-cluster: huliu-043-kfqpx
        machine.openshift.io/cluster-api-machine-role: worker
        machine.openshift.io/cluster-api-machine-type: worker
        machine.openshift.io/cluster-api-machineset: huliu-043-kfqpx-worker-northcentralus
    spec:
      lifecycleHooks:
        preDrain:
        - name: drain1
          owner: drain-controller1
        - name: drain1
          owner: drain-controller2
      metadata: {}
      providerSpec:
        value:
          apiVersion: machine.openshift.io/v1beta1
          credentialsSecret:
            name: azure-cloud-credentials
            namespace: openshift-machine-api
          image:
            offer: ""
            publisher: ""
            resourceID: /resourceGroups/huliu-043-kfqpx-rg/providers/Microsoft.Compute/images/huliu-043-kfqpx
            sku: ""
            version: ""
          kind: AzureMachineProviderSpec
          location: northcentralus
          managedIdentity: huliu-043-kfqpx-identity
          metadata:
            creationTimestamp: null
          networkResourceGroup: huliu-043-kfqpx-rg
          osDisk:
            diskSizeGB: 128
            managedDisk:
              storageAccountType: Premium_LRS
            osType: Linux
          publicIP: false
          publicLoadBalancer: huliu-043-kfqpx
          resourceGroup: huliu-043-kfqpx-rg
          subnet: huliu-043-kfqpx-worker-subnet
          userDataSecret:
            name: worker-user-data
          vmSize: Standard_D4s_v3
          vnet: huliu-043-kfqpx-vnet
          zone: ""
status:
  availableReplicas: 3
  fullyLabeledReplicas: 3
  observedGeneration: 4
  readyReplicas: 3
  replicas: 3
liuhuali@Lius-MacBook-Pro huali-test % 


Actual results:
Machineset edit successfully

Expected results:
Machineset edit failed and give error message

Additional info:
https://issues.redhat.com/browse/OCPCLOUD-1348

Tried with other negative cases all failed and give error message directly
Case 1 edit machine with empty name
# machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" was not valid:
# * spec.lifecycleHooks.preDrain.name: Required value

Case 2 edit machine with empty owner
# machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" was not valid:
# * spec.lifecycleHooks.preDrain.owner: Required value

Case 3 edit machine with same name
liuhuali@Lius-MacBook-Pro huali-test % oc edit machine huliu-043-kfqpx-worker-northcentralus-4v8fs
error: machines.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus-4v8fs" could not be patched: admission webhook "validation.machine.machine.openshift.io" denied the request: spec.lifecycleHooks.preDrain[1].name: Forbidden: hook names must be unique within a lifecycle stage, the following hook name is already set: drain1
You can run `oc replace -f /var/folders/yc/y9zy01jn3f51r9knbpsm_55r0000gn/T/oc-edit-434914432.yaml` to try this update again.

Case 4 edit machineset with empty name
# machinesets.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus" was not valid:
# * spec.template.spec.lifecycleHooks.preDrain.name: Required value

Case 5 edit machineset with empty owner
# machinesets.machine.openshift.io "huliu-043-kfqpx-worker-northcentralus" was not valid:
# * spec.template.spec.lifecycleHooks.preDrain.owner: Required value
Comment 1 Joel Speed 2022-01-20 10:56:04 UTC 
We are already adding openapi validation for the duplicate names so this should be fixed by the PR I've attached
Comment 2 Joel Speed 2022-01-21 10:09:57 UTC 
The PR merged and is in the latest nightly
Comment 3 Huali Liu 2022-01-24 08:07:15 UTC 
Verified on 4.10.0-0.nightly-2022-01-21-074618, Edit machineset with same machine deletion hook name failed and give error message directly now.

Steps:
1.Edit a machineset with same machine deletion hook name, for example
      lifecycleHooks:
        preDrain:
        - name: drain1
          owner: drain-controller1
        - name: drain1
          owner: drain-controller2
liuhuali@Lius-MacBook-Pro huali-test % oc edit machineset huliu-045-nvsdk-invalid

2.save failed and get error message directly
# machinesets.machine.openshift.io "huliu-045-nvsdk-invalid" was not valid:
# * spec.template.spec.lifecycleHooks.preDrain[1]: Duplicate value: map[string]interface {}{"name":"drain1"}
Comment 6 errata-xmlrpc 2022-03-10 16:40:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Note You need to log in before you can comment on or make changes to this bug.