OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster #10737

Vincent056 · 2023-06-20T14:25:35Z

This PR makes open vSwitch rules only be checked with SDN and OVN network type

github-actions · 2023-06-20T14:27:14Z

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

jhrozek · 2023-07-06T10:24:11Z

/test help

openshift-ci · 2023-07-06T10:24:15Z

@jhrozek: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node
/test e2e-aws-ocp4-e8
/test e2e-aws-ocp4-high
/test e2e-aws-ocp4-high-node
/test e2e-aws-ocp4-moderate
/test e2e-aws-ocp4-moderate-node
/test e2e-aws-ocp4-pci-dss
/test e2e-aws-ocp4-pci-dss-node
/test e2e-aws-ocp4-stig
/test e2e-aws-ocp4-stig-node
/test e2e-aws-rhcos4-e8
/test e2e-aws-rhcos4-high
/test e2e-aws-rhcos4-moderate
/test e2e-aws-rhcos4-stig
/test images

Use /test all to run the following jobs that were automatically triggered:

pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jhrozek · 2023-07-06T10:24:53Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

jhrozek · 2023-07-06T11:46:51Z

@Vincent056 there seems to be an issue and the tests are not passing:

    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovs_conf_db rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-ovs-conf-db-lock - Status: NOT-APPLICABLE - Severity: medium
    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovs_conf_db_lock rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-ovs-pid - Status: NOT-APPLICABLE - Severity: medium
    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovs_pid rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-ovs-sys-id-conf - Status: NOT-APPLICABLE - Severity: medium
    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovs_sys_id_conf rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-ovs-vswitchd-pid - Status: NOT-APPLICABLE - Severity: medium
    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovs_vswitchd_pid rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-ovsdb-server-pid - Status: NOT-APPLICABLE - Severity: medium
    helpers.go:815: E2E-FAILURE: The expected result for the file_permissions_ovsdb_server_pid rule didn't match. Expected 'PASS', Got 'NOT-APPLICABLE'
    helpers.go:808: Result - Name: e2e-cis-node-master-file-permissions-scheduler - Status: PASS - Severity: medium
    helpers.go:881: Rule file_permissions_scheduler matched expected result

jan-cerny · 2023-08-29T12:34:50Z

@Vincent056 What are your plans?
@yuumasato Do you want to take this one?

Vincent056 · 2023-09-05T19:39:22Z

file_permissions_ovs_vswitchd_pid

sorry for the delay, I will clean it up and update this PR

jan-cerny · 2023-10-10T12:48:15Z

I'm closing this PR because of no activity for more than 30 days. If you still plan to work on this, feel free to reopen it.

mrobson · 2023-10-27T17:53:31Z

/reopen

rhmdnd · 2023-11-16T22:54:34Z

I'm taking a look at this tomorrow and reopening to get a fresh test run.

rhmdnd · 2023-11-17T14:35:38Z

Making the following changes should get tests in better shape:

diff --git a/applications/openshift/master/file_permissions_ovs_conf_db/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovs_conf_db/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovs_conf_db/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovs_conf_db/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE
diff --git a/applications/openshift/master/file_permissions_ovs_conf_db_lock/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovs_conf_db_lock/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovs_conf_db_lock/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovs_conf_db_lock/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE
diff --git a/applications/openshift/master/file_permissions_ovs_pid/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovs_pid/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovs_pid/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovs_pid/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE
diff --git a/applications/openshift/master/file_permissions_ovs_sys_id_conf/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovs_sys_id_conf/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovs_sys_id_conf/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovs_sys_id_conf/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE
diff --git a/applications/openshift/master/file_permissions_ovs_vswitchd_pid/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovs_vswitchd_pid/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovs_vswitchd_pid/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovs_vswitchd_pid/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE
diff --git a/applications/openshift/master/file_permissions_ovsdb_server_pid/tests/ocp4/e2e.yml b/applications/openshift/master/file_permissions_ovsdb_server_pid/tests/ocp4/e2e.yml
index b49fd368b9..8878bb5724 100644
--- a/applications/openshift/master/file_permissions_ovsdb_server_pid/tests/ocp4/e2e.yml
+++ b/applications/openshift/master/file_permissions_ovsdb_server_pid/tests/ocp4/e2e.yml
@@ -1,2 +1,2 @@
 ---
-default_result: PASS
+default_result: NOT-APPLICABLE

rhmdnd · 2023-11-17T22:46:54Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

This PR make open vSwitch rules only be check with SDN and OVN network type

Default CI clusters don't have OVS configured, so we're excluding those rules. This commit updates the expected e2e outcomes for those rules so they're consistent with what the rule actually does.

Vincent056 · 2023-11-20T06:34:32Z

rebased the branch

Vincent056 · 2023-11-20T06:34:35Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

rhmdnd · 2023-11-20T14:24:06Z

The test failures are unrelated to this patch - ComplianceAsCode/compliance-operator#477

Working on a separate fix in the compliance operator to get things working again.

rhmdnd · 2023-11-21T17:03:49Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

Vincent056 · 2023-11-28T20:37:18Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

Vincent056 · 2023-12-01T06:21:09Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

Default CI clusters don't have OVS configured, so we're excluding those rules. This commit updates the expected e2e outcomes for those rules so they're consistent with what the rule actually does.

Vincent056 · 2023-12-01T18:18:32Z

/test e2e-aws-ocp4-cis
/test e2e-aws-ocp4-cis-node

codeclimate · 2023-12-01T18:31:28Z

Code Climate has analyzed commit 570be68 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5%.

View more on Code Climate.

rhmdnd

/lgtm

Mab879 added this to the 0.1.69 milestone Jun 20, 2023

Mab879 added the OpenShift OpenShift product related. label Jun 20, 2023

marcusburghardt requested review from jhrozek and rhmdnd June 22, 2023 05:09

vojtapolasek modified the milestones: 0.1.69, 0.1.70 Jul 18, 2023

marcusburghardt requested a review from yuumasato July 25, 2023 10:08

Mab879 modified the milestones: 0.1.70, 0.1.71 Oct 2, 2023

jan-cerny closed this Oct 10, 2023

rhmdnd reopened this Nov 16, 2023

Vincent056 and others added 2 commits November 19, 2023 22:30

OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster

0c828db

This PR make open vSwitch rules only be check with SDN and OVN network type

Update e2e results for OVS-related checks

5b04c13

Default CI clusters don't have OVS configured, so we're excluding those rules. This commit updates the expected e2e outcomes for those rules so they're consistent with what the rule actually does.

Vincent056 force-pushed the ovs branch from 1a1e47b to 5b04c13 Compare November 20, 2023 06:33

vojtapolasek modified the milestones: 0.1.71, 0.1.72 Nov 28, 2023

Amend: Update e2e results for OVS-related checks

570be68

Default CI clusters don't have OVS configured, so we're excluding those rules. This commit updates the expected e2e outcomes for those rules so they're consistent with what the rule actually does.

rhmdnd approved these changes Dec 1, 2023

View reviewed changes

rhmdnd merged commit ec1aac1 into ComplianceAsCode:master Dec 1, 2023
40 checks passed

Vincent056 mentioned this pull request Dec 13, 2023

OCP4: Revert OVS rules #11381

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster #10737

OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster #10737

Vincent056 commented Jun 20, 2023

github-actions bot commented Jun 20, 2023

jhrozek commented Jul 6, 2023

openshift-ci bot commented Jul 6, 2023

jhrozek commented Jul 6, 2023

jhrozek commented Jul 6, 2023

jan-cerny commented Aug 29, 2023

Vincent056 commented Sep 5, 2023

jan-cerny commented Oct 10, 2023

mrobson commented Oct 27, 2023

rhmdnd commented Nov 16, 2023

rhmdnd commented Nov 17, 2023

rhmdnd commented Nov 17, 2023

Vincent056 commented Nov 20, 2023

Vincent056 commented Nov 20, 2023

rhmdnd commented Nov 20, 2023

rhmdnd commented Nov 21, 2023

Vincent056 commented Nov 28, 2023

Vincent056 commented Dec 1, 2023

Vincent056 commented Dec 1, 2023

codeclimate bot commented Dec 1, 2023

rhmdnd left a comment

OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster #10737

OCPBUGS-11932: Disable checks for Open vSwitch on NSX cluster #10737

Conversation

Vincent056 commented Jun 20, 2023

github-actions bot commented Jun 20, 2023

jhrozek commented Jul 6, 2023

openshift-ci bot commented Jul 6, 2023

jhrozek commented Jul 6, 2023

jhrozek commented Jul 6, 2023

jan-cerny commented Aug 29, 2023

Vincent056 commented Sep 5, 2023

jan-cerny commented Oct 10, 2023

mrobson commented Oct 27, 2023

rhmdnd commented Nov 16, 2023

rhmdnd commented Nov 17, 2023

rhmdnd commented Nov 17, 2023

Vincent056 commented Nov 20, 2023

Vincent056 commented Nov 20, 2023

rhmdnd commented Nov 20, 2023

rhmdnd commented Nov 21, 2023

Vincent056 commented Nov 28, 2023

Vincent056 commented Dec 1, 2023

Vincent056 commented Dec 1, 2023

codeclimate bot commented Dec 1, 2023

rhmdnd left a comment

Choose a reason for hiding this comment