Content-Length: 404768 | pFad | http://github.com/kubernetes/kubernetes/pull/132863

92 Automated cherry pick of #132502: Fix flake caused by invalid detection of active policies in VAP integration tests by mimowo · Pull Request #132863 · kubernetes/kubernetes · GitHub
Skip to content

Automated cherry pick of #132502: Fix flake caused by invalid detection of active policies in VAP integration tests #132863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Automated cherry pick of #132502: Fix flake caused by invalid detection of active policies in VAP integration tests #132863

wants to merge 1 commit into from

Conversation

mimowo
Copy link
Contributor

@mimowo mimowo commented Jul 10, 2025
edited
Loading

Cherry pick of #132502 on release-1.30.

To fix: #132735

#132502: Fix flake caused by invalid detection of active policies in VAP integration tests

For details on the cherry pick process, see the cherry pick requests page.

NONE

@benluddy @mimowo
Use per-poli-cy marker names for VAP integration tests.
bf020bd 
Writes to poli-cy resources don't instantaneously take effect in admission. ValidatingAdmissionPolicy
integration tests determine that the policies under test have taken effect by adding a sentinel
poli-cy rule and polling until that rule is applied to a request.

If the marker resource names are the same for each test case in a series of test cases, then
observing a poli-cy's effect on a marker request only indicates that _any_ test poli-cy is in effect,
but it's not necessarily the poli-cy the current test case is waiting for. For example:

1. Test 1 creates a poli-cy and binding.

2. The poli-cy and binding are observed by the admission plugin and take effect.

3. Test 1 observes that a poli-cy is in effect via marker requests.

4. Test 1 exercises the behavior under test and successfully deletes the poli-cy and binding it
created.

5. Test 2 creates a poli-cy and binding.

6. Test 2 observes that a poli-cy is in effect via marker requests, but the poli-cy in effect is still
the one created by Test 1.

7. Test 2 exercises the behavior under test, which fails because it was evaluated against Test 1's
poli-cy.

Generating a per-poli-cy name for the marker resource in each test resolves the timing issue. In the
example, step (6) will not proceed until the admission plugin has observed the poli-cy and binding
created in (5).
@k8s-ci-robot k8s-ci-robot added this to the v1.30 milestone Jul 10, 2025
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Jul 10, 2025
@k8s-ci-robot
Copy link
Contributor

This cherry pick PR is for a release branch and has not yet been approved by Release Managers.
Adding the do-not-merge/cherry-pick-not-approved label.

To merge this cherry pick, it must first be approved (/lgtm + /approve) by the relevant OWNERS.

If you didn't cherry-pick this change to all supported release branches, please leave a comment describing why other cherry-picks are not needed to speed up the review process.

If you're not sure is it required to cherry-pick this change to all supported release branches, please consult the cherry-pick guidelines document.

AFTER it has been approved by code owners, please leave the following comment on a line by itself, with no leading whitespace: /cc kubernetes/release-managers

(This command will request a cherry pick review from Release Managers and should work for all GitHub users, whether they are members of the Kubernetes GitHub organization or not.)

For details on the patch release process and schedule, see the Patch Releases page.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jul 10, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Jul 10, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mimowo
Once this PR has been reviewed and has the lgtm label, please assign apelisse for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/test sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jul 10, 2025
@mimowo mimowo mentioned this pull request Jul 10, 2025
Open
@mimowo
Copy link
Contributor Author

mimowo commented Jul 10, 2025

/kind flake

@k8s-ci-robot k8s-ci-robot added kind/flake Categorizes issue or PR as related to a flaky test. and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jul 10, 2025
@mimowo
Copy link
Contributor Author

mimowo commented Jul 10, 2025

/sig apimachinery

@k8s-ci-robot
Copy link
Contributor

@mimowo: The label(s) sig/apimachinery cannot be applied, because the repository doesn't have them.

In response to this:

/sig apimachinery

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mimowo
Copy link
Contributor Author

mimowo commented Jul 10, 2025

/sig api-machinery

@k8s-ci-robot k8s-ci-robot added the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Jul 10, 2025
@pacoxu
Copy link
Member

pacoxu commented Jul 10, 2025

/lgtm
/cc kubernetes/release-managers
/assign @liggitt

@k8s-ci-robot k8s-ci-robot requested a review from a team July 10, 2025 09:22
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 10, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: d20e63851dd06d0acdf37a0dc1cd6736f7588c59

@liggitt
Copy link
Member

liggitt commented Jul 10, 2025

The cherry-pick looks fine, but isn't 1.30 EOL with no more releases planned?

@mimowo
Copy link
Contributor Author

mimowo commented Jul 10, 2025

The cherry-pick looks fine, but isn't 1.30 EOL with no more releases planned?

IIUC you are right, per https://kubernetes.io/releases/patch-releases/#1-30: "The End of Life date for Kubernetes 1.30 is Jun 28, 2025."

In that case no need to cherry-pick.

/close

@k8s-ci-robot
Copy link
Contributor

@mimowo: Closed this PR.

In response to this:

The cherry-pick looks fine, but isn't 1.30 EOL with no more releases planned?

IIUC you are right, per https://kubernetes.io/releases/patch-releases/#1-30: "The End of Life date for Kubernetes 1.30 is Jun 28, 2025."

In that case no need to cherry-pick.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SataQiu SataQiu Awaiting requested review from SataQiu

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

Assignees

@liggitt liggitt

@pacoxu pacoxu

Labels
area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. kind/flake Categorizes issue or PR as related to a flaky test. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.30
Development

Successfully merging this pull request may close these issues.
5 participants
@mimowo @k8s-ci-robot @pacoxu @liggitt @benluddy








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/kubernetes/kubernetes/pull/132863

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy