OCPBUGS-86832: Bump to etcd v3.5.31 in openshift 4.19#381
Conversation
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[release-3.5] Bump go version to 1.24.12
We also revoke the deprecation of the Metadata field, Users can store whatever information related to each endpoint. We just don't need to pass the value to grpc-go's Metadata. Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
Signed-off-by: Nont <nont@duck.com>
[release-3.5] Bump go version to 1.24.13
Signed-off-by: Ivan Valdes <iv@a.ki>
Reference: - etcd-io#21337 Signed-off-by: Chun-Hung Tseng <henrytseng@google.com>
…-3.5/go.opentelemetry.io/otel/sdk [Release-3.5] Bump go.opentelemetry.io/otel/sdk to v1.40.0 to resolve https://pkg.go.dev/vuln/GO-2026-4394
Move server metrics unary/stream interceptors ahead of request interceptors so metrics are collected before handler-specific interception logic runs. Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[release-3.5] server/etcdserver/api/v3rpc: run metrics interceptors before handlers
This differs slightly from the original patch. * In cluster_proxy runs, use the embedded etcd member endpoint (Config().Acurl) instead of proxy endpoints for grpc-proxy --endpoints. * Keep TLS version coverage and health-check flow unchanged. * Use SpawnCmd because SpawnWithExpectsContext is not available * Use --max-time for curl to avoid stuck * `started gRPC proxy` is the signal that the server is ready (cherry picked from commit 5037a98) Signed-off-by: Wei Fu <fuweid89@gmail.com>
[release-3.5] server/etcdmain: fix deadlock issue in grpcproxy
…erceptor Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[release-3.5] Print the endpoint the grpc request was actually sent to in unary int…
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
…e-3.5-2 [release-3.5] Fix race berween read index and leader change causing a stale read
Signed-off-by: A.D <1695316070@qq.com>
Signed-off-by: A.D <1695316070@qq.com>
Signed-off-by: A.D <1695316070@qq.com>
In release-3.5, argify is defined as an unexported (lowercase) function. Therefore, the unit test should call argify instead of Argify. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: A.D <1695316070@qq.com>
Signed-off-by: Mark Tsai <111229657+shuan1026@users.noreply.github.com>
…t-21307-to-release-3.5 [release-3.5] etcdctl: fix slice bounds trimming single-quoted args
[release-3.5] bump Go to 1.25.7
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
…se-3.5 [release-3.5] Don't reuse same ReadIndex
This commit will bump golang.org/x/net to v0.51.0 to resolve GO-2026-4559 Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
…-3.5 [3.5] Bump golang.org/x/net@ v0.51.0 fixes GO-2026-4559
Signed-off-by: Ivan Valdes <ivan@vald.es>
[release-3.5] Bump Go to 1.25.8
[release-3.5] Fix the issue that cannot add a new member when one member is down, even if quorum is still satisfied
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[release-3.5] Get all Put related auth check into a separate function 'checkPutAuth'
…rbac check issue Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
…XN bypass RBAC check Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
…ck issue Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[release-3.5] Fix read access via PrevKv or lease attachment in a Put request in etcd transactions bypass RBAC authorization checks
Signed-off-by: Ivan Valdes <iv@a.ki>
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
….25.10 [release-3.5] Bump Go to 1.25.10 and fix govulncheck
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
…mberupdate-learner [release-3.5] bugfix: MemberUpdate implicitly and unexpectedly promotes a learner
… of panic when given non-existent paths Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
…nvalid-datadir [release-3.5] etcdutl: validate data file path instead of panic
- replace user.Current().Name == "root" with os.Getuid() == 0. - drop os/user import and user.Current() error path. - backport of etcd-io#21788 - address: etcd-io#21787 Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
…elease-3.5 [release-3.5] client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
…vulncheck govulncheck on release-3.5 is currently failing with 17 vulnerabilities in golang.org/x/crypto@v0.50.0 (GO-2026-5013..5033 plus older), all listed as fixed in v0.52.0: https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/etcd-io_etcd/21815/pull-etcd-govulncheck/2059609075888427008 Bumping x/crypto to v0.52.0 transitively pulls x/net v0.55.0, which in turn resolves GO-2026-5026 (idna.ToASCII Punycode-handling) reachable from server/proxy/httpproxy. Both fixes are required for a clean govulncheck pass. Changes: - golang.org/x/crypto v0.50.0 -> v0.52.0 - golang.org/x/net v0.53.0 -> v0.55.0 - golang.org/x/sys v0.43.0 -> v0.45.0 (transitive) - golang.org/x/text v0.36.0 -> v0.37.0 (transitive) Plus minor tools/mod transitive bumps (x/mod, x/tools) picked up by go mod tidy. Followed the documented dependency_management.md workflow: - ./scripts/update_dep.sh golang.org/x/crypto v0.52.0 - ./scripts/update_dep.sh golang.org/x/net v0.55.0 - go get on indirect-only modules (api, client/v3, pkg, client/pkg, tools/mod) to keep versions consistent across all modules - make fix - PASSES="dep" ./test.sh -> "SUCCESS: dependencies are consistent across modules" Verified locally: - go build ./... clean in all 9 modules touched - govulncheck -mode source ./... reports "No vulnerabilities found" in all 5 modules that had the affected deps - go test ./auth/... (server) passes Signed-off-by: Ian Chechin <ian00chechin@gmail.com>
[release-3.5] bump golang.org/x/crypto and golang.org/x/net to fix govulncheck
Signed-off-by: Ivan Valdes <iv@a.ki>
openshift-ci-robot
added
jira/valid-reference
|
@JSampsonIV: This pull request references Jira Issue OCPBUGS-86832, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: JSampsonIV The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@JSampsonIV: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
15 participants
Bump from etcd v3.5.26 to v3.5.31