Skip to content

OCPBUGS-82497: 4.22 rebase 4.6.10#370

Open
dusk125 wants to merge 101 commits intoopenshift:openshift-4.22from
dusk125:4.22-rebase-4.6.10
Open

OCPBUGS-82497: 4.22 rebase 4.6.10#370
dusk125 wants to merge 101 commits intoopenshift:openshift-4.22from
dusk125:4.22-rebase-4.6.10

Conversation

@dusk125
Copy link
Copy Markdown

@dusk125 dusk125 commented Apr 9, 2026
edited
Loading

Go 1.25 reverts and conflict resolution handled by Claude

serathius and others added 30 commits September 23, 2025 17:47
@serathius
Reject watch request with -1 revision and make rangeEvents safe again…
3bb4470 
…st negative revision

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#20707 from k8s-infra-cherrypick-robot/cher…
4790130 
…ry-pick-20693-to-release-3.6

[release-3.6] Reject watch request with -1 revision to prevent invalid resync behavior on uncompacted etcd and make rangeEvents safe against negative revision.
@tchap
server/embed: Log EOF on DEBUG in TLS handshake
ee85ed3 
When EOF is encountered during TLS handshake, it is still logged as a
warning. This seems excessive and not really useful.

This patch ensures EOF is logged on debug only.

Signed-off-by: Ondra Kupka <okupka@redhat.com>
@ahrtr
Merge pull request etcd-io#20749 from k8s-infra-cherrypick-robot/cher…
3bbdd68 
…ry-pick-20568-to-release-3.6

[release-3.6] server/embed: Log EOF on DEBUG in TLS handshake
@ahrtr
Fix endpoint status not retuning the correct storage quota
4973fd4 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#20790 from ahrtr/20251012_quota_3.6
4dfe6c1
@hwdef
Bump go to 1.24.9
1e02301 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20801 from hwdef/release-36-bump-go1249
9d7222c 
[release-3.6] Bump go to 1.24.9
@xUser5000
test: add promote with auth e2e tests
e88e142 
Adds two test cases for the member promote operation when auth is
enabled. In the first case, the member promote request is submitted to
the leader, and in the second case it's submitted to the follower. The
leader case succeeds. In the other case, the follower forwards the
promote request to the leader. But, the forwarded request fails due to
a bug. The logs on the leader include this message:

```
failed to promote a member
```

as well as the error:

```
auth: user name is empty
```

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: fix cannot promote with auth from follower
5377bb9 
When auth is enabled, sending a promotion request to a follower node was failing because
the auth token was not being propagated when the follower forwards the request to the leader.

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: follow convention to extract auth token in cluster_util.go
76ee0bc 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
tests: use WaitLeader() in memberPromoteWithAuth()
db6be4c 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@ahrtr
Merge pull request etcd-io#20874 from k8s-infra-cherrypick-robot/cher…
52b2948 
…ry-pick-20792-to-release-3.6

[release-3.6] etcdserver: Fix: cannot promote member from follower when auth is enabled
@ahrtr
Add an e2e test cases to reproduce the '--force-new-cluster' can't re…
7d3fc02 
…move learner issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the '--force-new-cluster' can't clean up learners issue
523100b 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20896 from k8s-infra-cherrypick-robot/cher…
d1a3bee 
…ry-pick-20894-to-release-3.6

[release-3.6] Fix the issue that `--force-new-cluster` can't clean up learner after creating v2 snapshot
@ronaldngounou
Bump from go1.24.9 to go1.24.10
2c0db32 
Signed-off-by: ronaldngounou <ronald.ngounou@yahoo.com>
@ahrtr
Merge pull request etcd-io#20901 from ronaldngounou/release36-bump-go…
88b9794 
…12410

[release-3.6] Bump from go1.24.9 to go1.24.10
@mingl1
v3rpc: add and use getServerMetrics() with global metricsServerCached
145d927 
Signed-off-by: mingl1 <minglin.me@gmail.com>
@ahrtr
Merge pull request etcd-io#20905 from k8s-infra-cherrypick-robot/cher…
0745315 
…ry-pick-20887-to-release-3.6

[release-3.6] fix duplicate metrics collector registration attempted
@ivanvc
version: bump up to 3.6.6
d2809cf 
Signed-off-by: Ivan Valdes <iv@a.ki>
@ahrtr
Print token fingerprint instead of the original tokens in log messages
554dc70 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20941 from ahrtr/20251117_tokens_3.6
f185ce6 
[release-3.6] Print token fingerprint instead of the original tokens in log messages
@hwdef
Bump go to 1.24.11
97141e1 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20998 from hwdef/release36-bump-go-12411
dbaf5cf 
[release-3.6] Bump go to 1.24.11
@ivanvc
dependency: Bump golang.org/x/net from 0.38.0 to 0.45.0
61af088 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ahrtr
Merge pull request etcd-io#21024 from ivanvc/release-3.6-x-net-0.45.0
6bfd01c 
[release-3.6] dependency: Bump golang.org/x/crypto from 0.36.0 to 0.45.0
@joshjms
version: bump up to 3.6.7
e838ef1 
Signed-off-by: joshjms <joshjms1607@gmail.com>
@ivanvc
dependency: Bump golang.org/x/crypto from 0.42.0 to 0.45.0
f767aa2 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ivanvc
tools: explicitly require golang.org/x/tools/cmd/goimports
81c32a4 
Running genproto fails with:

% (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
stderr: /home/prow/go/pkg/mod/golang.org/x/tools@v0.38.0/cmd/goimports/goimports.go:23:2: missing go.sum entry for module providing package golang.org/x/telemetry/counter (imported by golang.org/x/tools/cmd/goimports); to add:
stderr: go get golang.org/x/tools/cmd/goimports@v0.38.0
FAIL: (code:1):
  % (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
Failed to install tool 'golang.org/x/tools/cmd/goimports'

Signed-off-by: Ivan Valdes <ivan@vald.es>
ahrtr and others added 12 commits March 20, 2026 09:56
@ahrtr
Merge pull request etcd-io#21501 from ivanvc/release-3.6-grpc-go-1.79.3
d2fd011 
[release-3.6] Bump google.golang.org/grpc from v1.75.0 to 1.79.3
@ivanvc
version: bump up to 3.6.9
85651fa 
Signed-off-by: Ivan Valdes <iv@a.ki>
@ahrtr
Fix etcdctl endpoint command with option --cluster when auth is enabled
e0f7af4 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Bump golang.org/x/image to v0.38.0 to resolve GO-2026-4815
f2173cd 
Ideally we should bump gonum.org/v1/plot. But it hasn't bump
to golang.org/x/image@v0.38.0 yet

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21531 from ahrtr/20260327_dep
e841e10 
[release-3.6] Bump golang.org/x/image to v0.38.0 to resolve GO-2026-4815
@ahrtr
Merge pull request etcd-io#21530 from k8s-infra-cherrypick-robot/cher…
8a1830c 
…ry-pick-21528-to-release-3.6

[release-3.6] Fix etcdctl endpoint command with option --cluster when auth is enabled
@fuweid
etcdserver: allow non-admin to fetch member list and alarms
c99cf0c 
In some environments, etcd members do not have stable hostnames or IP
addresses. During maintenance, all etcd nodes may be replaced, resulting in
new hostnames and IPs for every member. In that case, clients such as Patroni
can lose access to the cluster entirely if they are not allowed to refresh the
member list.

Allow non-admin users to fetch the member list so they can rediscover updated
member endpoints after such topology changes.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
(cherry picked from commit a2987fd)
Signed-off-by: Wei Fu <fuweid89@gmail.com>
@ahrtr
Merge pull request etcd-io#21549 from etcd-io/cherry-pick-36/allow-no…
83bb20d 
…n-admin-user-to-list-members

[release-3.6] etcdserver: allow non-admin to fetch member list and alarms
@ivanvc
version: bump up to 3.6.10
db8d13a 
Signed-off-by: Ivan Valdes <iv@a.ki>
@dusk125
Merge branch 'openshift-4.22' into HEAD
0650cff
@dusk125
UPSTREAM: <drop>: manually resolve conflicts
380955c
@dusk125
UPSTREAM: <drop>: go mod tidy
212cabd
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 9, 2026
edited
Loading

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)
  • do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e8beedc4-dc3a-470a-9018-4e3b9f54d12f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci bot requested review from Elbehery and tjungblu April 9, 2026 18:53
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 9, 2026
@dusk125 dusk125 changed the title 4.22 rebase 4.6.10 OCPBUGS-82497: 4.22 rebase 4.6.10 Apr 9, 2026
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 9, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Apr 9, 2026

@dusk125: This pull request references Jira Issue OCPBUGS-82497, which is invalid:

  • expected Jira Issue OCPBUGS-82497 to depend on a bug targeting a version in 4.23.0 and in one of the following states: MODIFIED, ON_QA, VERIFIED, but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

dusk125 added 4 commits April 9, 2026 15:55
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21531 from ahrtr…
9e332de 
…/20260327_dep"

This reverts commit e841e10, made with merge commit strategy.
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21463 from ivanv…
224e9a8 
…c/release-3.6-go-1.25.8"

This reverts commit a402fbe, made with merge commit strategy.
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21440 from ArkaS…
a598662 
…aha30/fix-cve-GO-2026-4559-3.6"

This reverts commit 3dd99be, made with merge commit strategy.
@dusk125
UPSTREAM: <drop>: Revert "Merge pull request etcd-io#21393 from shuan…
e966f22 
…1026/bump-3.6-to-gov1.25.7"

This reverts commit 7116d86, made with merge commit strategy.
@tjungblu
Copy link
Copy Markdown

tjungblu commented Apr 10, 2026

/lgtm
/label backport-risk-assessed

/retest-required

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Apr 10, 2026
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 10, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 10, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dusk125, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 10, 2026

@dusk125: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit e966f22 link true /test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Elbehery Elbehery Awaiting requested review from Elbehery

@tjungblu tjungblu Awaiting requested review from tjungblu

Assignees

@tjungblu tjungblu

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.