OCPBUGS-65926: UPSTREAM: <carry>: backporting fix for concurrent map iteration and write#75
Conversation
…d write Improve audit context handling by encapsulating event data and operations behind a structured API. Make the Audit system more robust in concurrent environments by properly isolating mutable state. The cleaner API simplifies interaction with audit events, improving maintainability. Encapsulation reduces bugs by preventing direct manipulation of audit events. Signed-off-by: Davanum Srinivas <davanum@gmail.com> Co-Authored-By: Jordan Liggitt <liggitt@google.com> Co-Authored-By: sxllwx <scottwangsxll@gmail.com> Kubernetes-commit: 75afa1e0acfb309d984be14937a06f796f220cd6
Signed-off-by: Davanum Srinivas <davanum@gmail.com> Co-Authored-By: Jordan Liggitt <liggitt@google.com> Set event level during context init Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 960a4939f2502f2a8f2b923203e9075354e4bdc0
… going to use it Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: e418ee3a92ca6c670d26f775b0f669e8a5fe233c
… going to use it Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 153233c677d62c0254d54c1e7013645a081ac03d
openshift-ci-robot
added
jira/severity-critical
|
@ingvagabund: This pull request references Jira Issue OCPBUGS-65926, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
openshift/openshift-apiserver#580 as evidence the backported commits pass the CI |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
was it a clean pick ? |
|
I think that this repo is used by: openshift-apiserver, oauth-apiserver and oauth-server also it looks like all these servers are pinned to https://github.com/openshift/openshift-apiserver/blob/main/go.mod#L197C9-L197C152 |
All clean, no conflicts. Double checking again locally:
|
|
/hold until all evidence PRs are green |
openshift-ci
bot
added
the
do-not-merge/hold
|
@ingvagabund since the repos/servers are pinned to |
|
1.34/master already have the cherry-picked/backported commits based on
Once |
|
Looks like https://github.com/openshift/oauth-server has not been bumped to 1.34 yet. Also, since ocp 4.17 all the rebases have been merged into master branch only. |
|
From oauth-server: $ make
go build -mod=vendor -trimpath -ldflags "-X github.com/openshift/oauth-server/pkg/version.versionFromGit="v0.0.0-alpha.0-230-g5161935" -X github.com/openshift/oauth-server/pkg/version.commitFromGit="51619356" -X github.com/openshift/oauth-server/pkg/version.gitTreeState="clean" -X github.com/openshift/oauth-server/pkg/version.buildDate="2025-12-03T21:44:31Z" " github.com/openshift/oauth-server/cmd/oauth-server
# github.com/openshift/oauth-server/pkg/oauth/handlers
pkg/oauth/handlers/default_auth_handler.go:118:17: undefined: audit.AuditEventFrom
make: *** [vendor/github.com/openshift/build-machinery-go/make/targets/golang/build.mk:16: build] Error 1A valid error since |
|
EDIT: mimicking the code changes from https://github.com/kubernetes/kubernetes/pull/129472/files#diff-4ff3580afd7cb271bca442e8bed618441aca39c8a257e45a5cf329d63e620068R50-R52. |
5 participants
Mimicking backports as in openshift/kubernetes#2443. This time for openshift-apiserver.