Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-2.11] Address oauth2 vuln #919

Merged
merged 2 commits into from
Mar 31, 2025
Merged

[release-2.11] Address oauth2 vuln #919

merged 2 commits into from
Mar 31, 2025

Conversation

dhaiducek
Copy link
Contributor

Address CVE-2025-22868

@dhaiducek
[release-2.11] Address oauth2 vuln
c5db2b2 
Address CVE-2025-22868

Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
@openshift-ci openshift-ci bot requested review from gparvin and JustinKuli March 26, 2025 20:55
JustinKuli
JustinKuli previously approved these changes Mar 26, 2025
View reviewed changes
.github/workflows/kind.yml
@@ -96,7 +96,7 @@ jobs:
run: |
make fmt
git diff --exit-code
make lint
echo "INFO: Linting disabled."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I realized a bit late there should be a message rather than just a removal. At least I got it right for the last batch!

@openshift-ci openshift-ci bot added the lgtm label Mar 26, 2025
@dhaiducek
Copy link
Contributor Author

/retest

2 similar comments
@JustinKuli
Copy link
Contributor

/retest

@JustinKuli
Copy link
Contributor

/retest

@dhaiducek
Copy link
Contributor Author

/override "ci/prow/test-e2e-grc-framework"

With the new checks from stolostron/governance-policy-framework-addon#652, I think this is expected, though we could probably clean up that <nil> when there's no error and perhaps reconsider the "Failed" message since in this case it didn't fail--it was probably waiting for the pods to come up...

   [FAILED] Timed out after 180.000s.
  The function passed to Eventually failed at /go/src/github.com/stolostron/governance-policy-framework/test/integration/compliance_history_test.go:527 with:
  Expected
      <[]map[string]interface {} | len:3, cap:4>: [
          {
              "compliance": <string>"Compliant",
              "message": <string>"ConstraintTemplate complianceapitest was created successfully",
              "timestamp": <string>"2025-03-27T22:12:14.953037Z",
              "metadata": nil,
              "reported_by": <string>"governance-policy-framework",
          },
          {
              "compliance": <string>"NonCompliant",
              "message": <string>"template-error; Failed to create Gatekeeper ConstraintTemplate. Check the status of complianceapitest.",
              "timestamp": <string>"2025-03-27T22:11:54.65861Z",
              "metadata": nil,
              "reported_by": <string>"governance-policy-framework",
          },
          {
              "message": <string>"template-error; Failed to retrieve status.created from ConstraintTemplate complianceapitest: <nil>",
              "timestamp": <string>"2025-03-27T22:11:54.4845Z",
              "metadata": nil,
              "reported_by": <string>"governance-policy-framework",
              "compliance": <string>"NonCompliant",
          },
      ]
  to have length 1
  In [It] at: /go/src/github.com/stolostron/governance-policy-framework/test/integration/compliance_history_test.go:559 @ 03/27/25 22:14:55.437

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 28, 2025

@dhaiducek: Overrode contexts on behalf of dhaiducek: ci/prow/test-e2e-grc-framework

In response to this:

/override "ci/prow/test-e2e-grc-framework"

With the new checks from stolostron/governance-policy-framework-addon#652, I think this is expected, though we could probably clean up that <nil> when there's no error and perhaps reconsider the "Failed" message since in this case it didn't fail--it was probably waiting for the pods to come up...

  [FAILED] Timed out after 180.000s.
 The function passed to Eventually failed at /go/src/github.com/stolostron/governance-policy-framework/test/integration/compliance_history_test.go:527 with:
 Expected
     <[]map[string]interface {} | len:3, cap:4>: [
         {
             "compliance": <string>"Compliant",
             "message": <string>"ConstraintTemplate complianceapitest was created successfully",
             "timestamp": <string>"2025-03-27T22:12:14.953037Z",
             "metadata": nil,
             "reported_by": <string>"governance-policy-framework",
         },
         {
             "compliance": <string>"NonCompliant",
             "message": <string>"template-error; Failed to create Gatekeeper ConstraintTemplate. Check the status of complianceapitest.",
             "timestamp": <string>"2025-03-27T22:11:54.65861Z",
             "metadata": nil,
             "reported_by": <string>"governance-policy-framework",
         },
         {
             "message": <string>"template-error; Failed to retrieve status.created from ConstraintTemplate complianceapitest: <nil>",
             "timestamp": <string>"2025-03-27T22:11:54.4845Z",
             "metadata": nil,
             "reported_by": <string>"governance-policy-framework",
             "compliance": <string>"NonCompliant",
         },
     ]
 to have length 1
 In [It] at: /go/src/github.com/stolostron/governance-policy-framework/test/integration/compliance_history_test.go:559 @ 03/27/25 22:14:55.437

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dhaiducek
Copy link
Contributor Author

/hold Okay fine, I'll fix the test 😄

@dhaiducek
Adjust Gk event check
01ae3d9 
Signed-off-by: Dale Haiducek <19750917+dhaiducek@users.noreply.github.com>
@openshift-ci openshift-ci bot removed the lgtm label Mar 28, 2025
@dhaiducek
Copy link
Contributor Author

/unhold
/test remaining-required

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 28, 2025

@dhaiducek: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test images

/test pr-image-mirror

/test test-e2e-grc-framework

Use /test all to run all jobs.

In response to this:

/unhold
/test remaining-required

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dhaiducek
Copy link
Contributor Author

/retest

1 similar comment
@JustinKuli
Copy link
Contributor

/retest

@dhaiducek dhaiducek requested a review from JustinKuli March 31, 2025 16:00
@openshift-ci openshift-ci bot added the lgtm label Mar 31, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 31, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek, JustinKuli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JustinKuli,dhaiducek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit f566887 into release-2.11 Mar 31, 2025
10 checks passed
@openshift-merge-bot openshift-merge-bot bot deleted the dhaiduce-release-2.11-oauth2 branch March 31, 2025 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JustinKuli JustinKuli JustinKuli approved these changes

@gparvin gparvin Awaiting requested review from gparvin

Assignees

@JustinKuli JustinKuli

Labels
approved dco-signoff: yes lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dhaiducek @JustinKuli