Bug 1978798: Revert "Update ovnKubernetesConfig.policyAuditConfig Default"

[astoycos]

Remove the unecessary yaml patch for the ClusterNetworkOperator
CRD since this wasn't working as intended anyways. See bz for more info

This reverts commit 6f0ce8c.

[openshift-ci]

@astoycos: This pull request references Bugzilla bug 1978798, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @asood-rh

In response to this:

Bug 1978798: Revert "Update ovnKubernetesConfig.policyAuditConfig Default"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[asood-rh]

/label qe-approved

[openshift-bot]

/bugzilla refresh

The requirements for Bugzilla bugs have changed (BZs linked to PRs on master branch need to target OCP 4.11), recalculating validity.

[openshift-ci]

@openshift-bot: This pull request references Bugzilla bug 1978798, which is invalid:

• expected the bug to target the "4.11.0" release, but it targets "4.10.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

The requirements for Bugzilla bugs have changed (BZs linked to PRs on master branch need to target OCP 4.11), recalculating validity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[astoycos]

/bugzilla refresh

[openshift-ci]

@astoycos: This pull request references Bugzilla bug 1978798, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.11.0) matches configured target release for branch (4.11.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @asood-rh

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[astoycos]

@sttts If you get the chance can you PTAL a look at this?

[astoycos]

/assign @sttts

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[benluddy]

/lgtm

[benluddy]

/cc @tkashem

[benluddy]

/remove-lifecycle stale

[tkashem]

/cc @soltysh @deads2k

[deads2k]

Worst diff ever. Was there a difference between nil and empty in the handling code? If there is a difference in how those are handled, then I'm worried about

1. behavior change when this is no longer defaulted
2. the api behavior in general, it's unexpected to have a difference between nil and empty.

Also, we avoid having nullable structs in our configuration code to improve discoverability of the options when taking actions like oc edit for instance.

[astoycos]

Yaml patches introduced these ugly diffs in the first place I believe :/ (see the original commit 6f0ce8c)

This patch hack was originally needed because of this Kubebuilder bug and only effected users on clusters upgrading from when the new audit logging config object didn't exist (Pre-4.8). In 4.8 and later the defaults for the audit logging config are properly populated, and in upgrade clusters the workaround is documented in the bug.

Regardless the kubebuilder defaults still work just fine when the policyAuditConfig exists AND the CNO handles if the config is null (which is a bit redundant if kubebuilder is working as expected).

Lastly, The CNO doesn't need to distinguish between "nil" and "empty" in this case.

[andreaskaris]

@deads2k @astoycos Any consensus here?

[deads2k]

This patch hack was originally needed because of this Kubebuilder bug and only effected users on clusters upgrading from when the new audit logging config object didn't exist (Pre-4.8). In 4.8 and later the defaults for the audit logging config are properly populated, and in upgrade clusters the workaround is documented in the bug.

So the thought is that clusters that are upgrading to 4.12 will already have this stanza? If so, I'm ok with this

/approve
/hold

holding for confirmation that my interpretation is correct. If it is, you may remove the hold.

In the future, try to avoid using pointers and defaults in configuration APIs. Empty objects help with discoverability and handling "no opinion" differently that user selected choices allows for evolution over time.

[astoycos]

So the thought is that clusters that are upgrading to 4.12 will already have this stanza? If so, I'm ok with this

They should and if for some reason they don't it's very easy to add

In the future, try to avoid using pointers and defaults in configuration APIs. Empty objects help with discoverability and handling "no opinion" differently that user selected choices allows for evolution over time.

Agreed, at the time I was just following the advice from the team.

[astoycos]

@benluddy this lost the lgtm during rebase

[openshift-ci]

@astoycos: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[benluddy]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: astoycos, benluddy, deads2k

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [deads2k]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[astoycos]

/unhold

[openshift-ci]

@astoycos: All pull requests linked via external trackers have merged:

• openshift/api#1102
• openshift/api#993

Bugzilla bug 1978798 has been moved to the MODIFIED state.

In response to this:

Bug 1978798: Revert "Update ovnKubernetesConfig.policyAuditConfig Default"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.