Bug 1988308: Add feature for Insights operator pulling SCA certs

[tremes]

This corresponds to openshift/enhancements#683 enhancement.

[openshift-ci]

@tremes: This pull request references Bugzilla bug 1988308, which is invalid:

• expected the bug to target the "4.9.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1988308: Add feature for Insights operator pulling SCA certs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[tremes]

/bugzilla refresh

[openshift-ci]

@tremes: This pull request references Bugzilla bug 1988308, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.9.0) matches configured target release for branch (4.9.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @xingxingxia

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[xingxingxia]

/bugzilla refresh

[openshift-ci]

@xingxingxia: This pull request references Bugzilla bug 1988308, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.9.0) matches configured target release for branch (4.9.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (dmisharo@redhat.com), skipping review request.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[bparees]

why is this being filed as a "bug"?

[bparees]

This corresponds to openshift/enhancements#683 enhancement.

this EP is not approved/merged, so what is the basis for the implementation being merged?

[bparees]

/hold

while this change in and of itself looks to be "correct", I am concerned that this PR is enabling the code that implements a feature(openshift/insights-operator#375) that was merged:

1. post feature freeze without a feature exception granted from the OCP organization(has docs agreed to contain this? has qe? has the ocp program granted an exception?) (instead it appears the team created dummy bugs that don't even explain why the bugs were created, in order to bypass merge gates)
   https://bugzilla.redhat.com/show_bug.cgi?id=1988351
   https://bugzilla.redhat.com/show_bug.cgi?id=1988308

2. implementing an enhancement proposal that is not approved or merged(Insights Operator pulling and exposing data from the OCM API enhancements#683)

3. the enhancement proposal also has numerous unresolved comment threads (that doesn't mean the implementation didn't address them, or that the comments are blockers to the implementation, but right now the state of the design is unclear)

4. And all of this is to merge something that can only be enabled by customers who accept the limitation of not being able to ever upgrade their cluster (we could just merge it in 4.10 and let customers who want to try it out pick up an early 4.10-nightly which is likely just as palatable for someone building a throwaway cluster)

If we're going to proceed with this in 4.9, we need to resolve the discussions in the EP and get docs/qe/ocp program ACKs

[mklika]

/hold

while this change in and of itself looks to be "correct", I am concerned that this PR is enabling the code that implements a feature(openshift/insights-operator#375) that was merged:

1. post feature freeze without a feature exception granted from the OCP organization(has docs agreed to contain this? has qe? has the ocp program granted an exception?) (instead it appears the team created dummy bugs that don't even explain why the bugs were created, in order to bypass merge gates)
   https://bugzilla.redhat.com/show_bug.cgi?id=1988351
   https://bugzilla.redhat.com/show_bug.cgi?id=1988308
2. implementing an enhancement proposal that is not approved or merged(Insights Operator pulling and exposing data from the OCM API enhancements#683)
3. the enhancement proposal also has numerous unresolved comment threads (that doesn't mean the implementation didn't address them, or that the comments are blockers to the implementation, but right now the state of the design is unclear)
4. And all of this is to merge something that can only be enabled by customers who accept the limitation of not being able to ever upgrade their cluster (we could just merge it in 4.10 and let customers who want to try it out pick up an early 4.10-nightly which is likely just as palatable for someone building a throwaway cluster)

If we're going to proceed with this in 4.9, we need to resolve the discussions in the EP and get docs/qe/ocp program ACKs

@sbose78 @siamaksade could you clarify this point 4 please - is there any reason to try to have this into 4.9 or 4.10 nightly would work for you as well?

[sbose78]

We would need this in 4.9 , especially because customers have been waiting on this capability. The stories on the Build API side that would help leverage this are also done.

[bparees]

The stories on the Build API side that would help leverage this are also done.

@sbose78 i trust those build api implementations will be gated on either this same featuregate, or another techpreviewnoupgrade featuregate? (otherwise we're shipping a GA feature that's dependent on a techpreview feature, which would be bad)

[mklika]

The stories on the Build API side that would help leverage this are also done.

@sbose78 i trust those build api implementations will be gated on either this same featuregate, or another techpreviewnoupgrade featuregate? (otherwise we're shipping a GA feature that's dependent on a techpreview feature, which would be bad)

@sbose78 could you follow up on this point please? Trying to resolve all the comments so we could finally merge it.

[tremes]

@bparees The impl for degrading the Insights Operator (in case of error received from the OCM API) is WIP in openshift/insights-operator#486

[bparees]

@tremes we're getting close on dates, has the rest of the implementation landed (including the degraded logic updates)?

[tremes]

@bparees thanks for heads up. Not yet. The PR for the degraded logic is still waiting for review from our team members. I will do my best to move it forward.

[tremes]

@bparees The impl for the degraded state finally landed (see openshift/insights-operator#486). Can you please take care of this one?

[bparees]

/hold cancel

[bparees]

/lgtm

this has been discussed w/ the team providing the backing implementation and we recognize this change is landing extremely late, however their QE organization is prepared to validate it and their program team is signed off on the change.

if it causes problems (it should not, since it's disabled unless techpreview is enabled, but it could prevent us from being able to turn on techpreview for other features because of the disruption it causes when techpreview is enabled, if it has a catastrophic bug), it will be reverted and we'll try again next release.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bparees, tremes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [bparees]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@tremes: Bugzilla bug 1988308 is in an unrecognized state (CLOSED (NOTABUG)) and will not be moved to the MODIFIED state.

In response to this:

Bug 1988308: Add feature for Insights operator pulling SCA certs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.