[release/1.6] Fix ambiguous tls fallback by dmcgowan · Pull Request #9300 · containerd/containerd

dmcgowan · 2023-10-26T04:49:05Z

Backport

Avoid TLS fallback when protocol is not ambiguous Avoid TLS fallback when protocol is not ambiguous #9283
Check scheme and host of request on push redirect Check scheme and host of request on push redirect #9294

The TLS fallback should only be used when the protocol is ambiguous due to provided TLS configurations and defaulting to http. Do not add TLS configurations when defaulting to http. When the port is 80 or will be defaulted to 80, there is no protocol ambiguity and TLS fallback should not be used. Signed-off-by: Derek McGowan <[email protected]> (cherry picked from commit d48ceb6) Signed-off-by: Derek McGowan <[email protected]>

When the HTTP fallback is used, the scheme changes from HTTPS to HTTP which can cause a mismatch on redirect, causing the authorizer to get stripped out. Since the redirect host must match the redirect host in this case, credentials are only sent to the same origin host that returned the redirect. This fixes an issue for a push getting a 401 unauthorized on the PUT request even though credentials are available. Signed-off-by: Derek McGowan <[email protected]> (cherry picked from commit 466ee87) Signed-off-by: Derek McGowan <[email protected]>

samuelkarp · 2023-10-26T06:27:21Z

/retest

samuelkarp · 2023-10-26T06:30:23Z

k8s-ci-robot now reruns GitHub Actions with the retest command? That's new. I just wanted the one aborted prow job to rerun...

/test pull-containerd-node-e2e

k8s-ci-robot · 2023-10-26T06:30:25Z

@samuelkarp: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test pull-containerd-build
/test pull-containerd-node-e2e-1-6

Use /test all to run all jobs.

Details

In response to this:

k8s-ci-robot now reruns GitHub Actions with the retest command? That's new. I just wanted the one aborted prow job to rerun...

/test pull-containerd-node-e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

akhilerm · 2023-10-26T06:45:20Z

k8s-ci-robot now reruns GitHub Actions with the retest command?

@samuelkarp It was added so that the github workflows could be retriggered by the author of the PR. Otherwise, only org members/owners could retrigger a github workflow

Also, the aborted job is for the main branch. In release/1.6 we are using the pull-containerd-node-e2e-1-6 job.

akhilerm

/lgtm

samuelkarp · 2023-10-26T07:06:20Z

Also, the aborted job is for the main branch. In release/1.6 we are using the pull-containerd-node-e2e-1-6 job.

Looks like it got triggered because of this?

dmcgowan changed the base branch from main to release/1.6

AkihiroSuda · 2023-10-26T16:48:26Z

/test all

AkihiroSuda

LGTM if green

akhilerm · 2023-10-27T13:06:31Z

The integration test failure seems unrelated to the changes in this PR. Can the job be retriggered and checked?

kzys · 2023-10-27T23:20:56Z

/test all

kzys · 2023-10-27T23:28:16Z

pull-containerd-node-e2e is showing

Test started last Wednesday at 9:49 PM is still running after 42h38m9s. (more info)

So we may need to do something on Prow side. I don't think I can cancel the job. Can I?

akhilerm · 2023-10-28T09:51:47Z

pull-containerd-node-e2e is showing

Test started last Wednesday at 9:49 PM is still running after 42h38m9s. (more info)

So we may need to do something on Prow side. I don't think I can cancel the job. Can I?

@kzys It can be ignored, since that test is not supposed to run on this branch(release/1.6). I am not sure if github allows to merge by overriding the failing check.

samuelkarp · 2023-10-29T05:52:10Z

I am not sure if github allows to merge by overriding the failing check.

I merged it anyway. I don't think there's a way to clear pull-containerd-node-e2e and we can't rerun it (since it doesn't actually run for the release/1.6 branch).

dmcgowan added 2 commits October 25, 2023 21:37

dmcgowan changed the base branch from main to release/1.6 October 26, 2023 04:49

dmcgowan closed this Oct 26, 2023

dmcgowan reopened this Oct 26, 2023

containerd deleted a comment from k8s-ci-robot Oct 26, 2023

samuelkarp mentioned this pull request Oct 26, 2023

trigger_github_workflows retriggers all workflows on retest instead of failed jobs kubernetes/test-infra#30713

Closed

samuelkarp approved these changes Oct 26, 2023

View reviewed changes

akhilerm approved these changes Oct 26, 2023

View reviewed changes

estesp approved these changes Oct 26, 2023

View reviewed changes

AkihiroSuda approved these changes Oct 26, 2023

View reviewed changes

samuelkarp merged commit e63636a into containerd:release/1.6 Oct 29, 2023

vsiravar mentioned this pull request Oct 31, 2023

build(deps): Bump submodules and dependencies runfinch/finch#669

Closed

akhilerm mentioned this pull request Nov 19, 2023

[release/1.6] Prepare release notes for v1.6.25 #9394

Merged

AbrohamLincoln mentioned this pull request Feb 7, 2024

Zarf-Seed-Registry Installation Fails on Init with Deployment is not ready: zarf/zarf-docker-registry error zarf-dev/zarf#592

Closed

Conversation

dmcgowan commented Oct 26, 2023

Uh oh!

samuelkarp commented Oct 26, 2023

Uh oh!

samuelkarp commented Oct 26, 2023

Uh oh!

k8s-ci-robot commented Oct 26, 2023

Uh oh!

akhilerm commented Oct 26, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

akhilerm left a comment

Choose a reason for hiding this comment

Uh oh!

samuelkarp commented Oct 26, 2023

Uh oh!

AkihiroSuda commented Oct 26, 2023

Uh oh!

AkihiroSuda left a comment

Choose a reason for hiding this comment

Uh oh!

akhilerm commented Oct 27, 2023

Uh oh!

kzys commented Oct 27, 2023

Uh oh!

kzys commented Oct 27, 2023

Uh oh!

akhilerm commented Oct 28, 2023

Uh oh!

samuelkarp commented Oct 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

akhilerm commented Oct 26, 2023 •

edited

Loading