[release-4.16] OCPBUGS-53242: Ensure that PSA label is latest instead of pinning versions

[openshift-cherrypick-robot]

This is an automated cherry-pick of #607

/assign openshift-cherrypick-robot

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-53179 has been cloned as Jira Issue OCPBUGS-53242. Will retitle bug to link to clone.
/retitle [release-4.16] OCPBUGS-53242: Ensure that PSA label is latest instead of pinning versions

In response to this:

This is an automated cherry-pick of #607

/assign openshift-cherrypick-robot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: openshift-cherrypick-robot
Once this PR has been reviewed and has the lgtm label, please assign joelanford for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-53242, which is invalid:

• expected dependent Jira Issue OCPBUGS-53179 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This is an automated cherry-pick of #607

/assign openshift-cherrypick-robot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[camilamacedo86]

/jira refresh

[openshift-ci-robot]

@camilamacedo86: This pull request references Jira Issue OCPBUGS-53242, which is valid.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.z) matches configured target version for branch (4.16.z)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
• release note type set to "Release Note Not Required"
• dependent bug Jira Issue OCPBUGS-53179 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-53179 targets the "4.17.z" version, which is one of the valid target versions: 4.17.0, 4.17.z
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira ([email protected]), skipping review request.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[anik120]

@camilamacedo86 https://issues.redhat.com/browse/OCPBUGS-41849 has "Affects version: 4.17", are we sure we want this in 4.16 too?

[jianzhangbjz]

Test pass, details: https://issues.redhat.com/browse/OCPBUGS-53242
/label qe-approved
/label cherry-pick-approved

[jianzhangbjz]

/hold

[jianzhangbjz]

@camilamacedo86 https://issues.redhat.com/browse/OCPBUGS-41849 has "Affects version: 4.17", are we sure we want this in 4.16 too?

That's a good point! That's OK if we backport it to 4.16.z. However, it's better to align with the Auth team, + @camilamacedo86 What do you think?

[camilamacedo86]

Hi @jianzhangbjz, @anik120

Do we really need to fix this for 4.16?
What Kubernetes version is used for the OCP 4.16 release?

Regarding your comment: "However, it's better to align with the Auth team,"—why do you think alignment with the Auth team is necessary?

So, what would be the key difference between setting the latest version for higher releases but not for 4.16? Why do you think it's acceptable from 4.17 onwards but not for 4.16? What is your specific concern?

PS: I do not understand why you think that is fine we have latest from 4.17 and not at 4.16, could you please help me understand it ?

[anik120]

@camilamacedo86 see the comments by Xingxing Xia in https://issues.redhat.com/browse/OCPBUGS-41849. Looks like a 4.16 cluster had 1.24 pinned to it, was upgraded to 4.17 and latest was seen, which passed the test.

Going by just the paperwork there, it looks like the intention is to go only as far back as 4.17.

Is there any restrictions technically from back porting this to 4.16? I don't know. Just going with the paper work here, which as a reviewer is easier to adhere to, than verify if things will break if this is back ported to 4.16.

[camilamacedo86]

Hi @anik120 @jianzhangbjz

Thank you both a lot that is my question:

• what is the concern we have in cherry-pick to 4.16? That is not was requested by QE?
• what do we need to check with Auth-Team exactly?

[jianzhangbjz]

As https://issues.redhat.com/browse/OCPBUGS-41849 mentioned We kept it at "v1.24" due to potential issues with HyperShift.. Now, that bug has been fixed. However, they didn't backport it since there is no strong requirement.
So, as I mentioned above, whether backporting it to 4.16.z or not is ok for me.