Skip to content

Rebase v3.6.12#385

Open
redhat-chai-bot wants to merge 124 commits into
openshift:openshift-5.0from
redhat-chai-bot:06091453-bot-changes
Open

Rebase v3.6.12#385
redhat-chai-bot wants to merge 124 commits into
openshift:openshift-5.0from
redhat-chai-bot:06091453-bot-changes

Conversation

@redhat-chai-bot

@redhat-chai-bot redhat-chai-bot commented Jun 9, 2026

Copy link
Copy Markdown

Rebase openshift-5.0 onto upstream etcd v3.6.12.

Changes

  • Rebased 315 upstream commits from v3.6.4 to v3.6.12
  • Merged openshift-5.0 carry patches on top
  • Resolved go.mod conflict: took upstream cobra v1.10.2, testify v1.11.1, kept pflag v1.0.10 as direct
  • Ran go mod tidy

CHANGELOG

https://github.com/etcd-io/etcd/blob/master/CHANGELOG/CHANGELOG-3.6.md#v3612

serathius and others added 30 commits September 23, 2025 17:47
@serathius
Reject watch request with -1 revision and make rangeEvents safe again…
3bb4470 
…st negative revision

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#20707 from k8s-infra-cherrypick-robot/cher…
4790130 
…ry-pick-20693-to-release-3.6

[release-3.6] Reject watch request with -1 revision to prevent invalid resync behavior on uncompacted etcd and make rangeEvents safe against negative revision.
@tchap
server/embed: Log EOF on DEBUG in TLS handshake
ee85ed3 
When EOF is encountered during TLS handshake, it is still logged as a
warning. This seems excessive and not really useful.

This patch ensures EOF is logged on debug only.

Signed-off-by: Ondra Kupka <okupka@redhat.com>
@ahrtr
Merge pull request etcd-io#20749 from k8s-infra-cherrypick-robot/cher…
3bbdd68 
…ry-pick-20568-to-release-3.6

[release-3.6] server/embed: Log EOF on DEBUG in TLS handshake
@ahrtr
Fix endpoint status not retuning the correct storage quota
4973fd4 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#20790 from ahrtr/20251012_quota_3.6
4dfe6c1
@hwdef
Bump go to 1.24.9
1e02301 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20801 from hwdef/release-36-bump-go1249
9d7222c 
[release-3.6] Bump go to 1.24.9
@xUser5000
test: add promote with auth e2e tests
e88e142 
Adds two test cases for the member promote operation when auth is
enabled. In the first case, the member promote request is submitted to
the leader, and in the second case it's submitted to the follower. The
leader case succeeds. In the other case, the follower forwards the
promote request to the leader. But, the forwarded request fails due to
a bug. The logs on the leader include this message:

```
failed to promote a member
```

as well as the error:

```
auth: user name is empty
```

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: fix cannot promote with auth from follower
5377bb9 
When auth is enabled, sending a promotion request to a follower node was failing because
the auth token was not being propagated when the follower forwards the request to the leader.

Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
etcdserver: follow convention to extract auth token in cluster_util.go
76ee0bc 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@xUser5000
tests: use WaitLeader() in memberPromoteWithAuth()
db6be4c 
Signed-off-by: xUser5000 <abdallahar1974@gmail.com>
@ahrtr
Merge pull request etcd-io#20874 from k8s-infra-cherrypick-robot/cher…
52b2948 
…ry-pick-20792-to-release-3.6

[release-3.6] etcdserver: Fix: cannot promote member from follower when auth is enabled
@ahrtr
Add an e2e test cases to reproduce the '--force-new-cluster' can't re…
7d3fc02 
…move learner issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the '--force-new-cluster' can't clean up learners issue
523100b 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20896 from k8s-infra-cherrypick-robot/cher…
d1a3bee 
…ry-pick-20894-to-release-3.6

[release-3.6] Fix the issue that `--force-new-cluster` can't clean up learner after creating v2 snapshot
@ronaldngounou
Bump from go1.24.9 to go1.24.10
2c0db32 
Signed-off-by: ronaldngounou <ronald.ngounou@yahoo.com>
@ahrtr
Merge pull request etcd-io#20901 from ronaldngounou/release36-bump-go…
88b9794 
…12410

[release-3.6] Bump from go1.24.9 to go1.24.10
@mingl1
v3rpc: add and use getServerMetrics() with global metricsServerCached
145d927 
Signed-off-by: mingl1 <minglin.me@gmail.com>
@ahrtr
Merge pull request etcd-io#20905 from k8s-infra-cherrypick-robot/cher…
0745315 
…ry-pick-20887-to-release-3.6

[release-3.6] fix duplicate metrics collector registration attempted
@ivanvc
version: bump up to 3.6.6
d2809cf 
Signed-off-by: Ivan Valdes <iv@a.ki>
@ahrtr
Print token fingerprint instead of the original tokens in log messages
554dc70 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#20941 from ahrtr/20251117_tokens_3.6
f185ce6 
[release-3.6] Print token fingerprint instead of the original tokens in log messages
@hwdef
Bump go to 1.24.11
97141e1 
Signed-off-by: hwdef <hwdefcom@outlook.com>
@ahrtr
Merge pull request etcd-io#20998 from hwdef/release36-bump-go-12411
dbaf5cf 
[release-3.6] Bump go to 1.24.11
@ivanvc
dependency: Bump golang.org/x/net from 0.38.0 to 0.45.0
61af088 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ahrtr
Merge pull request etcd-io#21024 from ivanvc/release-3.6-x-net-0.45.0
6bfd01c 
[release-3.6] dependency: Bump golang.org/x/crypto from 0.36.0 to 0.45.0
@joshjms
version: bump up to 3.6.7
e838ef1 
Signed-off-by: joshjms <joshjms1607@gmail.com>
@ivanvc
dependency: Bump golang.org/x/crypto from 0.42.0 to 0.45.0
f767aa2 
Addresses CVE-2025-47914, CVE-2025-58181.

Signed-off-by: Ivan Valdes <ivan@vald.es>
@ivanvc
tools: explicitly require golang.org/x/tools/cmd/goimports
81c32a4 
Running genproto fails with:

% (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
stderr: /home/prow/go/pkg/mod/golang.org/x/tools@v0.38.0/cmd/goimports/goimports.go:23:2: missing go.sum entry for module providing package golang.org/x/telemetry/counter (imported by golang.org/x/tools/cmd/goimports); to add:
stderr: go get golang.org/x/tools/cmd/goimports@v0.38.0
FAIL: (code:1):
  % (cd tools/mod && 'go' 'install' 'golang.org/x/tools/cmd/goimports')
Failed to install tool 'golang.org/x/tools/cmd/goimports'

Signed-off-by: Ivan Valdes <ivan@vald.es>
ahrtr and others added 22 commits April 27, 2026 20:26
@ahrtr
Merge pull request etcd-io#21667 from ahrtr/20260426_add_member
7d4b175 
[release-3.6] Fix the issue that cannot add a new member when one member is down, even if quorum is still satisfied
@ahrtr
move function CheckTxnAuth from package txn to apply
20e6f23 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Get all Put related auth check into a separate function 'checkPutAuth'
c387fa5 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21681 from ahrtr/20260428_auth_refactor
16a8a36 
[release-3.6] Refactor auth check for Put requests in TXN
@ahrtr
Add an integration test case to reproduce the read via PrevKv bypass …
3fe5746 
…rbac check issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Add an integration test to reproduce the issue of PutWithLease in a T…
fbbd0a1 
…XN bypass RBAC check

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Fix the 'read via PrevKv' and 'Put with lease' in TXN bypass rbac che…
633de82 
…ck issue

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21685 from ahrtr/20260429_auth_3.6
d671fd0 
[release-3.6] Fix read access via PrevKv or lease attachment in a Put request in etcd transactions bypass RBAC authorization checks
@ivanvc
version: bump up to 3.6.11
ec166e2 
Signed-off-by: Ivan Valdes <iv@a.ki>
@silentred
Bump Go to 1.25.10
e7f96b0 
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
@ahrtr
Merge pull request etcd-io#21727 from silentred/release-3.6-bump-go-1…
9bbe31b 
….25.10

[release-3.6] Bump Go to 1.25.10
@silentred
bugfix: MemberUpdate implicitly and unexpectedly promotes a learner
49cd4a4 
Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
@ahrtr
Merge pull request etcd-io#21736 from silentred/release-3.6-bugfix-me…
00e1b15 
…mberupdate-learner

[release-3.6] bugfix: MemberUpdate implicitly and unexpectedly promotes a learner
@silentred
etcdutl: validate data file path and return consistent errors instead…
449e34b 
… of panic when given non-existent paths

Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
@fuweid
Merge pull request etcd-io#21768 from silentred/release-3.6-etcdutl-i…
aaf38f8 
…nvalid-datadir

[release-3.6] etcdutl: validate data file path instead of panic
@vivekpatani
client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
e1468c8 
- replace user.Current().Name == "root" with os.Getuid() == 0.
- drop os/user import and user.Current() error path.
- backport of etcd-io#21788
- address: etcd-io#21787

Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
@ahrtr
Merge pull request etcd-io#21794 from vivekpatani/cherry-pick-21788-r…
2286051 
…elease-3.6

[release-3.6] client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
@Deln0r
server: allow non-admin maintenance status
576a6a0 
Signed-off-by: kunal.behbudzade <kunal.behbudzade@btsgrp.com>
Signed-off-by: Ian Chechin <ian00chechin@gmail.com>
@ahrtr
Merge pull request etcd-io#21811 from Deln0r/release-3.6-backport-21666
8b95963 
[release-3.6] server: allow non-admin maintenance status
@ivanvc
version: bump up to 3.6.12
90b034a 
Signed-off-by: Ivan Valdes <iv@a.ki>
UPSTREAM: <drop>: manually resolve conflicts
aa63892
UPSTREAM: <drop>: go mod tidy
e96f755
@coderabbitai

coderabbitai Bot commented Jun 9, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bc6f7afb-7d83-4da1-ae61-2800d396951a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@dusk125

dusk125 commented Jun 9, 2026

Copy link
Copy Markdown

/hold

@openshift-ci openshift-ci Bot requested review from deads2k and dusk125 June 9, 2026 14:58
@openshift-ci openshift-ci Bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 9, 2026
@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: redhat-chai-bot
Once this PR has been reviewed and has the lgtm label, please assign dusk125 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 9, 2026
@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

Hi @redhat-chai-bot. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deads2k deads2k Awaiting requested review from deads2k

@dusk125 dusk125 Awaiting requested review from dusk125

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.