Bug 1756454: Separate upgrade flags for safety instead of abusing force

[smarterclayton]

The --force flag is dangerous and potentially allows untrusted
content to be upgraded to accidentally. Instead, introduce two
new flags --allow-explicit-upgrade (for upgrading to something not
in availableVersions) and --allow-unsafe-upgrade (for upgrading
when another upgrade is in progress or the cluster is reporting
an error) and remove those checks from --force.

While this is an API change, it is necessary to ensure that users
do not accidentally get access to untrusted content when
performing upgrades across major versions in advance of graph
updates, or when they are upgrading in disconnected environments.

Backport of #109

[openshift-ci-robot]

@smarterclayton: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

upgrade: Separate flags for safety instead of abusing force

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@smarterclayton: This pull request references Bugzilla bug 1756454, which is invalid:

• expected the bug to target the "4.2.0" release, but it targets "4.2.z" instead
• expected dependent Bugzilla bug 1756453 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1756454: Separate flags for safety instead of abusing force

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abhinavdahiya]

There also this bug https://bugzilla.redhat.com/show_bug.cgi?id=1713263 that states that --to-latest and --force don't work together correctly? Is that expected @smarterclayton ?

[smarterclayton]

/retest

[smarterclayton]

/bugzilla refresh

[openshift-ci-robot]

@smarterclayton: This pull request references Bugzilla bug 1756454, which is invalid:

• expected dependent Bugzilla bug 1756453 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jwforres]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jwforres, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [smarterclayton]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jwforres]

Given the state of CI on master and today's deadline, and that manual testing has been done to verify this on 4.2, overriding bugzilla bot.

[openshift-ci-robot]

@smarterclayton: All pull requests linked via external trackers have merged. Bugzilla bug 1756454 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1756454: Separate upgrade flags for safety instead of abusing force

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.