Skip to content

OSASINFRA-4329: Ensure tag extension is available#421

Open
danchild wants to merge 4 commits into
openshift:release-0.9from
shiftstack:fix/network-extension-tags
Open

OSASINFRA-4329: Ensure tag extension is available#421
danchild wants to merge 4 commits into
openshift:release-0.9from
shiftstack:fix/network-extension-tags

Conversation

@danchild
Copy link
Copy Markdown
Member

@danchild danchild commented Jun 3, 2026
edited
Loading

Check for standard-attr-tag extension before tagging ports

Upstream CAPO release-0.9 permits users to set tags on instances which eventually propagates down to ports. However, neutron's standard-attr-tag extension is not supported by all OpenStack versions. The behavior prevents port creation which prevents instances from being created as well.

This patch prevents these errors by doing the following:

  • Queries neutron's extension list, checking for the standard-attr-tag support
  • When a user has explicitly configured port-level tags and the extension isn't supported, CAPO returns an error
  • When only instance tags are present, CAPO logs a warning and skips tagging

This change is made against downstream CAPO rather than the upstream, because MAPO has CAPO release-0.9 as a hard dependency which is reaching EOL. Upstream CAPO has diverged substantially since that release, making a direct upstream backport impractical for MAPO consumers at this time. If accepted, MAPO will need to add a replace directive in its go.mod to redirect CAPO from upstream to downstream.

It is assumed that the same defect exists in the upstream CAPO, and an investigation will take place to confirm the suspicion. If true, the same defect will be addressed there to prevent regressions down the path of a full CAPO replacement of MAPO.

k8s-ci-robot and others added 4 commits August 26, 2025 02:34
@k8s-ci-robot
Merge pull request kubernetes-sigs#2612 from shiftstack/webhooks-0.9
699f9e0 
[release-0.9] 🌱 Move webhooks into pkg/webhooks
@mandre
Fix instance deletion order
591861a 
Delete the OpenStack instance before deleting its network ports. This
prevents "Policy doesn't allow compute:detach primary port" errors that
occur when attempting to delete a primary NIC while the instance still
exists.

Deleting the instance automatically detaches all interfaces, so the
explicit detach call is no longer needed.
@k8s-ci-robot
Merge pull request kubernetes-sigs#2842 from shiftstack/server-interf…
2c507cd 
…ace-deletion-order-0.9

[release-0.9] Fix instance deletion order
@danchild @claude
fix: check for standard-attr-tag extension before tagging ports
29cec45 
Before setting tags on ports or trunks, check whether the neutron
standard-attr-tag extension is available. If the extension is absent:
- Return an error if port-specific tags were explicitly requested
- Skip tagging if instance tags are present, logging a warning

Adds getStdAttrTagSupport() helper to list neutron extensions and check
for the standard-attr-tag alias, with unit tests covering both supported
and unsupported extension scenarios.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Dan Childers <dchilder@redhat.com>
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 3, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Jun 3, 2026
edited by openshift-ci Bot
Loading

@danchild: This pull request references OSASINFRA-4329 which is a valid jira issue.

Details

In response to this:

TODO

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 3, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 0997be06-1bc5-404f-9a26-18c70a498fc1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 3, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jun 3, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jun 3, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@danchild
Copy link
Copy Markdown
Member Author

danchild commented Jun 3, 2026

/assign @stephenfin

@danchild danchild marked this pull request as ready for review June 3, 2026 17:39
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 3, 2026
stephenfin
stephenfin requested changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown

@stephenfin stephenfin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small request inline

Comment thread pkg/cloud/services/networking/port.go
Comment on lines +173 to +188
tagsAreSupported, err := s.getStdAttrTagSupport()

if err != nil {
record.Warnf(eventObject, "FailedGetTagSupport", "Failed to verify neutron support for the standard-attr-tag extension, skipping tags: %v", err)
}

// Return error if user sets port tags; Skip over but warn for instance tags
if !tagsAreSupported {
if len(portOpts.Tags) > 0 {
err = fmt.Errorf("cannot tag port %s using port tags; tags are configured but neutron does not support the standard-attr-tag extension", portName)
record.Warnf(eventObject, "FailedTagPort", "Failed to tag port %s: %v", portName, err)
return nil, err
}

record.Warnf(eventObject, "FailedTagPort", "Neutron does not support the standard-attr-tag extension, skipping instance tags for port %s", portName)
}
Copy link
Copy Markdown

@stephenfin stephenfin Jun 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we place all of this inside an if len(tags) > 0 block? I don't see any point making a request to the server if we don't have any tags to update. Something like

tagsAreSupported := False
if len(tags) > 0 {
	// ... your changes
}

if len(tags) > 0 && tagsAreSupported

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenfin stephenfin stephenfin requested changes

Assignees

@stephenfin stephenfin

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@danchild @openshift-ci-robot @stephenfin @k8s-ci-robot @mandre