USHIFT-6276: introduce hosts plugin coreDNS RF tests

[eslutsky]

Which issue(s) this PR addresses:

Closes #

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: eslutsky

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [eslutsky]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pacevedom]

Why not using https://github.com/openshift/microshift/pull/5657/files#diff-73e9e9d7371412e8d5d73dc0c82539659a29dfa51c724fc441357398a087bec2R8 constant instead?

[pacevedom]

Few comments for this function:

• Use a switch case, maybe?
• If Enabled we should validate the file exists and we can read it.
• We are allowing the exposure of critical files (such as /etc/passwd) because we are not checking the actual file path. Same with relative paths, we should sanitize and require absolute paths here.
• File size. This will go to a config map, meaning we are limited to 1Mi in total size.

Just an idea: Should we restrict the files we can load to a handful of paths? For example, either /etc/hosts or something outside system paths?

[pacevedom]

I am missing RBAC for this specific config map, only CoreDNS pods should be able to read it and only MicroShift should be able to write it.

[pacevedom]

This is constant, should it be a member of the struct?

[pacevedom]

This is constant, should it be a member of the struct?

[pacevedom]

Should these be constants?

[pacevedom]

Should it signal readiness here instead? One it reaches this point you know you have at least one update to the configmap plus the file being watched.

[pacevedom]

Should it close the watcher?

[pacevedom]

Should it signal the removal/rename of the file? At that point it will fail in the next restart but remain working until then.

[pacevedom]

Remove the V(2) so that it always show up?

[openshift-ci-robot]

@eslutsky: This pull request references USHIFT-6276 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set.

In response to this:

Which issue(s) this PR addresses:

Closes #

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[eslutsky]

/retest

[eslutsky]

@pacevedom this PR was opened for the tests but its based on the #5491 commits , so i will address the code changed there.

[openshift-ci]

@eslutsky: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-tests-arm	d3def25	link	true	/test e2e-aws-tests-arm
ci/prow/verify	d3def25	link	true	/test verify
ci/prow/e2e-aws-tests-bootc	d3def25	link	true	/test e2e-aws-tests-bootc
ci/prow/e2e-aws-tests-bootc-arm	d3def25	link	true	/test e2e-aws-tests-bootc-arm

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.