OCPBUGS-46513: Add ConsolePluginContentSecurityPolicy feature gate to…

[TheRealJon]

… console config

[openshift-ci-robot]

@TheRealJon: This pull request references Jira Issue OCPBUGS-46513, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.19.0) matches configured target version for branch (4.19.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @yapei

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

… console config

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[spadgett]

Hey, @JoelSpeed. Would you mind confirming this is right for content security policy? We're disabling some behavior in console if the gate is not enabled.

https://github.com/openshift/api/pull/2042/files#diff-d47d7d4b42f1c65f84b1a2ab7b4a1aefc599dec53bf7ab22e9d14936178ad95dR92

I wish we had named this ConsoleContentSecurityPolicy rather than ConsolePluginContentSecurityPolicy, but I assume it's too late for that (at least for 4.18?).

[JoelSpeed]

That will give you what you need to gate the functionality yes

And yep, a bit late to change the name unfortunately

[spadgett]

/lgtm

Thanks @TheRealJon

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spadgett, TheRealJon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [TheRealJon,spadgett]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[spadgett]

/label acknowledge-critical-fixes-only

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD c9beaf1 and 2 for PR HEAD 983dadb in total

[TheRealJon]

/retest

[openshift-ci]

@TheRealJon: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@TheRealJon: Jira Issue OCPBUGS-46513: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/console#14710 is open

These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with /jira refresh.

Jira Issue OCPBUGS-46513 has not been moved to the MODIFIED state.

In response to this:

… console config

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: openshift-enterprise-console-operator
This PR has been included in build openshift-enterprise-console-operator-container-v4.19.0-202502042007.p0.g6f2500b.assembly.stream.el9.
All builds following this will include this PR.

[spadgett]

/cherry-pick release-4.18

[openshift-cherrypick-robot]

@spadgett: new pull request created: #959

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.