migrate experimental-peer-skip-client-san-verification flag to feature gate

[wodeyoulai]

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

issue #19062

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: wodeyoulai
Once this PR has been reviewed and has the lgtm label, please assign wenjiaswe for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @wodeyoulai. Thanks for your PR.

I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[siyuanfoundation]

I don't think this PR is correct.
Can you find the original PR that added this flag and change the owner to that author? Thanks!

[wodeyoulai]

Sorry.I've found the original author. I will update the PR with the correct owner shortly.

[siyuanfoundation]

/ok-to-test

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.82%. Comparing base (f5973c9) to head (e43c1bf).

Additional details and impacted files

Files with missing lines	Coverage Δ
server/embed/config.go	79.68% <100.00%> (+0.03%)	⬆️
server/etcdmain/config.go	73.49% <100.00%> (+0.32%)	⬆️

... and 18 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #19225      +/-   ##
==========================================
- Coverage   68.85%   68.82%   -0.04%     
==========================================
  Files         420      420              
  Lines       35693    35696       +3     
==========================================
- Hits        24577    24566      -11     
- Misses       9692     9704      +12     
- Partials     1424     1426       +2     

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f5973c9...e43c1bf. Read the comment docs.

[ahrtr]

Please signoff the commit.

[ahrtr]

Please signoff the commit.

read https://github.com/etcd-io/etcd/pull/19225/checks?check_run_id=35810123123

git rebase HEAD~2 --signoff
git push --force-with-lease origin feat_gate

[ahrtr]

We might not need to migrate this flag, we just need to rename it to --peer-skip-client-san-verification. Both the experimental and non-experimental exist for 3.6, and remove the experimental flag in 3.7.

[wodeyoulai]

@ahrtr Understand. If you have decided to keep both flags , I can close this PR.

[siyuanfoundation]

@ahrtr Understand. If you have decided to keep both flags , I can close this PR.

No need to close the PR. Can you repurpose the PR to migrate the flag to one without the prefix? like #19156?

Thank you!

[ahrtr]

@wodeyoulai are you still working on this PR?

[wodeyoulai]

/retest

[ahrtr]

@wodeyoulai are you still working on this PR?

[wodeyoulai]

@wodeyoulai are you still working on this PR?

I will add the remaining tests.

[ahrtr]

Please

• Rebase this PR (don't merge main into your dev branch). Ensure you understand the concept of rebase and how to do rebase
• Follow the same pattern as migrate experimental-memory-mlock flag to memory-mlock #19282

[k8s-ci-robot]

@wodeyoulai: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-etcd-verify	e43c1bf	link	true	/test pull-etcd-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[wodeyoulai]

@ahrtr I encountered conflicts in tests after rebasing. Given the complexity, I'd like to pass this PR to someone else. Thank you for your help.

[ahrtr]

@ahrtr I encountered conflicts in tests after rebasing. Given the complexity, I'd like to pass this PR to someone else. Thank you for your help.

cc @fuwei @SiyuanZhang

[siyuanfoundation]

Suggested change

	type securityConfig struct {
	PeerSkipClientSanVerification bool `json:"peer-skip-client-san-verification"`
	}

[siyuanfoundation]

@wodeyoulai You did a really great job! Just need to remove type securityConfig in the test then it would be good to go. It's really close. Do you want to get it through the finish line?