tests: TestTLSChallenge improvements by porridge · Pull Request #12305 · stackrox/stackrox

porridge · 2024-08-07T05:09:06Z

Description

The primary change is to explicitly refer to the image pull secret in the pod template rather than patch the default service account, since the latter seems unreliable.
In this flake the nginx image for the proxy failed to pull due to unauthorized: access to the requested resource is not authorized. Upon inspection, the default service account was lacking the necessary image pull secret reference (which the test did patch in on setup).
I don't know if this means it does the patching in a wrong way, which becomes a no-op in some corner case, or some other operation reverted its patch somehow (though the only write operation I see in the audit log was token subresource creation by the kubelet). I asked for some advice since this really puzzles me.
Either way, this method seems unreliable, so I'm changing it to an explicit reference to the pull secret in the pod template, which has the additional benefit of being a bit quicker.
While at it, also adjust the timeouts so that things fit in the overall 30m timeout for every test.
Implement a mustGetEnv that shouts if an env variable isn't present
Use the proxyNs const directly
FTR I'm not drop build flags from common*.go because it's not that simple.

User-facing documentation

CHANGELOG is updated OR update is not needed
documentation PR is created and is linked above OR is not needed

Testing and quality

the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
CI results are inspected

Automated testing

modified existing tests

How I validated my change

run this multiple times to make sure it's solid

rhacs-bot · 2024-08-07T05:31:46Z

Images are ready for the commit at 704d97d.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.6.x-250-g704d97dde7.

codecov · 2024-08-07T06:11:49Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.27%. Comparing base (919281b) to head (1cce8dd).
Report is 10 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12305   +/-   ##
=======================================
  Coverage   48.27%   48.27%           
=======================================
  Files        2402     2402           
  Lines      171570   171571    +1     
=======================================
+ Hits        82819    82820    +1     
  Misses      82064    82064           
  Partials     6687     6687

Flag	Coverage Δ
go-unit-tests	`48.27% <ø> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

porridge · 2024-08-07T06:13:06Z

/retest-times 7 gke-nongroovy-e2e-tests
/retest-times 7 ocp-4-12-nongroovy-e2e-tests
/retest-times 7 ocp-4-16-nongroovy-e2e-tests

gitguardian · 2024-08-07T06:13:45Z

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

rhacs-bot · 2024-08-07T07:59:18Z

/test gke-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T08:12:51Z

/test ocp-4-12-nongroovy-e2e-tests
/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:12:21Z

/test gke-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:24:53Z

/test gke-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:33:56Z

/test gke-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:42:29Z

/test gke-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:51:09Z

/test gke-nongroovy-e2e-tests
/test ocp-4-12-nongroovy-e2e-tests
/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T09:59:37Z

/test gke-nongroovy-e2e-tests
/test ocp-4-12-nongroovy-e2e-tests
/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T10:12:03Z

/test ocp-4-12-nongroovy-e2e-tests
/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T10:25:21Z

Images are ready for the commit at 1cce8dd.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.6.x-257-g1cce8dd7f0.

rhacs-bot · 2024-08-07T13:39:32Z

/test ocp-4-12-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T13:49:18Z

/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T15:33:46Z

/test ocp-4-12-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T15:51:11Z

/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T15:59:45Z

/test ocp-4-12-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T18:01:05Z

/test ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-07T19:49:05Z

/retest

rhacs-bot · 2024-08-07T21:32:54Z

Images are ready for the commit at e6b60e6.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.6.x-264-ge6b60e6420.

porridge · 2024-08-08T06:58:11Z

/retest-times 7 gke-nongroovy-e2e-tests
/retest-times 7 ocp-4-12-nongroovy-e2e-tests
/retest-times 7 ocp-4-16-nongroovy-e2e-tests

rhacs-bot · 2024-08-08T06:59:05Z

/test gke-nongroovy-e2e-tests
/test ocp-4-12-nongroovy-e2e-tests
/test ocp-4-16-nongroovy-e2e-tests

openshift-ci · 2024-08-08T07:07:56Z

@porridge: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/gke-qa-e2e-tests	`e6b60e6`	link	false	`/test gke-qa-e2e-tests`
ci/prow/ocp-4-12-nongroovy-e2e-tests	`e6b60e6`	link	false	`/test ocp-4-12-nongroovy-e2e-tests`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

rhacs-bot · 2024-08-08T07:11:55Z

/test ocp-4-12-nongroovy-e2e-tests

porridge · 2024-08-08T07:28:28Z

/retest

porridge mentioned this pull request Aug 7, 2024

tests: rewrite in go and simplify TLSChallengeTest #12292

Merged

5 tasks

porridge changed the title ~~tests: specify img pull secret in pod spec~~ tests: TestTLSChallenge improvements Aug 7, 2024

porridge changed the base branch from porridge/tls-challenge-test-go-2 to master August 7, 2024 06:13

porridge added the auto-retest PRs with this label will be automatically retested if prow checks fails label Aug 7, 2024

porridge force-pushed the porridge/tls-challenge-test-improve branch from 704d97d to 267a717 Compare August 7, 2024 10:25

porridge added 3 commits August 8, 2024 06:57

tests: specify img pull secret in pod spec

83369f7

Shorter timeouts to fit in 30m

98afe97

use the const

e76d3be

mustGetEnv

e6b60e6

porridge force-pushed the porridge/tls-challenge-test-improve branch from 1cce8dd to e6b60e6 Compare August 8, 2024 04:57

porridge requested a review from janisz August 8, 2024 07:29

janisz approved these changes Aug 8, 2024

View reviewed changes

porridge enabled auto-merge (squash) August 8, 2024 07:38

porridge merged commit e3013d6 into master Aug 8, 2024

porridge deleted the porridge/tls-challenge-test-improve branch August 8, 2024 07:57

shireenf-ibm pushed a commit to shireenf-ibm/stackrox that referenced this pull request Aug 8, 2024

tests: TestTLSChallenge improvements (stackrox#12305)

c6b35f3

Conversation

porridge commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

User-facing documentation

Testing and quality

Automated testing

How I validated my change

Uh oh!

rhacs-bot commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

porridge commented Aug 7, 2024

Uh oh!

gitguardian bot commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

️✅ There are no secrets present in this pull request anymore.

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024

Uh oh!

rhacs-bot commented Aug 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

porridge commented Aug 8, 2024

Uh oh!

rhacs-bot commented Aug 8, 2024

Uh oh!

openshift-ci bot commented Aug 8, 2024

Uh oh!

rhacs-bot commented Aug 8, 2024

Uh oh!

porridge commented Aug 8, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

porridge commented Aug 7, 2024 •

edited

Loading

rhacs-bot commented Aug 7, 2024 •

edited

Loading

codecov bot commented Aug 7, 2024 •

edited

Loading

gitguardian bot commented Aug 7, 2024 •

edited

Loading

rhacs-bot commented Aug 7, 2024 •

edited

Loading

rhacs-bot commented Aug 7, 2024 •

edited

Loading