Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix kube ephemeral container test flakiness #40871

Merged
merged 1 commit into from
Apr 25, 2024
Merged

fix kube ephemeral container test flakiness #40871

merged 1 commit into from
Apr 25, 2024

Conversation

capnspacehook
Copy link
Contributor

The Kubernetes backend expects clients to always have Stdout, Stderr, and Stdin set when executing in/attaching to a container, and not setting these would sometimes panic and cause the test to hang. While fixing this I added another check to test that an ephemeral container is only created once moderated session requirements have been met.

Fixes #40850.

orca-security-us[bot]
orca-security-us bot reviewed Apr 24, 2024
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Infrastructure as Code high 1   medium 2   low 1   info 1 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Vulnerabilities high 0   medium 0   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
high Controller of pods with role that allows the creation or modification of other pods ...bac/ci-teleport.yaml View in code
medium Controller of pods with role that allows attaching or executing commands inside a pod ...bac/ci-teleport.yaml View in code
medium RBAC Roles with Port-Forwarding Permission ...bac/ci-teleport.yaml View in code
low Controller of pods with impersonation privileges service account ...bac/ci-teleport.yaml View in code
info Ensure Administrative Boundaries Between Resources ...bac/ci-teleport.yaml View in code

@capnspacehook capnspacehook added the no-changelog Indicates that a PR does not require a changelog entry label Apr 24, 2024
@gravitational gravitational deleted a comment from github-actions bot Apr 24, 2024
@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from AntonAM April 25, 2024 02:29
@capnspacehook capnspacehook added this pull request to the merge queue Apr 25, 2024
Merged via the queue into master with commit d4c706a Apr 25, 2024
42 of 45 checks passed
@capnspacehook capnspacehook deleted the capnspacehook/moderated-kube-test-flakiness branch April 25, 2024 04:14
capnspacehook added a commit that referenced this pull request Apr 25, 2024
@capnspacehook
fix kube ephemeral container test flakiness (#40871)
d729afc
This was referenced Apr 25, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orca-security-us orca-security-us[bot] orca-security-us left review comments

@probakowski probakowski probakowski approved these changes

@Joerger Joerger Joerger approved these changes

Assignees
No one assigned
Labels
kubernetes-access no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TestKube/EphemeralContainers flakiness
3 participants
@capnspacehook @probakowski @Joerger