Bug 1986228: NE-310 E2E test for HSTS #639

candita · 2021-07-28T01:21:36Z

Simple e2e test to ensure:

updated CRD is available
HSTS validation is operational
HSTS header is returned from query to annotated route

openshift-ci · 2021-07-28T01:21:43Z

@candita: This pull request references Bugzilla bug 1986228, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.9.0) matches configured target release for branch (4.9.0)
bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @lihongan

In response to this:

Bug 1986228: NE-310 E2E test for HSTS - vendor files

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

candita · 2021-07-28T01:24:23Z

Depends on merge of openshift/openshift-apiserver#224
/hold

candita · 2021-07-28T03:32:30Z

/test images

openshift-ci · 2021-07-28T03:44:09Z

@candita: This pull request references Bugzilla bug 1986228, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.9.0) matches configured target release for branch (4.9.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @lihongan

In response to this:

Bug 1986228: NE-310 E2E test for HSTS - vendor files

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

candita · 2021-07-30T14:48:40Z

=== RUN   TestHstsPolicyWorks
    hsts_policy_test.go:66: created a RequiredHSTSPolicy with DomainPatterns: [hsts-policy.ci-ln-rvipfd2-d5d6b.origin-ci-int-aws.dev.rhcloud.com hsts-policy2.ci-ln-rvipfd2-d5d6b.origin-ci-int-aws.dev.rhcloud.com], preload policy: RequirePreload, includeSubDomains policy: RequireIncludeSubDomains, largest age: 99999, smallest age: 1
    hsts_policy_test.go:125: Creating first route at 2021-07-29 22:23:59.475874431 -0400 EDT m=+39.051669860
    hsts_policy_test.go:131: created a route at 2021-07-29 22:23:59.51421413 -0400 EDT m=+39.090009562: openshift-ingress/hsts-policy-echo with annotation map[haproxy.router.openshift.io/hsts_header:max-age=99999;preload;includesubdomains]
    hsts_policy_test.go:135: Creating second route at 2021-07-29 22:23:59.514254393 -0400 EDT m=+39.090049814
    hsts_policy_test.go:141: rejected an invalid route at 2021-07-29 22:23:59.535622434 -0400 EDT m=+39.111417864: openshift-ingress/hsts-policy-echo2 with annotation map[haproxy.router.openshift.io/hsts_header:max-age=99999999]: routes.route.openshift.io "hsts-policy-echo2" is forbidden: is greater than maximum age (99999)
    hsts_policy_test.go:151: deleted ingresscontroller hsts-policy
--- PASS: TestHstsPolicyWorks (37.53s)
PASS

candita · 2021-07-30T14:52:22Z

SCC error
/retest

candita · 2021-08-11T14:32:25Z

...skipping gathering podnetworkconnectivitychecks.controlplane.operator.openshift.io due to error: the server doesn't have a resource type "podnetworkconnectivitychecks", skipping gathering EgressFirewall.k8s.ovn.org due to error: the server doesn't have a resource type "EgressFirewall", skipping gathering EgressIP.k8s.ovn.org due to error: the server doesn't have a resource type "EgressIP", skipping gathering endpoints/host-[etcd-2](https://issues.redhat.com/browse/etcd-2) due to error: endpoints "host-[etcd-2](https://issues.redhat.com/browse/etcd-2)" not found, skipping gathering namespaces/openshift-manila-csi-driver due to error: namespaces "openshift-manila-csi-driver" not found]
/test e2e-upgrade

test/e2e/util.go

candita · 2021-08-11T18:50:24Z

`Aug 11 18:01:20.878 E ns/e2e-test-cluster-client-cert-jxtsg pod/get-bootstrap-creds node/ip-10-0-181-124.ec2.internal container/get-bootstrap-creds container exited with code 137 (Error):
/test e2e-aws

candita · 2021-08-11T18:51:33Z

/test e2e-aws

candita · 2021-08-11T20:29:47Z

fail [github.com/openshift/origin/test/extended/authorization/scc.go:73]: 8 pods failed before test on SCC errors
Error creating: pods "cloud-credential-operator-c57746c7b-" is forbidden: unable to validate against any security context constraint: provider "privileged": Forbidden: not usable by user or serviceaccount for ReplicaSet.apps/v1/cloud-credential-operator-c57746c7b -n openshift-cloud-credential-operator happened 12 times

/test e2e-upgrade

frobware

Overall LGTM, just a few things to tidy up. Thanks for persevering here.

test/e2e/hsts_policy_test.go

test/e2e/util.go

test/e2e/hsts_policy_test.go

test/e2e/util.go

test/e2e/hsts_policy_test.go

frobware · 2021-08-12T15:58:15Z

@candita thanks for persevering with all the changes over the last few days.

/lgtm

openshift-ci · 2021-08-12T16:04:47Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: candita, frobware

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [candita,frobware]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

candita · 2021-08-12T17:07:54Z

...Bootstrap failed to complete: timed out waiting for the condition
level=error msg=Failed to wait for bootstrapping to complete. This error usually happens when there is a problem with control plane hosts that prevents the control plane operators from creating the control plane.

/test e2e-upgrade

openshift-ci · 2021-08-12T17:13:34Z

@candita: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-single-node	`7438696`	link	`/test e2e-aws-single-node`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-bot · 2021-08-12T19:02:36Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-12T19:28:37Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-ci · 2021-08-12T19:39:37Z

@candita: All pull requests linked via external trackers have merged:

openshift/cluster-ingress-operator#639

Bugzilla bug 1986228 has been moved to the MODIFIED state.

In response to this:

Bug 1986228: NE-310 E2E test for HSTS

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci bot requested review from lihongan, frobware and rfredette July 28, 2021 01:21

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 28, 2021

openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 28, 2021

candita force-pushed the BZ-1986228-e2eTests branch from 521fa7f to af9ce14 Compare July 28, 2021 02:43

openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 28, 2021

candita force-pushed the BZ-1986228-e2eTests branch 2 times, most recently from 3d655f2 to 66694c5 Compare July 28, 2021 03:25

candita force-pushed the BZ-1986228-e2eTests branch from 66694c5 to 7d464a0 Compare July 28, 2021 03:43

candita force-pushed the BZ-1986228-e2eTests branch 2 times, most recently from c92663c to d0f61d9 Compare July 28, 2021 04:19

candita changed the title ~~Bug 1986228: NE-310 E2E test for HSTS - vendor files~~ Bug 1986228: NE-310 E2E test for HSTS Jul 28, 2021

candita force-pushed the BZ-1986228-e2eTests branch 4 times, most recently from cf7bd01 to c4c3e62 Compare July 28, 2021 21:40

candita changed the title ~~Bug 1986228: NE-310 E2E test for HSTS~~ [WIP] Bug 1986228: NE-310 E2E test for HSTS Jul 28, 2021

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 28, 2021

candita force-pushed the BZ-1986228-e2eTests branch 2 times, most recently from 3fd8c2d to b166fd2 Compare July 30, 2021 02:55