Bug 1986575: Add e2e test cases for haproxy timeout api fields, and reject negative timeout values #644
Conversation
openshift-ci
bot
added
bugzilla/severity-medium
|
@rfredette: This pull request references Bugzilla bug 1986575, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
approved
|
/bugzilla refresh |
|
@rfredette: An error was encountered querying GitHub for users with public email (hongli@redhat.com) for bug 1986575 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
non-200 OK status code: 403 Forbidden body: "{\n \"documentation_url\": \"https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits\",\n \"message\": \"You have exceeded a secondary rate limit. Please wait a few minutes before you try again.\"\n}\n"
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/bugzilla refresh |
openshift-ci
bot
added
bugzilla/valid-bug
|
@rfredette: This pull request references Bugzilla bug 1986575, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| @@ -521,22 +521,22 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController | |||
| } | |||
| env = append(env, corev1.EnvVar{Name: RouterHAProxyThreadsEnvName, Value: strconv.Itoa(threads)}) | |||
|
|
|||
| if ci.Spec.TuningOptions.ClientTimeout != nil && ci.Spec.TuningOptions.ClientTimeout.Duration != 0*time.Second { | |||
| if ci.Spec.TuningOptions.ClientTimeout != nil && ci.Spec.TuningOptions.ClientTimeout.Duration > 0*time.Second { | |||
There was a problem hiding this comment.
What if Spec.TuningOptions is nil? Is that possible?
There was a problem hiding this comment.
What if Spec.TuningOptions is nil? Is that possible?
It isn't possible. Spec.TuningOptions is not a pointer type.
| t.Errorf("expected %s = %q, got %q", envVar.Name, tlsInspectDelayOutput, envVar.Value) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
It would be best to actually see these show up in the haproxy.config file with the values that you specified. You would need to scan a router pod's haproxy.config for the timeout values that should be there.
There was a problem hiding this comment.
Good point. I will add checks for the values in haproxy's config.
| conditions := []operatorv1.OperatorCondition{ | ||
| {Type: operatorv1.IngressControllerAvailableConditionType, Status: operatorv1.ConditionTrue}, | ||
| {Type: operatorv1.LoadBalancerManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
| {Type: operatorv1.DNSManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
| } |
There was a problem hiding this comment.
You can use IngressControllerAvailableConditionType.
test/e2e/haproxy_timeouts_test.go
Outdated
| case "ROUTER_DEFAULT_CLIENT_TIMEOUT": | ||
| fallthrough | ||
| case "ROUTER_CLIENT_FIN_TIMEOUT": | ||
| fallthrough | ||
| case "ROUTER_DEFAULT_SERVER_TIMEOUT": | ||
| fallthrough | ||
| case "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT": | ||
| fallthrough | ||
| case "ROUTER_DEFAULT_TUNNEL_TIMEOUT": | ||
| fallthrough | ||
| case "ROUTER_INSPECT_DELAY": |
There was a problem hiding this comment.
| case "ROUTER_DEFAULT_CLIENT_TIMEOUT": | |
| fallthrough | |
| case "ROUTER_CLIENT_FIN_TIMEOUT": | |
| fallthrough | |
| case "ROUTER_DEFAULT_SERVER_TIMEOUT": | |
| fallthrough | |
| case "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT": | |
| fallthrough | |
| case "ROUTER_DEFAULT_TUNNEL_TIMEOUT": | |
| fallthrough | |
| case "ROUTER_INSPECT_DELAY": | |
| case "ROUTER_DEFAULT_CLIENT_TIMEOUT", "ROUTER_CLIENT_FIN_TIMEOUT", "ROUTER_DEFAULT_SERVER_TIMEOUT", "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT", "ROUTER_DEFAULT_TUNNEL_TIMEOUT", "ROUTER_INSPECT_DELAY": |
Edit: Ignore this suggestion if you're replacing this logic with a check for the settings in haproxy.config.
test/e2e/haproxy_timeouts_test.go
Outdated
| return false, nil | ||
| }) | ||
| if pollErr != nil { | ||
| t.Errorf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) |
There was a problem hiding this comment.
| t.Errorf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) | |
| t.Fatalf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) |
| t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | ||
| t.Errorf("stderr: %v", stderr) |
There was a problem hiding this comment.
| t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | |
| t.Errorf("stderr: %v", stderr) | |
| t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | |
| t.Errorf("stderr: %v", stderr) | |
| continue |
test/e2e/haproxy_timeouts_test.go
Outdated
| } | ||
| values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | ||
| // tcp-request inspect-delay is set in 2 places, but both should match | ||
| if len(values) != 2 { | ||
| t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | ||
| } | ||
| inspectDelayDefault := "5s" | ||
| if strings.TrimSpace(values[0]) != inspectDelayDefault || | ||
| strings.TrimSpace(values[1]) != inspectDelayDefault { | ||
| t.Errorf("Expected value for \"tcp-request inspect-delay\" to be %v, got %v", []string{"5s", "5s"}, values) | ||
| } |
There was a problem hiding this comment.
| } | |
| values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | |
| // tcp-request inspect-delay is set in 2 places, but both should match | |
| if len(values) != 2 { | |
| t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | |
| } | |
| inspectDelayDefault := "5s" | |
| if strings.TrimSpace(values[0]) != inspectDelayDefault || | |
| strings.TrimSpace(values[1]) != inspectDelayDefault { | |
| t.Errorf("Expected value for \"tcp-request inspect-delay\" to be %v, got %v", []string{"5s", "5s"}, values) | |
| } | |
| } else { | |
| values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | |
| // tcp-request inspect-delay is set in 2 places, but both should match | |
| if len(values) != 2 { | |
| t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | |
| } else { | |
| inspectDelayDefault := "5s" | |
| if strings.TrimSpace(values[0]) != inspectDelayDefault || | |
| strings.TrimSpace(values[1]) != inspectDelayDefault { | |
| t.Errorf(`Expected value for "tcp-request inspect-delay" to be %v, got %v`, []string{"5s", "5s"}, values) | |
| } | |
| } | |
| } |
test/e2e/util.go
Outdated
| err = exec.Stream(remotecommand.StreamOptions{ | ||
| Stdout: stdout, | ||
| Stderr: stderr, | ||
| }) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| return nil |
There was a problem hiding this comment.
| err = exec.Stream(remotecommand.StreamOptions{ | |
| Stdout: stdout, | |
| Stderr: stderr, | |
| }) | |
| if err != nil { | |
| return err | |
| } | |
| return nil | |
| return exec.Stream(remotecommand.StreamOptions{ | |
| Stdout: stdout, | |
| Stderr: stderr, | |
| }) |
rfredette
force-pushed
the
haproxy-timeout-tests
branch
from
f93a823
to
8f66ed0
Compare
test/e2e/haproxy_timeouts_test.go
Outdated
| } | ||
| pollErr := wait.PollImmediate(2*time.Second, 5*time.Minute, func() (bool, error) { | ||
| if err := kclient.List(context.TODO(), podList, client.InNamespace(deployment.Namespace), client.MatchingLabels(labels)); err != nil { | ||
| t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) |
There was a problem hiding this comment.
Using t.Errorf isn't quite the right thing to do here because it won't terminate the polling loop, but it will cause the test to fail even if the polling loop succeeds on the next try. Better to log and return to retry immediately:
| t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | |
| t.Logf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | |
| return false, nil |
| t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | ||
| } | ||
|
|
||
| routerPod = podList.Items[0] |
There was a problem hiding this comment.
The List could have successfully listed 0 pods:
| routerPod = podList.Items[0] | |
| if len(podList.Items) == 0 { | |
| t.Logf("failed to find any pods for ingress controllers %s", ic.Name) | |
| return false, nil | |
| } | |
| routerPod = podList.Items[0] |
test/e2e/haproxy_timeouts_test.go
Outdated
| t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | ||
| } | ||
|
|
||
| routerPod = podList.Items[0] |
There was a problem hiding this comment.
My previous two comments apply here as well.
…gative timeout values HAProxy won't accept timeouts with negative values, so if one makes it into the ingresscontroller config, discard it and use the default value
rfredette
force-pushed
the
haproxy-timeout-tests
branch
from
8f66ed0
to
855e6de
Compare
|
Thanks @Miciah! I've incorporated your suggested changes. |
|
/lgtm |
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, rfredette The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@rfredette: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@rfredette: All pull requests linked via external trackers have merged: Bugzilla bug 1986575 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR adds 2 tests to the e2e suite:
TestHAProxyTimeouts:
Durationtostring, would be invalid strings to HAProxy. E.g.90 * time.Secondwould string-ify as "1m30s", but HAProxy requires it to only use one time unit, such as "90s". This makes sure thedurationToHAProxyTimespecfunction is working as intended.TestHAProxyTimeoutsRejection:
In addition to the tests, this PR also includes a change to reject timeout values that are zero or less, instead of just rejecting zero-length timeouts. The router image will fall back to using default timeouts if negative ones are set, but rejecting them before they are set in the deployment environment is more obvious to the user.