New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1986575: Add e2e test cases for haproxy timeout api fields, and reject negative timeout values #644
Bug 1986575: Add e2e test cases for haproxy timeout api fields, and reject negative timeout values #644
Conversation
@rfredette: This pull request references Bugzilla bug 1986575, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@rfredette: An error was encountered querying GitHub for users with public email (hongli@redhat.com) for bug 1986575 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
non-200 OK status code: 403 Forbidden body: "{\n \"documentation_url\": \"https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits\",\n \"message\": \"You have exceeded a secondary rate limit. Please wait a few minutes before you try again.\"\n}\n"
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@rfredette: This pull request references Bugzilla bug 1986575, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@@ -521,22 +521,22 @@ func desiredRouterDeployment(ci *operatorv1.IngressController, ingressController | |||
} | |||
env = append(env, corev1.EnvVar{Name: RouterHAProxyThreadsEnvName, Value: strconv.Itoa(threads)}) | |||
|
|||
if ci.Spec.TuningOptions.ClientTimeout != nil && ci.Spec.TuningOptions.ClientTimeout.Duration != 0*time.Second { | |||
if ci.Spec.TuningOptions.ClientTimeout != nil && ci.Spec.TuningOptions.ClientTimeout.Duration > 0*time.Second { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if Spec.TuningOptions is nil? Is that possible?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if Spec.TuningOptions is nil? Is that possible?
It isn't possible. Spec.TuningOptions
is not a pointer type.
t.Errorf("expected %s = %q, got %q", envVar.Name, tlsInspectDelayOutput, envVar.Value) | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be best to actually see these show up in the haproxy.config file with the values that you specified. You would need to scan a router pod's haproxy.config for the timeout values that should be there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I will add checks for the values in haproxy's config.
conditions := []operatorv1.OperatorCondition{ | ||
{Type: operatorv1.IngressControllerAvailableConditionType, Status: operatorv1.ConditionTrue}, | ||
{Type: operatorv1.LoadBalancerManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
{Type: operatorv1.DNSManagedIngressConditionType, Status: operatorv1.ConditionFalse}, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use IngressControllerAvailableConditionType
.
test/e2e/haproxy_timeouts_test.go
Outdated
case "ROUTER_DEFAULT_CLIENT_TIMEOUT": | ||
fallthrough | ||
case "ROUTER_CLIENT_FIN_TIMEOUT": | ||
fallthrough | ||
case "ROUTER_DEFAULT_SERVER_TIMEOUT": | ||
fallthrough | ||
case "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT": | ||
fallthrough | ||
case "ROUTER_DEFAULT_TUNNEL_TIMEOUT": | ||
fallthrough | ||
case "ROUTER_INSPECT_DELAY": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
case "ROUTER_DEFAULT_CLIENT_TIMEOUT": | |
fallthrough | |
case "ROUTER_CLIENT_FIN_TIMEOUT": | |
fallthrough | |
case "ROUTER_DEFAULT_SERVER_TIMEOUT": | |
fallthrough | |
case "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT": | |
fallthrough | |
case "ROUTER_DEFAULT_TUNNEL_TIMEOUT": | |
fallthrough | |
case "ROUTER_INSPECT_DELAY": | |
case "ROUTER_DEFAULT_CLIENT_TIMEOUT", "ROUTER_CLIENT_FIN_TIMEOUT", "ROUTER_DEFAULT_SERVER_TIMEOUT", "ROUTER_DEFAULT_SERVER_FIN_TIMEOUT", "ROUTER_DEFAULT_TUNNEL_TIMEOUT", "ROUTER_INSPECT_DELAY": |
Edit: Ignore this suggestion if you're replacing this logic with a check for the settings in haproxy.config
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a few spots we can tighten up the code or stop the test early where later steps depend on an earlier step that has failed. Otherwise, looks good. I look forward to using podExec
in other E2E tests!
test/e2e/haproxy_timeouts_test.go
Outdated
return false, nil | ||
}) | ||
if pollErr != nil { | ||
t.Errorf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
t.Errorf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) | |
t.Fatalf("Router pod %s failed to become ready: %v", routerPod.Name, pollErr) |
t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | ||
t.Errorf("stderr: %v", stderr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | |
t.Errorf("stderr: %v", stderr) | |
t.Errorf("Error executing %s: %v", strings.Join(cmd, " "), err) | |
t.Errorf("stderr: %v", stderr) | |
continue |
test/e2e/haproxy_timeouts_test.go
Outdated
} | ||
values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | ||
// tcp-request inspect-delay is set in 2 places, but both should match | ||
if len(values) != 2 { | ||
t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | ||
} | ||
inspectDelayDefault := "5s" | ||
if strings.TrimSpace(values[0]) != inspectDelayDefault || | ||
strings.TrimSpace(values[1]) != inspectDelayDefault { | ||
t.Errorf("Expected value for \"tcp-request inspect-delay\" to be %v, got %v", []string{"5s", "5s"}, values) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
} | |
values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | |
// tcp-request inspect-delay is set in 2 places, but both should match | |
if len(values) != 2 { | |
t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | |
} | |
inspectDelayDefault := "5s" | |
if strings.TrimSpace(values[0]) != inspectDelayDefault || | |
strings.TrimSpace(values[1]) != inspectDelayDefault { | |
t.Errorf("Expected value for \"tcp-request inspect-delay\" to be %v, got %v", []string{"5s", "5s"}, values) | |
} | |
} else { | |
values := strings.Split(strings.TrimSpace(stdout.String()), "\n") | |
// tcp-request inspect-delay is set in 2 places, but both should match | |
if len(values) != 2 { | |
t.Errorf("Expected 2 instances of \"tcp-request inspect-delay\", got %v", len(values)) | |
} else { | |
inspectDelayDefault := "5s" | |
if strings.TrimSpace(values[0]) != inspectDelayDefault || | |
strings.TrimSpace(values[1]) != inspectDelayDefault { | |
t.Errorf(`Expected value for "tcp-request inspect-delay" to be %v, got %v`, []string{"5s", "5s"}, values) | |
} | |
} | |
} |
test/e2e/util.go
Outdated
err = exec.Stream(remotecommand.StreamOptions{ | ||
Stdout: stdout, | ||
Stderr: stderr, | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
err = exec.Stream(remotecommand.StreamOptions{ | |
Stdout: stdout, | |
Stderr: stderr, | |
}) | |
if err != nil { | |
return err | |
} | |
return nil | |
return exec.Stream(remotecommand.StreamOptions{ | |
Stdout: stdout, | |
Stderr: stderr, | |
}) |
f93a823
to
8f66ed0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, just noticed a couple more small things that should be addressed.
test/e2e/haproxy_timeouts_test.go
Outdated
} | ||
pollErr := wait.PollImmediate(2*time.Second, 5*time.Minute, func() (bool, error) { | ||
if err := kclient.List(context.TODO(), podList, client.InNamespace(deployment.Namespace), client.MatchingLabels(labels)); err != nil { | ||
t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using t.Errorf
isn't quite the right thing to do here because it won't terminate the polling loop, but it will cause the test to fail even if the polling loop succeeds on the next try. Better to log and return to retry immediately:
t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | |
t.Logf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | |
return false, nil |
t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | ||
} | ||
|
||
routerPod = podList.Items[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The List
could have successfully listed 0 pods:
routerPod = podList.Items[0] | |
if len(podList.Items) == 0 { | |
t.Logf("failed to find any pods for ingress controllers %s", ic.Name) | |
return false, nil | |
} | |
routerPod = podList.Items[0] |
test/e2e/haproxy_timeouts_test.go
Outdated
t.Errorf("failed to list pods for ingress controllers %s: %v", ic.Name, err) | ||
} | ||
|
||
routerPod = podList.Items[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My previous two comments apply here as well.
…gative timeout values HAProxy won't accept timeouts with negative values, so if one makes it into the ingresscontroller config, discard it and use the default value
8f66ed0
to
855e6de
Compare
Thanks @Miciah! I've incorporated your suggested changes. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, rfredette The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@rfredette: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@rfredette: All pull requests linked via external trackers have merged: Bugzilla bug 1986575 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR adds 2 tests to the e2e suite:
TestHAProxyTimeouts:
Duration
tostring
, would be invalid strings to HAProxy. E.g.90 * time.Second
would string-ify as "1m30s", but HAProxy requires it to only use one time unit, such as "90s". This makes sure thedurationToHAProxyTimespec
function is working as intended.TestHAProxyTimeoutsRejection:
In addition to the tests, this PR also includes a change to reject timeout values that are zero or less, instead of just rejecting zero-length timeouts. The router image will fall back to using default timeouts if negative ones are set, but rejecting them before they are set in the deployment environment is more obvious to the user.