New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-3356: E2E test for cookie length truncation #871
OCPBUGS-3356: E2E test for cookie length truncation #871
Conversation
@rfredette: This pull request references Jira Issue OCPBUGS-3356, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
With this and the related router PR loaded on a cluster, I don't see the truncation warning, but I am seeing this message popping up every few seconds in the router logs:
If I revert the ingress operator to the version without this change, I see the truncation warning but not this webhook message, so I don't think it's a configuration issue, but I need to dig some more to figure out what this error message even really means... |
/jira refresh |
@rfredette: This pull request references Jira Issue OCPBUGS-3356, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
/remove-lifecycle rotten |
2a4ff9d
to
961a614
Compare
some tests failed due to an issue building the image, but since other tests didn't hit that issue, I'm assuming it was a timing thing. |
The new test,
|
642b3e1
to
c11ca02
Compare
After looking at this again, it's simpler to have the router figure out when to set
|
c11ca02
to
29b1632
Compare
/assign @frobware |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to see tests for where the maxLength for the cookie capture is 63 and 1024. The API forces a value so the first would exercise the default, and the latter tests for the API's maximum. In both cases we should assert that cookie values that are 1 more than the specified max get truncated.
} | ||
if !foundExpectedCookie { | ||
t.Fatalf("did not find expected truncated cookie string: %v", expectedTruncatedCookieString) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a message here so that if there are some failures and some successes, you will know which succeeded.
} | |
} | |
t.Logf("found expected cookie truncated to %d", maxLength) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Each test case is run with t.Run()
, so they show up separately in the test output. To induce a failure and to test out a question you asked in another comment, I changed the 1024 byte case to 1026 bytes and ran the test. Here's a snippet of the output:
=== NAME TestCookieLen/1026_bytes
tuning_options_test.go:379: Failed to create ingresscontroller openshift-ingress-operator/test-cookielen-hv8vz: IngressController.operator.openshift.io "test-cookielen-hv8vz" is invalid: spec.logging.access.httpCaptureCookies[0].maxLength: Invalid value: 1026: spec.logging.access.httpCaptureCookies[0].maxLength in body should be less than or equal to 1024
... cut for brevity ...
=== NAME TestCookieLen/128_bytes
tuning_options_test.go:541: deleted ingresscontroller test-cookielen-j5lxj
=== NAME TestCookieLen/63_bytes
tuning_options_test.go:541: deleted ingresscontroller test-cookielen-kh5rl
--- FAIL: TestCookieLen (0.00s)
--- FAIL: TestCookieLen/1026_bytes (0.07s)
--- PASS: TestCookieLen/64_bytes (90.57s)
--- PASS: TestCookieLen/128_bytes (91.78s)
--- PASS: TestCookieLen/63_bytes (93.00s)
FAIL
FAIL github.com/openshift/cluster-ingress-operator/test/e2e 93.475s
FAIL
The output does get interleaved due to the parallel execution, but I think it's clear enough which test case is which.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was asking about adding a positive message to match the negative message: "did not find expected truncated cookie string". It's a nit.
But the error message I see above for 1026 bytes, that seems weird. It starts with "Failed to create ingresscontroller". Can you add a test that you expect to fail and print out the reason why it fails rather than the reason why the ingress controller doesn't get created?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The error message in the 1026 case was the expected one. httpCaptureCookies.maxLength
is a field of the ingresscontroller object, and the openshift API limits it to a number between 1 and 1024, so trying to set it to a number outside that range will cause the ingresscontroller to be rejected
b2479e7
to
7a3a5e6
Compare
Test failures are unrelated. |
7a3a5e6
to
64187cb
Compare
test/e2e/tuning_options_test.go
Outdated
} | ||
|
||
logsContainerName := "logs" | ||
readCloser, err := client.CoreV1().Pods(routerPod.Namespace).GetLogs(routerPod.Name, &corev1.PodLogOptions{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pattern that is used for scanning logs usually has a poll loop, like https://github.com/openshift/cluster-ingress-operator/blame/master/test/e2e/http_header_buffer_test.go#L134-L163. If it isn't there the first time you check, it may not have arrived yet.
64187cb
to
4aa579b
Compare
@rfredette: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest |
/lgtm |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: candita The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/acknowledge-critical-fixes-only |
/label acknowledge-critical-fixes-only |
@rfredette: Jira Issue OCPBUGS-3356: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-3356 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fix included in accepted release 4.14.0-0.nightly-2023-09-11-201102 |
This PR adds a new test,
TestCookieLen
, which verifies that cookies inspec.logging.access.httpCaptureCookies
are truncated to the specified max length.This tests the fix in openshift/router#436