test/e2e/prometheusadapter: reenable CA rotation test #576
Conversation
openshift-ci-robot
added
size/L
|
/test e2e-aws-operator |
|
I have to look into this one 🤔 |
|
I found at least the root cause for the above message: it is the OAuth proxy telling us we're not allowed to execute the request (403). As we don't check the response status code, we try to parse the OAuth login html which causes the above error to be generated. This is unrelated to this PR as it happens in the framework setup but I'll try to fix it here as we're here. |
This reenables the requestheader CA rotation e2e test by using a different method. It deletes the CSR signer secrets causing the extension-apiserver-authentication configmap to be reissued.
s-urbaniak
force-pushed
the
reenable-prom-adapter-rotation-test
branch
from
59220c0
to
c5a802d
Compare
|
@lilic now this is good to go, PTAL. I hopefully fixed the outstanding issues with our e2e test client in new commit. |
| _, dockerToken := secret.Annotations["openshift.io/create-dockercfg-secrets"] | ||
| e2eToken := strings.Contains(secret.Name, "cluster-monitoring-operator-e2e-token-") | ||
|
|
||
| if !dockerToken && e2eToken { |
There was a problem hiding this comment.
Can we just add a comment that if its dockerToken that means this token is an invalid one, to avoid future confusion.
We have a couple of potential e2e flake sources: 1. We don't check the response code from the prometheus query response. That causes the vanilla http response in case of error to be parsed as JSON which fails. We should bail out with the http status code instead. 2. It happens that we sometimes don't pick the correct token secret. With every service account there are two token secrets. One is the internal Kubernetes service account token, the other one is associated with the internal OpenShift Docker registry. We have to pick the right one otherwise non-deterministically the wrong token will be chosen. This fixes the above two issues.
s-urbaniak
force-pushed
the
reenable-prom-adapter-rotation-test
branch
from
c5a802d
to
c9e05d6
Compare
|
@lilic ptal |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LiliC, s-urbaniak The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Seems like a flake |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
This reenables the requestheader CA rotation e2e test
by using a different method.
It deletes the CSR signer secrets causing the extension-apiserver-authentication
configmap to be reissued.
/cc @openshift/openshift-team-monitoring