Bug 1771335: Verify pullsecret builds

[adambkaplan]

No description provided.

[openshift-ci-robot]

@adambkaplan: This pull request references Bugzilla bug 1771335, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

[WIP] Bug 1771335: Verify pullsecret builds

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[adambkaplan]

fyi @gabemontero @nalind - this should verify that we're using a pull secret correctly in builds. Right now something is preventing this from working correctly.

[adambkaplan]

@gabemontero squashed this, gcp-builds should pass with your fix.

[gabemontero]

/lgtm

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[gabemontero]

google iam policy problem with e2e-gcp-builds

[gabemontero]

more ci install flakes with e2e-gcp-builds

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[gabemontero]

still install flakes on e2e-gcp-builds

[gabemontero]

ok we got a clean install but your test case still failed @adambkaplan

apparently my manual testing using my tbr cred and the new-app invocation from the bug is not quite the same as your new test case

I'll start running your new test case manually with some additional debug and see what is going on

[gabemontero]

/hold

[gabemontero]

the linked secret test case worked for me locally ... see my comment below about the yaml correction you need to make the other one work @adambkaplan

[gabemontero]

@adambkaplan looks like the indentation on you yaml is resulting in this pull secret not getting pulled in

See that it is missing when I use it as is to create the BC:

gmontero ~/QE_bzs/img-src-auth $ cat pullsecret-nodejs.yaml 
kind: BuildConfig
apiVersion: v1
metadata:
  name: pullsecret-nodejs
spec:
  source:
    git:
      uri: "https://github.com/sclorg/nodejs-ex.git"
  strategy:
    type: Source
    sourceStrategy:
      from:
        kind: DockerImage
        name: registry.redhat.io/rhscl/nodejs-10-rhel7:latest
    pullSecret:
      name: local-ps
gmontero ~/QE_bzs/img-src-auth $ oc get bc -o yaml
apiVersion: v1
items:
- apiVersion: build.openshift.io/v1
  kind: BuildConfig
  metadata:
    creationTimestamp: "2019-11-15T18:35:13Z"
    name: pullsecret-nodejs
    namespace: ggmtest
    resourceVersion: "49618"
    selfLink: /apis/build.openshift.io/v1/namespaces/ggmtest/buildconfigs/pullsecret-nodejs
    uid: e4c6808a-da49-4a11-b9e1-ca736e533014
  spec:
    failedBuildsHistoryLimit: 5
    nodeSelector: null
    output: {}
    postCommit: {}
    resources: {}
    runPolicy: Serial
    source:
      git:
        uri: https://github.com/sclorg/nodejs-ex.git
      type: Git
    strategy:
      sourceStrategy:
        from:
          kind: DockerImage
          name: registry.redhat.io/rhscl/nodejs-10-rhel7:latest
      type: Source
    successfulBuildsHistoryLimit: 5
    triggers: []
  status:
    lastVersion: 1
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
gmontero ~/QE_bzs/img-src-auth $

when I indent pullSecret in by 2 spaces, it is incorporated:

gmontero ~/QE_bzs/img-src-auth $ oc get bc -o yaml
apiVersion: v1
items:
- apiVersion: build.openshift.io/v1
  kind: BuildConfig
  metadata:
    creationTimestamp: "2019-11-15T18:45:03Z"
    name: pullsecret-nodejs
    namespace: ggmtest
    resourceVersion: "52110"
    selfLink: /apis/build.openshift.io/v1/namespaces/ggmtest/buildconfigs/pullsecret-nodejs
    uid: e56ff415-94da-4da0-b20b-a53f2e7c49dd
  spec:
    failedBuildsHistoryLimit: 5
    nodeSelector: null
    output: {}
    postCommit: {}
    resources: {}
    runPolicy: Serial
    source:
      git:
        uri: https://github.com/sclorg/nodejs-ex.git
      type: Git
    strategy:
      sourceStrategy:
        from:
          kind: DockerImage
          name: registry.redhat.io/rhscl/nodejs-10-rhel7:latest
        pullSecret:
          name: local-ps
      type: Source
    successfulBuildsHistoryLimit: 5
    triggers: []
  status:
    lastVersion: 0
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
gmontero ~/QE_bzs/img-src-auth $ 

and the build ultimatey works with my changes to openshift/builder

please update this and we'll try the e2e in this PR again

[gabemontero]

the corrected pullsecret-nodejs yaml:

gmontero ~/QE_bzs/img-src-auth $ cat pullsecret-nodejs.yaml
kind: BuildConfig
apiVersion: v1
metadata:
  name: pullsecret-nodejs
spec:
  source:
    git:
      uri: "https://github.com/sclorg/nodejs-ex.git"
  strategy:
    type: Source
    sourceStrategy:
      from:
        kind: DockerImage
        name: registry.redhat.io/rhscl/nodejs-10-rhel7:latest
      pullSecret:
        name: local-ps
gmontero ~/QE_bzs/img-src-auth $ 

[adambkaplan]

@gabemontero gotta love YAML. Fixed in the next push.

[gabemontero]

yes you do :-)

[gabemontero]

/lgtm cancel

[gabemontero]

/hold cancel

[gabemontero]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, gabemontero

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• test/extended/OWNERS [adambkaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gabemontero]

prometheus failures in e2e-gcp

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[gabemontero]

e2e-gcp-builds is passing @adambkaplan

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[gabemontero]

install flake e2e-gcp

/retest

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@adambkaplan: All pull requests linked via external trackers have merged. Bugzilla bug 1771335 has been moved to the MODIFIED state.

In response to this:

Bug 1771335: Verify pullsecret builds

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[gabemontero]

@adambkaplan do we want to cherrypick this test back to 4.2 / 4.1 since we are backporting the CVE fix to not always setting skip tls verify to true to those destinations ?