New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CSR validation failure for missing status conditions #1229
Fix CSR validation failure for missing status conditions #1229
Conversation
/test vsphere-e2e-operator |
/retest |
b04df72
to
149aa90
Compare
test/e2e/validation_test.go
Outdated
@@ -665,6 +665,10 @@ func (tc *testContext) findNodeCSRs(nodeName string) ([]certificates.Certificate | |||
return nil, errors.Wrap(err, "unable to get CSR list") | |||
} | |||
for _, c := range csrs.Items { | |||
// skip the CSR if it's status has not been reported | |||
if len(c.Status.Conditions) == 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Conditions
may be nil. Consider
if c.Status.Conditions == nil || len(c.Status.Conditions) == 0 {
...
}
Thanks for working on this, LGTM so far. Will this be a temp workaround until we or the cloud team find a permanent fix? |
35c76c1
to
11c6c29
Compare
That is correct @alinaryan |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fixing this, @mansikulkarni96
test/e2e/validation_test.go
Outdated
@@ -665,6 +665,10 @@ func (tc *testContext) findNodeCSRs(nodeName string) ([]certificates.Certificate | |||
return nil, errors.Wrap(err, "unable to get CSR list") | |||
} | |||
for _, c := range csrs.Items { | |||
// skip the CSR if it's status has not been reported |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the suspected reason here and in the commit message.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aravindhp, mansikulkarni96 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
LGTM |
11c6c29
to
bb755a3
Compare
/lgtm |
5a25635
to
dfaf333
Compare
This commit aims to fix the issue with failing CSR validation of CSR that have a missing status condition. In some cases, a CSR is left in pending state when a new CSR is created for a node too quickly before updating the status of the existing one. Such a CSR cannot be approved but it does not affect node configuration and is safe to be ignored.
Blocked by OCPBUGS-2175 |
/retest |
/hold Revision 3685963 was retested 3 times: holding |
/test azure-e2e-operator |
/retest ci/prow/aws-e2e-operator |
@JacobTanenbaum: The
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test aws-e2e-operator |
/test gcp-e2e-operator |
6 similar comments
/test gcp-e2e-operator |
/test gcp-e2e-operator |
/test gcp-e2e-operator |
/test gcp-e2e-operator |
/test gcp-e2e-operator |
/test gcp-e2e-operator |
/retest |
/hold cancel |
/retest |
@mansikulkarni96 the aws-e2e-operator job failed twice in the setup phase. Is this a new issue with AWS or a known flake? |
There are issues creating EC2 instance, both jobs failed with different reasons though. Investigating. |
/retest |
/override ci/prow/aws-e2e-operator The test past previously we are now seeing a flake on AWS cluster installs.
|
@aravindhp: Overrode contexts on behalf of aravindhp: ci/prow/aws-e2e-operator In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@mansikulkarni96: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This PR aims to fix the issue with failing CSR validation of CSR's that have a missing status condition.
These CSR's cannot be approved, hence they need to be skipped.
Latest failure: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_windows-machine-config-operator/1258/pull-ci-openshift-windows-machine-config-operator-master-vsphere-e2e-operator/1577062440414220288
csr.json: https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_windows-machine-config-operator/1258/pull-ci-openshift-windows-machine-config-operator-master-vsphere-e2e-operator/1577062440414220288/artifacts/vsphere-e2e-operator/gather-extra/artifacts/csr.json
"status": {}