dt: Improve cert lookup in crl_test.py#25433
dt: Improve cert lookup in crl_test.py#25433michael-redpanda wants to merge 1 commit intoredpanda-data:devfrom
Conversation
The test originally assumed that the order of the certs matched the order of the Redpanda nodes. This change will instead search through the certificates to find the cert matching the node to revoke. Signed-off-by: Michael Boquard <michael.j.boquard@gmail.com>
|
@oleiman sorry for the noise, but since you originally wrote the test I'm just making sure I didn't invalidate it in some way, thanks! |
|
Oh @oleiman is off for like two weeks.... ha |
|
|
||
| def find_broker_cert(self, node: ClusterNode) -> Optional[tls.Certificate]: | ||
| return next( | ||
| (c for c in self.broker_certs if node.account.hostname in c.crt), |
There was a problem hiding this comment.
It;s not obvious to me that node.name and node.account.hostname are the same in every environment this runs in, but that assumption does seem to run throughout the test.
It might be simpler to make self.broker_certs a map.
pgellert
left a comment
There was a problem hiding this comment.
I am not yet following how these certs could get reordered. But the fix seems like a net improvement, so lgtm.
| broker_cert = self.provider.find_broker_cert(node) | ||
| assert broker_cert is not None, f"Failed to find certificate for node {node}" |
There was a problem hiding this comment.
Q: do you know how the broker certs could end up in an order different from the order of nodes? It seems that the certs are created in the same order as the seld.redpanda.nodes inside write_tls_certs, so I am wondering how this reordering could happen.
CI test resultstest results on build#63349
test results on build#63380
test results on build#63432
|
|
/ci-repeat 5 |
Retry command for Build#63380please wait until all jobs are finished before running the slash command |
|
/ci-repeat 1 |
|
/ci-repeat 1 |
Retry command for Build#63432please wait until all jobs are finished before running the slash command |
The test originally assumed that the order of the certs matched the order of the Redpanda nodes. This change will instead search through the certificates to find the cert matching the node to revoke.
Fixes: CORE-8969
Todo:
Backports Required
Release Notes