Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: ci test for TLS objectstore #7920

Merged
merged 1 commit into from
Jul 5, 2021
Merged

test: ci test for TLS objectstore #7920

merged 1 commit into from
Jul 5, 2021

Conversation

thotz
Copy link
Contributor

@thotz thotz commented May 17, 2021

Extend the object store smoke test to include TLS configurations.

Fixes: #7695
Signed-off-by: Jiffin Tony Thottan thottanjiffin@gmail.com

Description of your changes:

Which issue is resolved by this Pull Request:
Resolves #

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Skip Tests for Docs: Add the flag for skipping the build if this is only a documentation change. See here for the flag.
  • Skip Unrelated Tests: Add a flag to run tests for a specific storage provider. See test options.
  • Reviewed the developer guide on Submitting a Pull Request
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.
  • Pending release notes updated with breaking and/or notable changes, if necessary.
  • Upgrade from previous release is tested and upgrade user guide is updated, if necessary.
  • Code generation (make codegen) has been run to update object specifications, if necessary.

@travisn
Copy link
Member

travisn commented May 17, 2021

Looks like there is a CI failure related to the changes:

+ openssl genrsa -out /home/runner/work/rook/rook/home/runner/work/rook/rook/tlscertdir651970468/rook-ceph-rgw-tlsteststore.key 2048
genrsa: Can't open "/home/runner/work/rook/rook/home/runner/work/rook/rook/tlscertdir651970468/rook-ceph-rgw-tlsteststore.key" for writing, No such file or directory
    ceph_base_object_test.go:346: 
        	Error Trace:	ceph_base_object_test.go:346
        	            				ceph_base_object_test.go:143
        	            				ceph_base_object_test.go:71
        	            				ceph_smoke_test.go:133
        	Error:      	Received unexpected error:
        	            	exit status 1
        	Test:       	TestCephSmokeSuite/TestObjectStorage_SmokeTest

@leseb
Copy link
Member

leseb commented May 31, 2021

@thotz any updates?

@thotz
Copy link
Contributor Author

thotz commented Jun 1, 2021

@thotz any updates?

Not much, I trying figure out why temporary directory creation failed in the test case

@thotz thotz force-pushed the tlscitest branch 7 times, most recently from 8fa41c4 to 0612c69 Compare June 21, 2021 10:31
@thotz
Copy link
Contributor Author

thotz commented Jun 21, 2021

waitng for #8139 to merge

@thotz thotz force-pushed the tlscitest branch 2 times, most recently from cc06b20 to 8c1c99e Compare June 22, 2021 12:31
@thotz thotz force-pushed the tlscitest branch 9 times, most recently from ab64bbb to dc8ad90 Compare June 25, 2021 10:30
thotz
thotz commented Jun 25, 2021
View reviewed changes
tests/integration/ceph_base_object_test.go Outdated
require.NoError(s.T(), cmdOut.Err)
tlsCert, err = ioutil.ReadFile(filepath.Join(tlscertdir, ipaddr+".ca"))
assert.Nil(s.T(), err)
}*/
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here OBC, cephobjecstoreuser creation deletion works fine on TLS enabled RGW endpoint. But if S3api SDK I am getting certificate errors

ceph-object-controller: failed to put object in bucket. RequestError: send request failed
caused by: Put "https://10.106.25.156:80/smokebkt/rookObj1": x509: certificate is valid for 127.0.0.1, not 10.106.25.156
    ceph_base_object_test.go:263: 
                Error Trace:    ceph_base_object_test.go:263
                                                        ceph_base_object_test.go:73
                                                        ceph_smoke_test.go:134
                Error:          Expected nil, but got: &awserr.baseError{code:"RequestError", message:"send request failed", errs:[]error{(*url.Error)(0xc00063d5f0)}}
                Test:           TestCephSmokeSuite/TestObjectStorage_SmokeTest
2021-06-25 06:03:05.848703 I | integrationTest: Step 6 : Get Object from bucket
2021/06/25 06:03:05 DEBUG: Request s3/GetObject Details:

I have commented out the changes which I was trying and so for the time being change signature of GetEndPointUrl().

The issue I am facing the TLS cert is valid for "rook-ceph-rgw-my-store.rook-ceph" endpoint which is not accessible from test. In the test is using cluster.ip from RGW service. I cannot have this IP info until the service is up and running so I cannot pass it while creating the TLS certs.

So currently I am using S3 client with skipsecure option so that object creation deletion etc will work. Please share your opinion

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds fine for testing purposes to not worry about a valid cert.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me, agreed it's a bit of a chicken and an egg problem.

travisn
travisn requested changes Jun 25, 2021
View reviewed changes
tests/integration/ceph_base_object_test.go Outdated
require.NoError(s.T(), cmdOut.Err)
tlsCert, err = ioutil.ReadFile(filepath.Join(tlscertdir, ipaddr+".ca"))
assert.Nil(s.T(), err)
}*/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds fine for testing purposes to not worry about a valid cert.

pkg/operator/ceph/object/s3-handlers.go Outdated Show resolved Hide resolved
leseb
leseb reviewed Jun 28, 2021
View reviewed changes
Copy link
Member

@leseb leseb left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Waiting for this https://github.com/rook/rook/pull/7920/files#r658808974 to be addressed, otherwise LGTM.

@thotz thotz requested review from leseb and travisn June 29, 2021 09:16
leseb
leseb requested changes Jun 29, 2021
View reviewed changes
pkg/operator/ceph/object/s3-handlers.go Outdated Show resolved Hide resolved
travisn
travisn requested changes Jun 29, 2021
View reviewed changes
tests/integration/ceph_base_object_test.go Outdated Show resolved Hide resolved
pkg/operator/ceph/object/s3-handlers.go Outdated Show resolved Hide resolved
@mergify
Copy link

mergify bot commented Jun 30, 2021

This pull request has merge conflicts that must be resolved before it can be merged. @thotz please rebase it. https://rook.io/docs/rook/master/development-flow.html#updating-your-fork

@thotz
test: ci test for TLS objectstore
9e3cf68 
Extend the object store smoke test to include TLS configurations.

Signed-off-by: Jiffin Tony Thottan <thottanjiffin@gmail.com>
@thotz thotz requested review from leseb and travisn July 1, 2021 13:21
@leseb leseb merged commit 830b36c into rook:master Jul 5, 2021
@mergify mergify bot mentioned this pull request Jul 5, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leseb leseb leseb approved these changes

@travisn travisn travisn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci: add integration test for ceph object store TLS
3 participants
@thotz @travisn @leseb