🌱 Enable audit logs for envtest-based unit tests if ARTIFACTS env var is set #12847
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
do-not-merge/needs-area
|
Hi @ivelichkovich. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
internal/test/envtest/environment.go
Outdated
| } | ||
|
|
||
| func writeAuditPolicy() string { | ||
| policyFile := filepath.Join(os.Getenv("ARTIFACTS"), "audit-policy.yaml") |
There was a problem hiding this comment.
Maybe another dir is preferred for the policy?
There was a problem hiding this comment.
May be for the policy we can avoid storing a copy for every test folder and just store one in ARTIFACTS
There was a problem hiding this comment.
If we ensure we don't overwrite if it already exists. Not sure what happens if one test overwrites it while an apiserver of another test reads it. I would simply use separate files. They are also pretty small.
If we just use one file and if we implement cleanup on test success I think we have to keep the file around to avoid races.
Overall I would prefer to just use separate files
There was a problem hiding this comment.
set it up with separate files
| policyFile := filepath.Join(os.Getenv("ARTIFACTS"), "audit-policy.yaml") | ||
|
|
||
| policyYAML := []byte(` | ||
| apiVersion: audit.k8s.io/v1 |
There was a problem hiding this comment.
For machine package audit log file as is ends up at about 1.2MB so it isn't too bad so probably not a concern but if data storage is a concern a couple things:
We could restrict this further if we want, could do create/patch/update/delete only perhaps just to reduce data.
We could enable this when dealing with flake on specific packages also to reduce artifact data?
There was a problem hiding this comment.
I can go ahead and enable it for the other suites too in this PR if that's wanted
There was a problem hiding this comment.
See my comments below. I think they come down to that we have it automatically everywhere and that seems fine to me.
Our e2e test artifacts are much bigger, so I think it's okay
There was a problem hiding this comment.
We could also cleanup the logs after l.227 if the tests and stop succeed
ivelichkovich
changed the title
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
sbueringer
added
the
tide/merge-method-squash
sbueringer
changed the title
|
Thx, very nice! /lgtm /assign @fabriziopandini |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 9e0547f8233f56d2f3d73c16665798935a2421c4
|
|
Nice! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabriziopandini The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
4 participants
What this PR does / why we need it:
Adds a flag to envtest input to enable apiserver audit logs to log to a file. This can be enabled per package to help debug test flake. Enabling it with this PR for machine package. Audit logs will log to ARTIFACTS dir.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes # #12785