Skip to content

[release-4.12] OCPBUGS-22432: test/e2e: Don't use openshift/origin-node #992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-ci merged 3 commits into from
Oct 27, 2023
Merged

[release-4.12] OCPBUGS-22432: test/e2e: Don't use openshift/origin-node #992

openshift-ci merged 3 commits into from
Oct 27, 2023

Conversation

@Miciah
Copy link
Contributor

@Miciah Miciah commented Oct 26, 2023

test/e2e: Don't use "openshift/origin-node" image

Use the "openshift/tools" image from the cluster image registry instead of using the "openshift/origin-node" image pullspec in E2E tests.

Before this change, the E2E tests were inadvertently pulling the "openshift/origin-node" image from Docker Hub and getting rate-limited.

The choice to use "openshift/tools" is based on a similar change here: openshift/origin@4cbb844

Follow-up to #410 and #451.

  • test/e2e/util_test.go (buildEchoPod, buildSlowHTTPDPod): Replace the "openshift/origin-node" image pullspec with "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".

TestHstsPolicyWorks: Dump events if test fails

  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Dump events in case of test failure, using the new dumpEventsInNamespace helper.
  • test/e2e/util_test.go (dumpEventsInNamespace): New helper function to log all events in a namespace.

TestHstsPolicyWorks: Wait for namespace to be provisioned

When creating a new namespace for the TestHstsPolicyWorks test, wait for the "default" ServiceAccount and the "system:image-pullers" RoleBinding to be provisioned in the newly created namespace before proceeding with the test. Make a similar change for the TestMTLSWithCRLsCerts test.

Before this change, TestHstsPolicyWorks sometimes failed because it tried to create a pod before the ServiceAccount had been provisioned and granted access to pull images. As a result, the test would randomly fail with the following error:

Failed to pull image "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest": rpc error: code = Unknown desc = reading manifest

This change should prevent such failures.

Because TestMTLSWithCRLsCerts also creates a namespace and then creates pods in this namespace, this PR makes the same change to this test as well. Some other tests create namespaces but do not create pods in those
namespaces; those tests do not necessarily need to wait for the ServiceAccount and RoleBinding.

Inspired by openshift/origin@877c652.

  • test/e2e/client_tls_test.go (TestMTLSWithCRLs):
  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Use the new createNamespace helper.
  • test/e2e/util_test.go (createNamespace): New helper function. Create a namespace with the specified name, register a cleanup handler to delete the namespace when the test finishes, wait for the "default" ServiceAccount and "system:image-pullers" RoleBinding to be created, and return the namespace.

This is manual cherry-pick of #970. #965 added the getRouteHost function to test/e2e/util_test.go, which caused a conflict that needed manual resolution for this backport.

Miciah added 3 commits October 26, 2023 09:21
@Miciah
test/e2e: Don't use openshift/origin-node
91dadf6 
Use the "openshift/tools" image from the cluster image registry instead of
using the "openshift/origin-node" image pullspec in E2E tests.

Before this commit, the E2E tests were inadvertently pulling the
"openshift/origin-node" image from Docker Hub and getting rate-limited.

The choice to use "openshift/tools" is based on a similar change here:
openshift/origin@4cbb844

Follow-up to commit 167bcc2
and commit a635566.

This commit fixes OCPBUGS-17359.

https://issues.redhat.com/browse/OCPBUGS-17359

* test/e2e/util_test.go (buildEchoPod, buildSlowHTTPDPod): Replace the
"openshift/origin-node" image pullspec with
"image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".
@Miciah
TestHstsPolicyWorks: Dump events if test fails
9930a8e 
* test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Dump events in case
of test failure, using the new dumpEventsInNamespace helper.
* test/e2e/util_test.go (dumpEventsInNamespace): New helper function to
log all events in a namespace.
@Miciah
TestHstsPolicyWorks: Wait for NS to be provisioned
549601b 
When creating a new namespace for the TestHstsPolicyWorks test, wait for
the "default" ServiceAccount and the "system:image-pullers" RoleBinding to
be provisioned in the newly created namespace before proceeding with the
test.  Make a similar change for the TestMTLSWithCRLsCerts test.

Before this commit, TestHstsPolicyWorks sometimes failed because it tried
to create a pod before the ServiceAccount had been provisioned and granted
access to pull images.  As a result, the test would randomly fail with the
following error:

    Failed to pull image "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest": rpc error: code = Unknown desc = reading manifest

This change should prevent such failures.

Because TestMTLSWithCRLsCerts also creates a namespace and then creates
pods in this namespace, this commit makes the same change to this test as
well.  Some other tests create namespaces but do not create pods in those
namespaces; those tests do not necessarily need to wait for the
ServiceAccount and RoleBinding.

Inspired by openshift/origin@877c652.

* test/e2e/client_tls_test.go (TestMTLSWithCRLs):
* test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Use the new
createNamespace helper.
* test/e2e/util_test.go (createNamespace): New helper function.  Create a
namespace with the specified name, register a cleanup handler to delete the
namespace when the test finishes, wait for the "default" ServiceAccount and
"system:image-pullers" RoleBinding to be created, and return the namespace.
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 26, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Oct 26, 2023

@Miciah: This pull request references Jira Issue OCPBUGS-22432, which is invalid:

  • expected dependent Jira Issue OCPBUGS-22402 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

test/e2e: Don't use "openshift/origin-node" image

Use the "openshift/tools" image from the cluster image registry instead of using the "openshift/origin-node" image pullspec in E2E tests.

Before this change, the E2E tests were inadvertently pulling the "openshift/origin-node" image from Docker Hub and getting rate-limited.

The choice to use "openshift/tools" is based on a similar change here: openshift/origin@4cbb844

Follow-up to #410 and #451.

  • test/e2e/util_test.go (buildEchoPod, buildSlowHTTPDPod): Replace the "openshift/origin-node" image pullspec with "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".

TestHstsPolicyWorks: Dump events if test fails

  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Dump events in case of test failure, using the new dumpEventsInNamespace helper.
  • test/e2e/util_test.go (dumpEventsInNamespace): New helper function to log all events in a namespace.

TestHstsPolicyWorks: Wait for namespace to be provisioned

When creating a new namespace for the TestHstsPolicyWorks test, wait for the "default" ServiceAccount and the "system:image-pullers" RoleBinding to be provisioned in the newly created namespace before proceeding with the test. Make a similar change for the TestMTLSWithCRLsCerts test.

Before this change, TestHstsPolicyWorks sometimes failed because it tried to create a pod before the ServiceAccount had been provisioned and granted access to pull images. As a result, the test would randomly fail with the following error:

Failed to pull image "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest": rpc error: code = Unknown desc = reading manifest

This change should prevent such failures.

Because TestMTLSWithCRLsCerts also creates a namespace and then creates pods in this namespace, this PR makes the same change to this test as well. Some other tests create namespaces but do not create pods in those
namespaces; those tests do not necessarily need to wait for the ServiceAccount and RoleBinding.

Inspired by openshift/origin@877c652.

  • test/e2e/client_tls_test.go (TestMTLSWithCRLs):
  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Use the new createNamespace helper.
  • test/e2e/util_test.go (createNamespace): New helper function. Create a namespace with the specified name, register a cleanup handler to delete the namespace when the test finishes, wait for the "default" ServiceAccount and "system:image-pullers" RoleBinding to be created, and return the namespace.

This is manual cherry-pick of #970. #965 added the getRouteHost function to test/e2e/util_test.go, which caused a conflict that needed manual resolution for this backport.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

candita
candita reviewed Oct 26, 2023
View reviewed changes
test/e2e/util_test.go
t.Fatalf("failed to create namespace: %v", err)
}
t.Cleanup(func() {
t.Logf("Dumping events in namespace %q...", name)
Copy link
Contributor

@candita candita Oct 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hadn't noticed this earlier, but this log message belongs inside the if t.Failed() condition brackets. I don't think it needs to fixed in the other PRs, but do you want to fix it here and in the 4.11 backports while they are open?

Copy link
Contributor Author

@Miciah Miciah Oct 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hadn't noticed this earlier, but this log message belongs inside the if t.Failed() condition brackets.

According to https://pkg.go.dev/testing#T.Log:

For tests, the text will be printed only if the test fails or the -test.v flag is set.

So I don't believe there's a need to add if t.Failed().

I don't think it needs to fixed in the other PRs, but do you want to fix it here and in the 4.11 backports while they are open?

Backports should be as close as possible to the original changes (though resolving conflicts sometimes necessitates some deviation). Otherwise it gets more difficult to keep track of what actually got backported to which version, and subsequent backports are more likely to encounter conflicts. If we need additional changes to this code, I'd rather open a new Jira issue, make the additional change in the main branch, and do another series of backports if necessary.

Copy link
Contributor

@candita candita Oct 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll leave that up to you, it's not a big deal.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 26, 2023

@Miciah: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@candita
Copy link
Contributor

candita commented Oct 26, 2023

/lgtm
/approve
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Oct 26, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 26, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 26, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: candita

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 26, 2023
@Miciah Miciah mentioned this pull request Oct 26, 2023
Merged
@Miciah
Copy link
Contributor Author

Miciah commented Oct 27, 2023

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 27, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Oct 27, 2023

@Miciah: This pull request references Jira Issue OCPBUGS-22432, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.12.z) matches configured target version for branch (4.12.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-22402 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
  • dependent Jira Issue OCPBUGS-22402 targets the "4.13.z" version, which is one of the valid target versions: 4.13.0, 4.13.z
  • bug has dependents

Requesting review from QA contact:
/cc @melvinjoseph86

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from melvinjoseph86 October 27, 2023 02:45
@melvinjoseph86
Copy link

melvinjoseph86 commented Oct 27, 2023

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 27, 2023
@openshift-ci openshift-ci bot merged commit 69f83b1 into openshift:release-4.12 Oct 27, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Oct 27, 2023

@Miciah: Jira Issue OCPBUGS-22432: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-22432 has been moved to the MODIFIED state.

Details

In response to this:

test/e2e: Don't use "openshift/origin-node" image

Use the "openshift/tools" image from the cluster image registry instead of using the "openshift/origin-node" image pullspec in E2E tests.

Before this change, the E2E tests were inadvertently pulling the "openshift/origin-node" image from Docker Hub and getting rate-limited.

The choice to use "openshift/tools" is based on a similar change here: openshift/origin@4cbb844

Follow-up to #410 and #451.

  • test/e2e/util_test.go (buildEchoPod, buildSlowHTTPDPod): Replace the "openshift/origin-node" image pullspec with "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest".

TestHstsPolicyWorks: Dump events if test fails

  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Dump events in case of test failure, using the new dumpEventsInNamespace helper.
  • test/e2e/util_test.go (dumpEventsInNamespace): New helper function to log all events in a namespace.

TestHstsPolicyWorks: Wait for namespace to be provisioned

When creating a new namespace for the TestHstsPolicyWorks test, wait for the "default" ServiceAccount and the "system:image-pullers" RoleBinding to be provisioned in the newly created namespace before proceeding with the test. Make a similar change for the TestMTLSWithCRLsCerts test.

Before this change, TestHstsPolicyWorks sometimes failed because it tried to create a pod before the ServiceAccount had been provisioned and granted access to pull images. As a result, the test would randomly fail with the following error:

Failed to pull image "image-registry.openshift-image-registry.svc:5000/openshift/tools:latest": rpc error: code = Unknown desc = reading manifest

This change should prevent such failures.

Because TestMTLSWithCRLsCerts also creates a namespace and then creates pods in this namespace, this PR makes the same change to this test as well. Some other tests create namespaces but do not create pods in those
namespaces; those tests do not necessarily need to wait for the ServiceAccount and RoleBinding.

Inspired by openshift/origin@877c652.

  • test/e2e/client_tls_test.go (TestMTLSWithCRLs):
  • test/e2e/hsts_policy_test.go (TestHstsPolicyWorks): Use the new createNamespace helper.
  • test/e2e/util_test.go (createNamespace): New helper function. Create a namespace with the specified name, register a cleanup handler to delete the namespace when the test finishes, wait for the "default" ServiceAccount and "system:image-pullers" RoleBinding to be created, and return the namespace.

This is manual cherry-pick of #970. #965 added the getRouteHost function to test/e2e/util_test.go, which caused a conflict that needed manual resolution for this backport.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Oct 27, 2023

Fix included in accepted release 4.12.0-0.nightly-2023-10-27-070629

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alebedev87 alebedev87 Awaiting requested review from alebedev87

@rfredette rfredette Awaiting requested review from rfredette

@melvinjoseph86 melvinjoseph86 Awaiting requested review from melvinjoseph86

1 more reviewer

@candita candita candita left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@candita candita

@lihongan lihongan

@melvinjoseph86 melvinjoseph86

@ShudiLi ShudiLi

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Miciah @openshift-ci-robot @candita @melvinjoseph86 @openshift-merge-robot @lihongan @ShudiLi