SREP-1220: Add E2E test for revoking and deleting CertificateRequests with certman label #377
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@amitupadh: This pull request references SREP-1220 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.20.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: amitupadh The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
openshift-merge-robot
added
the
needs-rebase
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
openshift-merge-robot
removed
the
needs-rebase
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #377 +/- ##
=======================================
Coverage 57.15% 57.15%
=======================================
Files 29 29
Lines 2138 2138
=======================================
Hits 1222 1222
Misses 802 802
Partials 114 114 🚀 New features to boost your workflow:
|
|
@amitupadh: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/label tide/merge-method-squash |
openshift-ci
bot
added
the
tide/merge-method-squash
|
|
||
| log.Log.Info("STEP 1: Fetching existing CertificateRequest with owned=true label") | ||
| crList, err := dynamicClient.Resource(crGVR).Namespace(namespace).List(ctx, metav1.ListOptions{ | ||
| LabelSelector: "certificaterequests.certman.managed.openshift.io", |
There was a problem hiding this comment.
This label does not exist on any certificaterequest that I've seen: which component do we expect adds this?
|
|
||
| // Step 2: Delete the CertificateRequest | ||
| log.Log.Info("STEP 2: Deleting the original CertificateRequest") | ||
| err = dynamicClient.Resource(crGVR).Namespace(namespace).Delete(ctx, originalCRName, metav1.DeleteOptions{}) |
There was a problem hiding this comment.
Which certificaterequests are we deleting here? As far as I can tell, nothing was created in the BeforeAll() above, so it seems like we're expecting a certificaterequest to already exist in the test evironment.
In general, I would caution against us blindly deleting objects that we retrieved with a list operation unless we're using a specific Selector
| gomega.Eventually(func() bool { | ||
| cr, err := dynamicClient.Resource(crGVR).Namespace(namespace).Get(ctx, originalCRName, metav1.GetOptions{}) | ||
| if err != nil { | ||
| log.Log.Info("CR appears to be deleted already", "name", originalCRName) | ||
| return true | ||
| } | ||
| if cr.GetDeletionTimestamp() == nil { | ||
| log.Log.Info("CR not marked for deletion yet", "name", cr.GetName()) | ||
| return false | ||
| } | ||
|
|
||
| finalizers, found, err := unstructured.NestedStringSlice(cr.Object, "metadata", "finalizers") | ||
| if err != nil { | ||
| log.Log.Error(err, "Error retrieving finalizers") | ||
| return false | ||
| } | ||
| if !found || len(finalizers) == 0 { | ||
| log.Log.Info("No finalizers present", "name", cr.GetName()) | ||
| return false | ||
| } | ||
|
|
||
| crCopy := cr.DeepCopy() | ||
| _ = unstructured.SetNestedStringSlice(crCopy.Object, []string{}, "metadata", "finalizers") | ||
|
|
||
| _, err = dynamicClient.Resource(crGVR).Namespace(namespace).Update(ctx, crCopy, metav1.UpdateOptions{}) | ||
| if err != nil { | ||
| log.Log.Error(err, "Failed to remove finalizer") | ||
| return false | ||
| } | ||
| return true | ||
| }, 1*time.Minute, 5*time.Second).Should(gomega.BeTrue(), "Finalizer should be removed") |
There was a problem hiding this comment.
Why remove the finalizer? Shouldn't this test include coverage for certman-operator's own finalizing logic?
|
|
||
| // Step 4: Wait for new CertificateRequest with new UID | ||
| var newCRName string | ||
| gomega.Eventually(func() bool { |
There was a problem hiding this comment.
Unless we're creating a dnszone.hive.openshift.io object as a prerequisite to this test and I've missed it (which could very well be the case!), a new certificaterequest would never get recreated just because one was deleted
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-merge-robot
added
the
needs-rebase
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
openshift-merge-robot
removed
the
needs-rebase
4 participants
This PR adds an end-to-end test to validate that when a CertificateRequest contains the label certificaterequests.certman.managed.openshift.io, the following workflow is performed successfully:
To run the test case, you need to export the below environment variable:
DISABLE_JUNIT_REPORT=false
To run the test:
go test -tags=osde2e ./test/e2e -v