tests: rewrite in go and simplify TLSChallengeTest#12292
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 13057026 | Triggered | RSA Private Key | 355cb3b | qa-tests-backend/artifacts/tls-challenge-test/nginx-lb-certs/leaf-key.pem | View secret |
| 13057027 | Triggered | Generic Private Key | 355cb3b | qa-tests-backend/artifacts/tls-challenge-test/nginx-lb-certs/ca-key.pem | View secret |
| 13125931 | Triggered | Generic Private Key | 355cb3b | tests/bad-ca/nginx-loadbalancer.qa-tls-challenge.key | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
Images are ready for the commit at 2787256. To use with deploy scripts, first |
|
/retest-times 5 gke-nongroovy-e2e-tests |
|
/test gke-nongroovy-e2e-tests |
|
/test gke-sensor-integration-tests |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #12292 +/- ##
=======================================
Coverage 48.27% 48.27%
=======================================
Files 2402 2402
Lines 171574 171570 -4
=======================================
+ Hits 82820 82825 +5
+ Misses 82066 82059 -7
+ Partials 6688 6686 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Images are ready for the commit at fa0fb0b. To use with deploy scripts, first |
|
Comments addressed, PTAL @janisz |
|
/test gke-nongroovy-e2e-tests |
|
/test ocp-4-12-nongroovy-e2e-tests |
|
/test ocp-4-16-nongroovy-e2e-tests |
|
/test ocp-4-12-nongroovy-e2e-tests |
|
/retest |
|
/test gke-nongroovy-e2e-tests |
|
/test ocp-4-12-nongroovy-e2e-tests |
|
/test gke-nongroovy-e2e-tests |
|
/test ocp-4-16-nongroovy-e2e-tests |
|
/test gke-nongroovy-e2e-tests |
|
/test ocp-4-12-nongroovy-e2e-tests |
|
/test ocp-4-16-nongroovy-e2e-tests |
1 similar comment
|
/test ocp-4-16-nongroovy-e2e-tests |
janisz
left a comment
There was a problem hiding this comment.
LGTM, except shadowing const when it's not needed
Description
This supersedes #11986 which accumulated hundreds of retry comments making it hard to follow the review thread.
TLSChallengeTestis currently by far the most flaky test owned by draco team. Rather than invest more time into debugging the groovy test and the k8s interface library (where the problem seems to lie) I decided to kill two birds with one stone and rewrite this test in Go. This starts to pave the road towards creating an improved e2e testing framework for nongroovy.While rewriting I also reused the additional CA already in use for
TestCASetupwhich speeds up and simplifies the test considerably.This PR resolves:
And partially addresses:
User-facing documentation
(must be 2 items and both must be checked)
Testing
Automated testing
(must be at least 1 item and all items must be checked)
How I validated my change
CI should be enough. I had the bot re-run this test a few times and saw a single related flake that I'm addressing in #12305. The other failures seem unrelated (collector crash,
Test_ComplianceOperatorScanConfigSyncfailure, and a stackrox setup failure on GKE).