tweaks to get tests to work with private registry #1870
Conversation
Signed-off-by: Doug Davis <dug@us.ibm.com>
knative-prow-robot
added
size/L
knative-prow-robot
requested review from
grantr
and removed request for
chaodaiG
test/common/creation.go
Outdated
| } | ||
|
|
||
| // CreateClusterRoleOrFail creates the given ClusterRole or fail the test if there is an error. | ||
| func (client *Client) CreateClusterRoleOrFail(cr *rbacv1.ClusterRole) { | ||
| crs := client.Kube.Kube.RbacV1().ClusterRoles() | ||
| if _, err := crs.Create(cr); err != nil { | ||
| client.T.Fatalf("Failed to create cluster role %q: %v", cr.Name, err) | ||
| if !strings.Contains(err.Error(), "already exists") { |
There was a problem hiding this comment.
Could you change these to use:
"k8s.io/apimachinery/pkg/api/errors"
and in particular IsNotFound()
There was a problem hiding this comment.
I was looking for that - thanks!
test/common/test_runner.go
Outdated
|
|
||
| testSecret, _ := defSecI.Get(TestPullSecretName, metav1.GetOptions{}) | ||
|
|
||
| // Check again. I've seen cases where it lies and if we need it |
There was a problem hiding this comment.
this seems odd, and is there a reason why you don't check the err returned? I'm not sure what you mean by "It" lies, are you saying above line returns nil, but the one below returns true?
There was a problem hiding this comment.
No I mean that the apiserver will return nil+err even though the secret does exist. I can't explain why or how, but I ran into it often enough that I decided to just ask again to be sure.
There was a problem hiding this comment.
@vagababov Have you seen something like this before? Seems b0rk3n?
There was a problem hiding this comment.
Not really. What is the actual error you're getting? If I were to guess you got either network problem error (connection refused, dial timeout) or overload error from API server.
Which leads me to the main problem I see here: "never ignore errors".
Also, I'd highly recommend to switch to informers.
There was a problem hiding this comment.
What's the err that's returned?
There was a problem hiding this comment.
Let me change the code to show the error (if I even get one) to see what's up.. But to add more intrigue, I've also seen cases like this....
I had this code:
if testSecret != nil {
// Found the secret, so now make a copy in our new namespace
newSecret, err := nsSecI.Create(
&corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: testSecret.ObjectMeta.Name,
},
Data: testSecret.Data,
Type: testSecret.Type,
})
if err != nil {
t.Fatalf("TestSetup: Error copying the secret: %s", err)
}
Notice I would use the "name" from "testSecret", which should never be empty. Yet I would get this error:
test_runner.go:82: namespace is : "test-default-broker-with-many-deprecated-triggers" test_runner.go:168:
TestSetup: Error copying the secret: Secret "" is invalid: metadata.name: Required value: name or
generateName is required
I never saw this on my local testing, or IKS, only using Prow.
test/common/test_runner.go
Outdated
| testSecret, _ = defSecI.Get(TestPullSecretName, metav1.GetOptions{}) | ||
| } | ||
|
|
||
| if testSecret != nil { |
There was a problem hiding this comment.
This function seems similar in description, yet it's different and I'm trying to understand why? :) Can this be hoisted into a separate function and reused instead of having two versions of it.
There was a problem hiding this comment.
they are similar but different. This one only deals with the "default" SA and knows it can blindly copy the secret. Th other one deals with a new SA (so not "default") and needs to check to see if the secret already exists so it doesn't try to duplicate it.
There was a problem hiding this comment.
They both have the check and re-check (which I must say is extremely worrying and seems extremely flaky and a bug in the k8s if that's the case).
I think having a method that deals with copying the secret into the namespace would be good to hoist out, then rejiggering the ServiceAccount secret could be the only difference between the two if I understand correctly?
duglin
force-pushed
the
hackTests
branch
2 times, most recently
from
e40f7ff
to
6844dad
Compare
|
/test pull-knative-eventing-integration-tests |
Signed-off-by: Doug Davis <dug@us.ibm.com>
|
@vaikas-google are you ok with the general direction I went for the pull secrets? if so, I'd like to update the docs as part of this PR before it gets merged. |
test/common/test_runner.go
Outdated
| testSecret, _ = defSecI.Get(TestPullSecretName, metav1.GetOptions{}) | ||
| } | ||
|
|
||
| if testSecret != nil { |
There was a problem hiding this comment.
Reverse the flow to be more go-style
if tS == nil { fail/return/break}
// normal code goes here unindented
0cb93f7
to
8280bfd
Compare
|
/hold until I do more testing |
knative-prow-robot
added
the
do-not-merge/hold
|
So from the test logs it's indeed failing with 'not found': Where is this secret created, is there a race there somewhere? |
|
those logs were old - it shouldn't print that "not found" error in Prow. That should be fixed now, but I'm testing locally, where I do have the secret created, to see if it does the copy correctly. |
Signed-off-by: Doug Davis <dug@us.ibm.com>
knative-prow-robot
removed
the
do-not-merge/hold
test/common/test_runner.go
Outdated
|
|
||
| // Just double checking | ||
| if srcSecret == nil { | ||
| return nil, fmt.Errorf("Error copying secret, it's nil w/o error") |
There was a problem hiding this comment.
no formatting errors.New.
| // it. | ||
| // It'll either return a pointer to the new Secret or and error indicating | ||
| // why it couldn't do it. | ||
| func CopySecret(client *Client, srcNS string, srcSecretName string, tgtNS string, svcAccount string) (*corev1.Secret, error) { |
There was a problem hiding this comment.
The function is inconsistent. Sometimes it calls Fatalf sometimes returns errors (should always do second, though).
duglin
force-pushed
the
hackTests
branch
5 times, most recently
from
3f0d474
to
4a5b5fc
Compare
Signed-off-by: Doug Davis <dug@us.ibm.com>
|
/approve leaving lgtm for @vagababov in case he had anything else. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: duglin, vaikas-google The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow-robot
added
the
approved
test/common/test_runner.go
Outdated
| @@ -17,6 +17,7 @@ limitations under the License. | |||
| package common | |||
|
|
|||
| import ( | |||
| goerrs "errors" | |||
There was a problem hiding this comment.
I'd rather we alias k8s package rather than built in, but 🤷♂
There was a problem hiding this comment.
yeah I thought about that but decided to keep the amount of changes lower - but I'll do it
test/common/test_runner.go
Outdated
| _, err = tgtNSSvcAccI.Patch(svcAccount, types.StrategicMergePatchType, | ||
| []byte(`{"imagePullSecrets":[{"name":"`+srcSecretName+`"}]}`)) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("Patch failed on NS/SA (%s/%s): %s", |
There was a problem hiding this comment.
| return nil, fmt.Errorf("Patch failed on NS/SA (%s/%s): %s", | |
| return nil, fmt.Errorf("patch failed on NS/SA (%s/%s): %s", |
test/common/test_runner.go
Outdated
| // If the secret already exists then that's ok - some other test | ||
| // must have created it | ||
| if err != nil && !errors.IsAlreadyExists(err) { | ||
| return nil, fmt.Errorf("Error copying the Secret: %s", err) |
There was a problem hiding this comment.
| return nil, fmt.Errorf("Error copying the Secret: %s", err) | |
| return nil, fmt.Errorf("frror copying the Secret: %s", err) |
See: https://github.com/golang/go/wiki/CodeReviewComments#error-strings
There was a problem hiding this comment.
I think I'll go with error instead of frror :-)
test/common/test_runner.go
Outdated
|
|
||
| // Just double checking | ||
| if srcSecret == nil { | ||
| return nil, goerrs.New("Error copying Secret, it's nil w/o error") |
There was a problem hiding this comment.
| return nil, goerrs.New("Error copying Secret, it's nil w/o error") | |
| return nil, goerrs.New("error copying Secret, it's nil w/o error") |
test/common/test_runner.go
Outdated
| // This is needed for cases where the images are in a private registry. | ||
| _, err := CopySecret(client, "default", TestPullSecretName, namespace, "default") | ||
| if err != nil && !errors.IsNotFound(err) { | ||
| t.Fatalf("Error copying the secret into ns %q: %s", namespace, err) |
There was a problem hiding this comment.
| t.Fatalf("Error copying the secret into ns %q: %s", namespace, err) | |
| t.Fatalf("error copying the secret into ns %q: %s", namespace, err) |
test/common/test_runner.go
Outdated
| @@ -38,6 +40,8 @@ import ( | |||
| _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" | |||
| ) | |||
|
|
|||
| var TestPullSecretName = "kn-eventing-test-pull-secret" | |||
There was a problem hiding this comment.
| var TestPullSecretName = "kn-eventing-test-pull-secret" | |
| const TestPullSecretName = "kn-eventing-test-pull-secret" |
knative-prow-robot
added
size/L
Signed-off-by: Doug Davis <dug@us.ibm.com>
|
forgot to re-ping after my latest push. I think all comments are addressed. |
|
Not sure if you'll have to manually merge this change on master - #1898 /retest |
|
/retest |
1 similar comment
|
/retest |
Signed-off-by: Doug Davis dug@us.ibm.com
Proposed Changes
While trying to get the e2e tests to work with a private registry I had to make some "interesting"
choices. This PR isn't all of them, but they're most of the ones I can share at this time. They include:
defaultnamespace calledkn-eventing-test-pull-secretwhen creating new namespaces and service accounts. Andif it exists, we will now inject that secret as an ImagePullSecret into the namespace's
defaultservice accounts, or the new service account.I'm not 100% sure these are the best solutions, but they at least worked for me. I'm open to
other ideas for how to get the PullSecret injected. If the PullSecret approach sounds out
I can then update the test docs to mention it.
Note - this does not get around #1862
Release Note