OPRUN-4415: automate OCP-87188: Central TLS Profile Consistency #1207
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci-robot
added
the
jira/valid-reference
|
@jianzhangbjz: This pull request references OPRUN-4415 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Member
Author
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jianzhangbjz The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
jianzhangbjz
force-pushed
the
OCP-87188
branch
from
d992800 to
1b48aeb
Compare
Member
Author
|
Test passed. jiazha-mac:tests-extension jiazha$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.22.0-0.nightly-2026-01-28-225830 True False 4h49m Cluster version is 4.22.0-0.nightly-2026-01-28-225830
jiazha-mac:tests-extension jiazha$ ./bin/olmv0-tests-ext run-test "[sig-operator][Jira:OLM] OLMv0 should PolarionID:87188-Central TLS Profile Consistency"
I0130 14:34:07.942094 86340 test_context.go:566] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
Running Suite: - /Users/jiazha/goproject/operator-framework-olm/tests-extension
================================================================================
Random Seed: 1769754847 - will randomize all specs
Will run 1 of 1 specs
------------------------------
[sig-operator][Jira:OLM] OLMv0 should PolarionID:87188-Central TLS Profile Consistency [NonHyperShiftHOST]
/Users/jiazha/goproject/operator-framework-olm/tests-extension/test/qe/specs/olmv0_common.go:52
STEP: Creating a kubernetes client @ 01/30/26 14:34:07.942
I0130 14:34:12.947414 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig explain template.apiVersion'
I0130 14:34:30.982712 86340 client.go:349] do not know if it is external oidc cluster or not, and try to check it again
I0130 14:34:30.983101 86340 client.go:820] showInfo is true
I0130 14:34:30.983132 86340 client.go:821] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get authentication/cluster -o=jsonpath={.spec.type}'
I0130 14:34:31.998880 86340 clusters.go:572] Found authentication type used:
I0130 14:34:35.271602 86340 client.go:200] configPath is now "/var/folders/5n/w9ysf4w93jnfy7k19xxct31c0000gn/T/configfile3331224288"
I0130 14:34:35.271716 86340 client.go:363] The user is now "e2e-test-default-lgrlk-user"
I0130 14:34:35.271732 86340 client.go:366] Creating project "e2e-test-default-lgrlk"
I0130 14:34:35.615833 86340 client.go:375] Waiting on permissions in project "e2e-test-default-lgrlk" ...
I0130 14:34:38.257261 86340 client.go:436] Waiting for ServiceAccount "default" to be provisioned...
I0130 14:34:38.639026 86340 client.go:436] Waiting for ServiceAccount "builder" to be provisioned...
I0130 14:34:39.021546 86340 client.go:436] Waiting for ServiceAccount "deployer" to be provisioned...
I0130 14:34:39.404585 86340 client.go:446] Waiting for RoleBinding "system:image-builders" to be provisioned...
I0130 14:34:39.962323 86340 client.go:446] Waiting for RoleBinding "system:deployers" to be provisioned...
I0130 14:34:40.516910 86340 client.go:446] Waiting for RoleBinding "system:image-pullers" to be provisioned...
I0130 14:34:41.134767 86340 client.go:477] Project "e2e-test-default-lgrlk" has been fully provisioned.
STEP: 1) Check deployment logs for TLS configuration message @ 01/30/26 14:34:41.749
I0130 14:34:41.750165 86340 olmv0_common.go:87] Checking logs for deployment package-server-manager in namespace openshift-operator-lifecycle-manager
I0130 14:34:41.750724 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/package-server-manager -n openshift-operator-lifecycle-manager'
I0130 14:34:46.056178 86340 olmv0_common.go:95] Deployment package-server-manager contains the expected TLS configuration message
I0130 14:34:46.056322 86340 olmv0_common.go:87] Checking logs for deployment catalog-operator in namespace openshift-operator-lifecycle-manager
I0130 14:34:46.056664 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/catalog-operator -n openshift-operator-lifecycle-manager'
I0130 14:35:18.582279 86340 olmv0_common.go:95] Deployment catalog-operator contains the expected TLS configuration message
I0130 14:35:18.582407 86340 olmv0_common.go:87] Checking logs for deployment olm-operator in namespace openshift-operator-lifecycle-manager
I0130 14:35:18.582626 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/olm-operator -n openshift-operator-lifecycle-manager'
I0130 14:40:38.702208 86340 olmv0_common.go:95] Deployment olm-operator contains the expected TLS configuration message
I0130 14:40:38.702361 86340 olmv0_common.go:87] Checking logs for deployment marketplace-operator in namespace openshift-marketplace
I0130 14:40:38.702603 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/marketplace-operator -n openshift-marketplace'
I0130 14:40:41.567243 86340 olmv0_common.go:95] Deployment marketplace-operator contains the expected TLS configuration message
STEP: 2) Create passthrough routes for metrics endpoints @ 01/30/26 14:40:41.567
I0130 14:40:41.567564 86340 olmv0_common.go:108] Creating route marketplace-metrics for service marketplace-operator-metrics in namespace openshift-marketplace
I0130 14:40:41.567844 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig create route passthrough marketplace-metrics --service=marketplace-operator-metrics --port=8081 -n openshift-marketplace'
I0130 14:40:44.034610 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get route marketplace-metrics -n openshift-marketplace -o=jsonpath={.spec.host}'
I0130 14:40:45.076741 86340 olmv0_common.go:118] Route marketplace-metrics created with host: marketplace-metrics-openshift-marketplace.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:40:45.076866 86340 olmv0_common.go:108] Creating route catalog-metrics for service catalog-operator-metrics in namespace openshift-operator-lifecycle-manager
I0130 14:40:45.077168 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig create route passthrough catalog-metrics --service=catalog-operator-metrics --port=8443 -n openshift-operator-lifecycle-manager'
I0130 14:40:46.674976 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get route catalog-metrics -n openshift-operator-lifecycle-manager -o=jsonpath={.spec.host}'
I0130 14:40:47.633519 86340 olmv0_common.go:118] Route catalog-metrics created with host: catalog-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:40:47.633639 86340 olmv0_common.go:108] Creating route olm-metrics for service olm-operator-metrics in namespace openshift-operator-lifecycle-manager
I0130 14:40:47.633899 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig create route passthrough olm-metrics --service=olm-operator-metrics --port=8443 -n openshift-operator-lifecycle-manager'
I0130 14:40:49.376984 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get route olm-metrics -n openshift-operator-lifecycle-manager -o=jsonpath={.spec.host}'
I0130 14:40:50.677951 86340 olmv0_common.go:118] Route olm-metrics created with host: olm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:40:50.678064 86340 olmv0_common.go:108] Creating route psm-metrics for service package-server-manager-metrics in namespace openshift-operator-lifecycle-manager
I0130 14:40:50.678284 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig create route passthrough psm-metrics --service=package-server-manager-metrics --port=8443 -n openshift-operator-lifecycle-manager'
I0130 14:40:52.550459 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get route psm-metrics -n openshift-operator-lifecycle-manager -o=jsonpath={.spec.host}'
I0130 14:40:56.135924 86340 olmv0_common.go:118] Route psm-metrics created with host: psm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
STEP: 3) Verify TLS 1.2 connection works with Intermediate profile (should NOT contain NONE) @ 01/30/26 14:40:56.136
I0130 14:40:56.136135 86340 olmv0_common.go:123] Testing TLS 1.2 connection to route: marketplace-metrics-openshift-marketplace.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:40:57.232209 86340 olmv0_common.go:130] TLS 1.2 connection output for marketplace-metrics: New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
I0130 14:40:57.232419 86340 olmv0_common.go:136] TLS 1.2 connection to marketplace-metrics works correctly with Intermediate profile
I0130 14:40:57.232438 86340 olmv0_common.go:123] Testing TLS 1.2 connection to route: catalog-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:40:58.629605 86340 olmv0_common.go:130] TLS 1.2 connection output for catalog-metrics: New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
I0130 14:40:58.629802 86340 olmv0_common.go:136] TLS 1.2 connection to catalog-metrics works correctly with Intermediate profile
I0130 14:40:58.629821 86340 olmv0_common.go:123] Testing TLS 1.2 connection to route: olm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:02.484778 86340 olmv0_common.go:130] TLS 1.2 connection output for olm-metrics: New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
I0130 14:41:02.484952 86340 olmv0_common.go:136] TLS 1.2 connection to olm-metrics works correctly with Intermediate profile
I0130 14:41:02.484970 86340 olmv0_common.go:123] Testing TLS 1.2 connection to route: psm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:03.761022 86340 olmv0_common.go:130] TLS 1.2 connection output for psm-metrics: New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
I0130 14:41:03.761170 86340 olmv0_common.go:136] TLS 1.2 connection to psm-metrics works correctly with Intermediate profile
STEP: 4) Update TLS configuration to Modern profile @ 01/30/26 14:41:03.761
I0130 14:41:03.761651 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get apiserver cluster -o=jsonpath={.spec.tlsSecurityProfile}'
I0130 14:41:05.730052 86340 olmv0_common.go:143] Original TLS profile:
I0130 14:41:05.730478 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig patch apiserver cluster --type=merge -p {"spec":{"tlsSecurityProfile":{"type":"Modern","modern":{}}}}'
I0130 14:41:06.988819 86340 olmv0_common.go:166] TLS configuration updated to Modern profile
STEP: Waiting for TLS configuration to propagate to deployments @ 01/30/26 14:41:06.988
I0130 14:41:16.990582 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/package-server-manager -n openshift-operator-lifecycle-manager --since=2m'
I0130 14:41:20.556110 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/catalog-operator -n openshift-operator-lifecycle-manager --since=2m'
I0130 14:41:22.673838 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/olm-operator -n openshift-operator-lifecycle-manager --since=2m'
I0130 14:41:27.860087 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig logs deployment/marketplace-operator -n openshift-marketplace --since=2m'
STEP: 5) Verify TLS 1.2 connection fails with Modern profile (should contain NONE) @ 01/30/26 14:41:31.463
I0130 14:41:31.463724 86340 olmv0_common.go:191] Testing TLS 1.2 connection to route with Modern profile: marketplace-metrics-openshift-marketplace.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:32.077135 86340 olmv0_common.go:198] TLS 1.2 connection output for marketplace-metrics with Modern profile: New, (NONE), Cipher is (NONE)
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : 0000
I0130 14:41:32.077324 86340 olmv0_common.go:204] TLS 1.2 connection to marketplace-metrics correctly rejected with Modern profile
I0130 14:41:32.077381 86340 olmv0_common.go:191] Testing TLS 1.2 connection to route with Modern profile: catalog-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:32.682133 86340 olmv0_common.go:198] TLS 1.2 connection output for catalog-metrics with Modern profile: New, (NONE), Cipher is (NONE)
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : 0000
I0130 14:41:32.682360 86340 olmv0_common.go:204] TLS 1.2 connection to catalog-metrics correctly rejected with Modern profile
I0130 14:41:32.682381 86340 olmv0_common.go:191] Testing TLS 1.2 connection to route with Modern profile: olm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:33.307107 86340 olmv0_common.go:198] TLS 1.2 connection output for olm-metrics with Modern profile: New, (NONE), Cipher is (NONE)
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : 0000
I0130 14:41:33.307284 86340 olmv0_common.go:204] TLS 1.2 connection to olm-metrics correctly rejected with Modern profile
I0130 14:41:33.307302 86340 olmv0_common.go:191] Testing TLS 1.2 connection to route with Modern profile: psm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:34.023634 86340 olmv0_common.go:198] TLS 1.2 connection output for psm-metrics with Modern profile: New, (NONE), Cipher is (NONE)
Protocol: TLSv1.2
Protocol : TLSv1.2
Cipher : 0000
I0130 14:41:34.023845 86340 olmv0_common.go:204] TLS 1.2 connection to psm-metrics correctly rejected with Modern profile
STEP: 6) Get metrics using appropriate authentication method @ 01/30/26 14:41:34.023
I0130 14:41:34.024029 86340 tools.go:528] Getting a token assgined to specific serviceaccount from openshift-monitoring namespace...
I0130 14:41:34.024313 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig create token prometheus-k8s -n openshift-monitoring'
I0130 14:41:36.236404 86340 olmv0_common.go:213] Got prometheus-k8s token for OLM operator metrics
STEP: Extract client certificates from metrics-client-certs secret @ 01/30/26 14:41:36.236
I0130 14:41:36.236926 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get secret metrics-client-certs -n openshift-monitoring -o=jsonpath={.data.tls\.crt}'
I0130 14:41:37.607772 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig get secret metrics-client-certs -n openshift-monitoring -o=jsonpath={.data.tls\.key}'
I0130 14:41:38.647835 86340 olmv0_common.go:242] Client certificates extracted successfully
I0130 14:41:38.647928 86340 olmv0_common.go:245] Fetching metrics from route: marketplace-metrics-openshift-marketplace.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:38.647963 86340 olmv0_common.go:255] Using client certificate authentication for marketplace metrics
I0130 14:41:38.987282 86340 olmv0_common.go:264] Failed to fetch metrics from marketplace-metrics: exit status 4
I0130 14:41:38.987421 86340 olmv0_common.go:245] Fetching metrics from route: catalog-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:38.987468 86340 olmv0_common.go:259] Using bearer token authentication for catalog-metrics
I0130 14:41:40.302011 86340 olmv0_common.go:264] Failed to fetch metrics from catalog-metrics: exit status 4
I0130 14:41:40.302190 86340 olmv0_common.go:245] Fetching metrics from route: olm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:40.302253 86340 olmv0_common.go:259] Using bearer token authentication for olm-metrics
I0130 14:41:40.629497 86340 olmv0_common.go:264] Failed to fetch metrics from olm-metrics: exit status 4
I0130 14:41:40.629659 86340 olmv0_common.go:245] Fetching metrics from route: psm-metrics-openshift-operator-lifecycle-manager.apps.shudi-a2230.qe.devcluster.openshift.com
I0130 14:41:40.629772 86340 olmv0_common.go:259] Using bearer token authentication for psm-metrics
I0130 14:41:40.946689 86340 olmv0_common.go:264] Failed to fetch metrics from psm-metrics: exit status 4
I0130 14:41:40.946788 86340 olmv0_common.go:276] TLS Profile Consistency test completed successfully
STEP: Restoring original TLS configuration @ 01/30/26 14:41:40.984
I0130 14:41:40.985298 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig patch apiserver cluster --type=json -p [{"op": "remove", "path": "/spec/tlsSecurityProfile"}]'
I0130 14:41:42.870458 86340 olmv0_common.go:156] TLS configuration restored
I0130 14:42:12.873419 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig delete route marketplace-metrics -n openshift-marketplace --ignore-not-found'
I0130 14:42:15.242678 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig delete route catalog-metrics -n openshift-operator-lifecycle-manager --ignore-not-found'
I0130 14:42:19.744354 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig delete route olm-metrics -n openshift-operator-lifecycle-manager --ignore-not-found'
I0130 14:42:21.250400 86340 client.go:761] Running 'oc --kubeconfig=/Users/jiazha/22-kubeconfig delete route psm-metrics -n openshift-operator-lifecycle-manager --ignore-not-found'
I0130 14:42:23.554398 86340 client.go:524] Deleted {user.openshift.io/v1, Resource=users e2e-test-default-lgrlk-user}, err: <nil>
I0130 14:42:25.319295 86340 client.go:524] Deleted {oauth.openshift.io/v1, Resource=oauthclients e2e-client-e2e-test-default-lgrlk}, err: <nil>
I0130 14:42:27.103099 86340 client.go:524] Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens sha256~Hgw7Dw7_GwO8S7GwUTviAiT_r6FvMb5I5tfC8TD1fFc}, err: <nil>
STEP: Destroying namespace "e2e-test-default-lgrlk" for this suite. @ 01/30/26 14:42:27.104
• [500.152 seconds]
------------------------------
Ran 1 of 1 Specs in 500.153 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
Member
Author
|
Hi @kuiwang02 @Xia-Zhao-rh @bandrade , could you help approve it? Thanks! |
Contributor
|
Xia-Zhao-rh
reviewed
Jan 30, 2026
| }() | ||
|
|
||
| // Patch to Modern profile | ||
| _, err = oc.AsAdmin().WithoutNamespace().Run("patch").Args("apiserver", "cluster", "--type=merge", |
Contributor
There was a problem hiding this comment.
Will this patch action impact other cases (85743 and 85745)?
https://github.com/openshift/operator-framework-olm/blob/main/tests-extension/test/qe/specs/olmv0_common.go#L1363
Member
Author
There was a problem hiding this comment.
I don't think so. I will add [Disruptive] to avoid it.
kuiwang02
reviewed
Jan 30, 2026
| dr.RmIr(itName) | ||
| }) | ||
|
|
||
| g.It("PolarionID:87188-Central TLS Profile Consistency", g.Label("NonHyperShiftHOST"), func() { |
| for i, routeHost := range routeHosts { | ||
| e2e.Logf("Testing TLS 1.2 connection to route: %s", routeHost) | ||
| opensslCmd := fmt.Sprintf("echo | openssl s_client -connect %s:443 -tls1_2 2>&1 | grep -E 'Protocol|Cipher'", routeHost) | ||
| output, err := exec.Command("bash", "-c", opensslCmd).Output() |
Contributor
There was a problem hiding this comment.
@jianzhangbjz I am not sure if it outputs sensitive info. if yes, need to enhance it not to output it.
| e2e.Logf("TLS configuration restored") | ||
|
|
||
| // Wait for deployments to be ready after restore | ||
| time.Sleep(30 * time.Second) |
Contributor
There was a problem hiding this comment.
@jianzhangbjz we need to avoid such timer because it can not ensure the CO's status.
we expect the case fails if the CO is not back to normal, and case succeeds if the CO is back to normal.
your code will make case pass once CO is not back to normal.
I find https://github.com/openshift/openshift-tests-private/blob/main/test/extended/logging/utils.go#L2552-L2581 or https://github.com/openshift/openshift-tests-private/blob/main/test/extended/util/networking.go#L23 , and maybe you could make similar method in our util for it.
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| e2e.Logf("Original TLS profile: %s", originalTLSProfile) | ||
|
|
||
| defer func() { |
Contributor
There was a problem hiding this comment.
@jianzhangbjz better to put the defer code after
o.Expect(err).NotTo(o.HaveOccurred())before
e2e.Logf("TLS configuration updated to Modern profile")your current code will do it whether it patch successfully or not.
if putting it after that, will save 1 time if patching fails.
| _, err = oc.AsAdmin().WithoutNamespace().Run("patch").Args("apiserver", "cluster", "--type=merge", | ||
| "-p", `{"spec":{"tlsSecurityProfile":{"type":"Modern","modern":{}}}}`).Output() | ||
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| e2e.Logf("TLS configuration updated to Modern profile") |
Contributor
There was a problem hiding this comment.
@jianzhangbjz better to check if CO status is ok after e2e.Logf("TLS configuration updated to Modern profile")
I raise it because I find most of module case related to patch apiserver will check CO's status after patching. it should be best-pratice to make case stable.
Member
Author
There was a problem hiding this comment.
Yes, some CO's status will be unavailable.
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| o.Expect(clientCert).NotTo(o.BeEmpty()) | ||
|
|
||
| clientKey, err := oc.AsAdmin().WithoutNamespace().Run("get").Args("secret", "metrics-client-certs", "-n", "openshift-monitoring", "-o=jsonpath={.data.tls\\.key}").Output() |
Contributor
There was a problem hiding this comment.
@jianzhangbjz if it includes senstive info, could use NotShowInfo()
| keyFile := "/tmp/metrics-client-87188.key" | ||
|
|
||
| decodeCertCmd := fmt.Sprintf("echo '%s' | base64 -d > %s", clientCert, certFile) | ||
| _, err = exec.Command("bash", "-c", decodeCertCmd).Output() |
Contributor
There was a problem hiding this comment.
@jianzhangbjz if it output senstive info, please enhance it.
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
|
|
||
| decodeKeyCmd := fmt.Sprintf("echo '%s' | base64 -d > %s", clientKey, keyFile) | ||
| _, err = exec.Command("bash", "-c", decodeKeyCmd).Output() |
Contributor
There was a problem hiding this comment.
@jianzhangbjz if it output senstive info, please enhance it.
kuiwang02
reviewed
Jan 30, 2026
| dr.RmIr(itName) | ||
| }) | ||
|
|
||
| g.It("PolarionID:87188-Central TLS Profile Consistency", g.Label("NonHyperShiftHOST"), func() { |
jianzhangbjz
force-pushed
the
OCP-87188
branch
from
1b48aeb to
cf57c4a
Compare
jianzhangbjz
force-pushed
the
OCP-87188
branch
from
cf57c4a to
361a58d
Compare
Contributor
|
@jianzhangbjz: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As the title shows, but hold it until operator-framework/operator-marketplace#715 merged and the available nightly payload generated.