Skip to content

Webhook solver conformance bugfix #5736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 19, 2023
Merged

Webhook solver conformance bugfix #5736

merged 4 commits into from
Jan 19, 2023

Conversation

irbekrm
Copy link
Contributor

@irbekrm irbekrm commented Jan 18, 2023
edited
Loading

Fixes #5725

This PR fixes DNS webhook solver conformance test bug introduced in #5691 - in that PR I changed a webhook Solver interface implentation for RFC2136 to not start a Secrets informer factory and made some associated changes to integration tests which are a bit clunky for this particular Solver implementation.
The tests are being used as conformance tests by external webhook implementations and the changes broke their tests.

This PR:

  • reverts changes to tests that would affect third party solver implementations using them
  • makes some changes to the RFC2136 Solver implementation to make it work in the integration test setup (which does not generally match how it would normally run, but I think this is acceptable)
  • adds a bunch of comments to make it clearer which parts of the webhook solver code are going to be consumed by external webhook implementations

To reproduce the bug:

  1. checkout example-webhook code from this PR that bumps cert-manager dependency to latest https://github.com/irbekrm/webhook-example/tree/bump_deps
  2. run TEST_ZONE_NAME=example.com. make test that runs the conformance tests from cert-manager against the example webhook implementation
  3. observe an error

To observe the fix:

  1. checkout example-webhook code from this PR that bumps cert-manager dependency to latest https://github.com/irbekrm/webhook-example/tree/bump_deps
  2. Add replace github.com/cert-manager/cert-manager => github.com/irbekrm/cert-manager webhook_solver_conformance_bugfix to go.mod to pull in cert-manager from this PR
  3. Run go mod tidy
  4. run TEST_ZONE_NAME=example.com. make test that runs the conformance tests from cert-manager against the example webhook implementation
  5. Observe no errors
NONE

/kind bug

@irbekrm
A bunch of comments on webhook solver functionality
1834afa 
With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
RFC2136 solver has an init option to reset secrets lister
216b60e 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Resets secrets lister in RFC2136 conformance tests
644a46c 
The way the tests run (a new kube apiserver with a different client created for the same initialized solver) is not how this solver would actually run

Signed-off-by: irbekrm <irbekrm@gmail.com>
@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/acme Indicates a PR directly modifies the ACME Issuer code area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code approved Indicates a PR has been approved by an approver from all required OWNERS files. area/testing Issues relating to testing labels Jan 18, 2023
@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

/kind bug

@jetstack-bot jetstack-bot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jan 18, 2023
@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

/test

@jetstack-bot
Copy link
Contributor

@irbekrm: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

  • /test pull-cert-manager-master-chart
  • /test pull-cert-manager-master-e2e-v1-26
  • /test pull-cert-manager-master-e2e-v1-26-upgrade
  • /test pull-cert-manager-master-make-test

The following commands are available to trigger optional jobs:

  • /test pull-cert-manager-master-e2e-v1-21
  • /test pull-cert-manager-master-e2e-v1-22
  • /test pull-cert-manager-master-e2e-v1-23
  • /test pull-cert-manager-master-e2e-v1-24
  • /test pull-cert-manager-master-e2e-v1-25
  • /test pull-cert-manager-master-e2e-v1-26-feature-gates-disabled
  • /test pull-cert-manager-master-e2e-v1-26-issuers-venafi-cloud
  • /test pull-cert-manager-master-e2e-v1-26-issuers-venafi-tpp
  • /test pull-cert-manager-master-license

Use /test all to run the following jobs that were automatically triggered:

  • pull-cert-manager-master-chart
  • pull-cert-manager-master-e2e-v1-26
  • pull-cert-manager-master-e2e-v1-26-upgrade
  • pull-cert-manager-master-make-test

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

/test pull-cert-manager-master-e2e-v1-26-feature-gates-disabled
/test pull-cert-manager-master-e2e-v1-21
/test pull-cert-manager-master-e2e-v1-22

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

Seems to be an unrelated flake to do with venafi addons setup

/test pull-cert-manager-master-e2e-v1-26-feature-gates-disabled

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

network issues as far as I can tell

/test pull-cert-manager-master-e2e-v1-21

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 18, 2023

/test pull-cert-manager-master-e2e-v1-22
/test pull-cert-manager-master-e2e-v1-26

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 19, 2023

Some flake related to the skipped Venafi tests, unrelated, but probably worth looking into at some point https://prow.build-infra.jetstack.net/view/gs/jetstack-logs/pr-logs/pull/cert-manager_cert-manager/5736/pull-cert-manager-master-e2e-v1-26/1615787040345952256

/test pull-cert-manager-master-e2e-v1-26

SgtCoDFish
SgtCoDFish reviewed Jan 19, 2023
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nitpick about import ordering - sorry! This looks good to go though!

@SgtCoDFish
Copy link
Member

/cherry-pick release-1.11

@jetstack-bot
Copy link
Contributor

@SgtCoDFish: once the present PR merges, I will cherry-pick it on top of release-1.11 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@SgtCoDFish
Copy link
Member

/cherry-pick release-1.10

@jetstack-bot
Copy link
Contributor

@SgtCoDFish: once the present PR merges, I will cherry-pick it on top of release-1.10 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@irbekrm
Code review feedback: fix imports
438c79d 
Signed-off-by: irbekrm <irbekrm@gmail.com>
SgtCoDFish
SgtCoDFish approved these changes Jan 19, 2023
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

Thanks for this 👍

Question about backporting: Do people run the conformance tests against tagged versions or could they run against a branch? It seems a shame to do a patch release just for this testing change 🤔

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Jan 19, 2023
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irbekrm, SgtCoDFish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 19, 2023

Question about backporting: Do people run the conformance tests against tagged versions or could they run against a branch? It seems a shame to do a patch release just for this testing change

I agree with you, it does not make sense to cut a release just so as to get a tag.
I think for now it'll be okay to ask for folks to import from a branch, once the backport PRs merge I will update the example webhook deps and add a branch import so there's an example of doing that.

@irbekrm
Copy link
Contributor Author

irbekrm commented Jan 19, 2023

/test pull-cert-manager-master-e2e-v1-26

@jetstack-bot jetstack-bot merged commit c08b337 into cert-manager:master Jan 19, 2023
@jetstack-bot jetstack-bot added this to the v1.12 milestone Jan 19, 2023
@jetstack-bot jetstack-bot mentioned this pull request Jan 19, 2023
Merged
@jetstack-bot
Copy link
Contributor

@SgtCoDFish: new pull request created: #5738

In response to this:

/cherry-pick release-1.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot mentioned this pull request Jan 19, 2023
Merged
@jetstack-bot
Copy link
Contributor

@SgtCoDFish: new pull request created: #5739

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced Jan 19, 2023
Merged
Closed
@irbekrm irbekrm deleted the webhook_solver_conformance_bugfix branch March 9, 2023 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SgtCoDFish SgtCoDFish SgtCoDFish approved these changes

Assignees

@SgtCoDFish SgtCoDFish

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme/dns01 Indicates a PR modifies ACME DNS01 provider code area/acme Indicates a PR directly modifies the ACME Issuer code area/testing Issues relating to testing dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACME webhook conformance tests crashing with cert-manager 1.11.0 and 1.10.2
3 participants
@irbekrm @jetstack-bot @SgtCoDFish