Skip to content

CM-318: Add case to use explicit credentials in ACME DNS-01 on GCP#181

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift:masterfrom
lunarwhite:e2e-gcp
Nov 12, 2024
Merged

CM-318: Add case to use explicit credentials in ACME DNS-01 on GCP#181
openshift-merge-bot[bot] merged 1 commit intoopenshift:masterfrom
lunarwhite:e2e-gcp

Conversation

@lunarwhite
Copy link
Member

@lunarwhite lunarwhite commented Apr 9, 2024
edited
Loading

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Pass log:

go test \
-timeout 1h \
-count 1 \
-v \
-p 1 \
-tags e2e \
-run "" \
./test/e2e \
-ginkgo.label-filter="Platform: isSubsetOf {GCP}"

------------------------------
ACME Certificate
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:35
  dns-01 challenge with Google CloudDNS [Platform:GCP]
  /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:383
    should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer
    /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384
  > Enter [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.073
  STEP: creating Kube clients - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:41 @ 11/07/24 21:40:32.073
  STEP: adding override args to cert-manager controller - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:49 @ 11/07/24 21:40:32.345
  < Exit [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.898 (825ms)
  > Enter [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:32.898
  STEP: waiting for operator status to become available - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:67 @ 11/07/24 21:40:32.898
  < Exit [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:35.466 (2.569s)
  > Enter [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:40:35.466
  STEP: creating a test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:386 @ 11/07/24 21:40:35.467
  STEP: obtaining GCP credentials from kube-system namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:391 @ 11/07/24 21:40:35.768
  STEP: copying GCP secret service account to test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:396 @ 11/07/24 21:40:36.023
  STEP: getting GCP project ID from Infrastructure object - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:411 @ 11/07/24 21:40:36.301
  STEP: creating new certificate Issuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:418 @ 11/07/24 21:40:36.577
  STEP: creating new certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:457 @ 11/07/24 21:40:36.846
  STEP: waiting for certificate to get ready - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:481 @ 11/07/24 21:40:37.367
  STEP: checking for certificate validity from secret contents - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:485 @ 11/07/24 21:42:21.882
  < Exit [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:42:29.848 (1m54.383s)
• [117.777 seconds]

------------------------------

Ran 18 of 22 Specs in 554.625 seconds
SUCCESS! -- 18 Passed | 0 Failed | 0 Pending | 4 Skipped
--- PASS: TestAll (554.63s)
PASS
ok  	github.com/openshift/cert-manager-operator/test/e2e	764.757s

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 9, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Apr 9, 2024
edited by openshift-ci bot
Loading

@lunarwhite: This pull request references CM-318 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set.

Details

In response to this:

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Also change the origin case title.

Pass log 
Running Suite: Cert Manager Suite - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e
============================================================================================================
Random Seed: 1712666438

Will run 2 of 21 specs
------------------------------
[BeforeSuite] 
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/suite_test.go:85
 STEP: creating Kubernetes client set @ 04/09/24 20:40:38.393
 STEP: creating cert-manager operator client @ 04/09/24 20:40:38.394
 STEP: verifying operator and cert-manager deployments status is available @ 04/09/24 20:40:38.394
 STEP: creating dynamic resources client @ 04/09/24 20:40:39.215
 STEP: creating openshift config client @ 04/09/24 20:40:39.219
 STEP: creating cert-manager client @ 04/09/24 20:40:39.219
[BeforeSuite] PASSED [0.828 seconds]
------------------------------
SSSSSSSSSSSSSSSS
------------------------------
ACME Certificate dns-01 challenge using explicit credentials should obtain a valid LetsEncrypt certificate on GCP cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:178
 STEP: creating Kube clients @ 04/09/24 20:40:39.22
 STEP: adding override args to cert-manager controller @ 04/09/24 20:40:39.453
 STEP: waiting for operator status to become available @ 04/09/24 20:40:39.887
 STEP: creating a test namespace @ 04/09/24 20:40:42.296
 STEP: obtaining GCP credentials from kube-system namespace @ 04/09/24 20:40:43.003
 STEP: copying GCP secret service account to test namespace @ 04/09/24 20:40:43.225
 STEP: getting GCP project id from Infrastructure object @ 04/09/24 20:40:43.489
 STEP: creating new certificate Issuer @ 04/09/24 20:40:43.701
 STEP: creating new certificate @ 04/09/24 20:40:43.956
 STEP: waiting for certificate to get ready @ 04/09/24 20:40:44.166
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:42:27.585
• [117.380 seconds]
------------------------------
SS
------------------------------
ACME Certificate dns-01 challenge using ambient credentials should obtain a valid LetsEncrypt certificate using ClusterIssuer on GCP mint/passthrough cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:483
 STEP: waiting for operator status to become available @ 04/09/24 20:42:36.601
 STEP: Getting Infrastructure object @ 04/09/24 20:42:37.003
 STEP: Check cloud credential in cluster @ 04/09/24 20:42:37.215
 STEP: Creating CredentialsRequest object @ 04/09/24 20:42:37.442
 STEP: Waiting for cloud secret to be available @ 04/09/24 20:42:40.528
 STEP: Configure cert-manager to use credential, setting this credential secret name in subscription object @ 04/09/24 20:42:56.978
 STEP: Creating new certificate ClusterIssuer @ 04/09/24 20:42:57.428
 STEP: Creating a test namespace @ 04/09/24 20:42:59.92
 STEP: Creating new certificate @ 04/09/24 20:43:00.151
 STEP: Waiting for certificate to get ready @ 04/09/24 20:43:02.381
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:45:50.794
 STEP: resetting cert-manager state @ 04/09/24 20:45:59.698
• [204.037 seconds]
------------------------------
S
------------------------------
[ReportAfterSuite] Autogenerated ReportAfterSuite for --json-report --junit-report
autogenerated by Ginkgo
[ReportAfterSuite] PASSED [0.011 seconds]
------------------------------

Ran 2 of 21 Specs in 322.247 seconds
SUCCESS! -- 2 Passed | 0 Failed | 0 Pending | 19 Skipped

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 9, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Apr 9, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@lunarwhite
Copy link
Member Author

lunarwhite commented Apr 10, 2024

/test e2e-operator

@lunarwhite
Copy link
Member Author

lunarwhite commented Apr 10, 2024

Async
/cc @swghosh @xingxingxia

@openshift-ci openshift-ci bot requested review from swghosh and xingxingxia April 10, 2024 03:43
@lunarwhite lunarwhite marked this pull request as ready for review April 10, 2024 03:43
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 10, 2024
@openshift-ci openshift-ci bot requested a review from deads2k April 10, 2024 03:44
@xingxingxia
Copy link
Contributor

xingxingxia commented Apr 11, 2024

/lgtm
/label qe-approved
@swghosh help review/merge when having some chance. Thanks!

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Apr 11, 2024
@openshift-bot
Copy link

openshift-bot commented Apr 11, 2024
edited by openshift-ci bot
Loading

@lunarwhite: This pull request references CM-318 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set.

Details

In response to this:

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Also change the origin case title.

Pass log 
Running Suite: Cert Manager Suite - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e
============================================================================================================
Random Seed: 1712666438

Will run 2 of 21 specs
------------------------------
[BeforeSuite] 
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/suite_test.go:85
 STEP: creating Kubernetes client set @ 04/09/24 20:40:38.393
 STEP: creating cert-manager operator client @ 04/09/24 20:40:38.394
 STEP: verifying operator and cert-manager deployments status is available @ 04/09/24 20:40:38.394
 STEP: creating dynamic resources client @ 04/09/24 20:40:39.215
 STEP: creating openshift config client @ 04/09/24 20:40:39.219
 STEP: creating cert-manager client @ 04/09/24 20:40:39.219
[BeforeSuite] PASSED [0.828 seconds]
------------------------------
SSSSSSSSSSSSSSSS
------------------------------
ACME Certificate dns-01 challenge using explicit credentials should obtain a valid LetsEncrypt certificate on GCP cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:178
 STEP: creating Kube clients @ 04/09/24 20:40:39.22
 STEP: adding override args to cert-manager controller @ 04/09/24 20:40:39.453
 STEP: waiting for operator status to become available @ 04/09/24 20:40:39.887
 STEP: creating a test namespace @ 04/09/24 20:40:42.296
 STEP: obtaining GCP credentials from kube-system namespace @ 04/09/24 20:40:43.003
 STEP: copying GCP secret service account to test namespace @ 04/09/24 20:40:43.225
 STEP: getting GCP project id from Infrastructure object @ 04/09/24 20:40:43.489
 STEP: creating new certificate Issuer @ 04/09/24 20:40:43.701
 STEP: creating new certificate @ 04/09/24 20:40:43.956
 STEP: waiting for certificate to get ready @ 04/09/24 20:40:44.166
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:42:27.585
• [117.380 seconds]
------------------------------
SS
------------------------------
ACME Certificate dns-01 challenge using ambient credentials should obtain a valid LetsEncrypt certificate using ClusterIssuer on GCP mint/passthrough cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:483
 STEP: waiting for operator status to become available @ 04/09/24 20:42:36.601
 STEP: Getting Infrastructure object @ 04/09/24 20:42:37.003
 STEP: Check cloud credential in cluster @ 04/09/24 20:42:37.215
 STEP: Creating CredentialsRequest object @ 04/09/24 20:42:37.442
 STEP: Waiting for cloud secret to be available @ 04/09/24 20:42:40.528
 STEP: Configure cert-manager to use credential, setting this credential secret name in subscription object @ 04/09/24 20:42:56.978
 STEP: Creating new certificate ClusterIssuer @ 04/09/24 20:42:57.428
 STEP: Creating a test namespace @ 04/09/24 20:42:59.92
 STEP: Creating new certificate @ 04/09/24 20:43:00.151
 STEP: Waiting for certificate to get ready @ 04/09/24 20:43:02.381
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:45:50.794
 STEP: resetting cert-manager state @ 04/09/24 20:45:59.698
• [204.037 seconds]
------------------------------
S
------------------------------
[ReportAfterSuite] Autogenerated ReportAfterSuite for --json-report --junit-report
autogenerated by Ginkgo
[ReportAfterSuite] PASSED [0.011 seconds]
------------------------------

Ran 2 of 21 Specs in 322.247 seconds
SUCCESS! -- 2 Passed | 0 Failed | 0 Pending | 19 Skipped

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 11, 2024
@swghosh
Copy link
Member

swghosh commented Jun 12, 2024

/test fips-image-scan

@xingxingxia
Copy link
Contributor

xingxingxia commented Jun 20, 2024

@swghosh @TrilokGeer help approve when you have a chance :)
Same for #179 . Thanks!

@swghosh
Copy link
Member

swghosh commented Jun 25, 2024

/test fips-image-scan

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jun 25, 2024

@lunarwhite: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/fips-image-scan ba7781c link true /test fips-image-scan

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@swghosh
Copy link
Member

swghosh commented Jul 3, 2024

/lgtm

@swghosh
Copy link
Member

swghosh commented Jul 3, 2024
edited
Loading

/label docs-approved
/label px-approved
No docs and px required for these changes - only e2e test cases are being added.

@openshift-ci openshift-ci bot added docs-approved Signifies that Docs has signed off on this PR px-approved Signifies that Product Support has signed off on this PR labels Jul 3, 2024
TrilokGeer
TrilokGeer reviewed Jul 16, 2024
View reviewed changes
test/e2e/certificates_test.go Outdated
By("getting Infrastructure object to check plaform type")
infra, err := configClient.Infrastructures().Get(ctx, "cluster", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())
if infra.Status.PlatformStatus.Type != configv1.GCPPlatformType {
Copy link
Contributor

@TrilokGeer TrilokGeer Jul 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a util function would help platform type differentiation.

test/e2e/certificates_test.go Outdated
defer loader.DeleteTestingNS(ns.Name)

By("obtaining GCP credentials from kube-system namespace")
gcpCredsSecret, err := loader.KubeClient.CoreV1().Secrets("kube-system").Get(ctx, "gcp-credentials", metav1.GetOptions{})
Copy link
Contributor

@TrilokGeer TrilokGeer Jul 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we generalize platform-specific requests to beforesuite() ? This'd help to fail the suite early in case of access issues with platforms than iterating the testcases.

Copy link
Member

@swghosh swghosh Jul 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 we can filter out basis of platform on BeforeSuite or somewhere early.
I had a PoC with use of label filters that I was experimenting in #192 we can use similar if that makes sense. Also, considering what is in #192, I used two different Test* go func(s) to run separate suites that ginkgo doesn't generally avoid and while refactoring it we should ensure to not use that. Our Makefile can use a environment var for platform = AWS / GCP / etc. which ginkgo can filter via labels, if that sounds reasonable.

@swghosh
Copy link
Member

swghosh commented Jul 17, 2024
edited by openshift-ci bot
Loading

/retitle CM-318,CM-261: Add case to use explicit credentials in ACME DNS-01 on GCP

@openshift-ci openshift-ci bot changed the title CM-318: Add case to use explicit credentials in ACME DNS-01 on GCP CM-318,CM-261: Add case to use explicit credentials in ACME DNS-01 on GCP Jul 17, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 17, 2024
edited by openshift-ci bot
Loading

@lunarwhite: This pull request references CM-318 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.17.0" version, but no target version was set.

This pull request references CM-261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Also change the origin case title.

Pass log 
Running Suite: Cert Manager Suite - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e
============================================================================================================
Random Seed: 1712666438

Will run 2 of 21 specs
------------------------------
[BeforeSuite] 
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/suite_test.go:85
 STEP: creating Kubernetes client set @ 04/09/24 20:40:38.393
 STEP: creating cert-manager operator client @ 04/09/24 20:40:38.394
 STEP: verifying operator and cert-manager deployments status is available @ 04/09/24 20:40:38.394
 STEP: creating dynamic resources client @ 04/09/24 20:40:39.215
 STEP: creating openshift config client @ 04/09/24 20:40:39.219
 STEP: creating cert-manager client @ 04/09/24 20:40:39.219
[BeforeSuite] PASSED [0.828 seconds]
------------------------------
SSSSSSSSSSSSSSSS
------------------------------
ACME Certificate dns-01 challenge using explicit credentials should obtain a valid LetsEncrypt certificate on GCP cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:178
 STEP: creating Kube clients @ 04/09/24 20:40:39.22
 STEP: adding override args to cert-manager controller @ 04/09/24 20:40:39.453
 STEP: waiting for operator status to become available @ 04/09/24 20:40:39.887
 STEP: creating a test namespace @ 04/09/24 20:40:42.296
 STEP: obtaining GCP credentials from kube-system namespace @ 04/09/24 20:40:43.003
 STEP: copying GCP secret service account to test namespace @ 04/09/24 20:40:43.225
 STEP: getting GCP project id from Infrastructure object @ 04/09/24 20:40:43.489
 STEP: creating new certificate Issuer @ 04/09/24 20:40:43.701
 STEP: creating new certificate @ 04/09/24 20:40:43.956
 STEP: waiting for certificate to get ready @ 04/09/24 20:40:44.166
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:42:27.585
• [117.380 seconds]
------------------------------
SS
------------------------------
ACME Certificate dns-01 challenge using ambient credentials should obtain a valid LetsEncrypt certificate using ClusterIssuer on GCP mint/passthrough cluster
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:483
 STEP: waiting for operator status to become available @ 04/09/24 20:42:36.601
 STEP: Getting Infrastructure object @ 04/09/24 20:42:37.003
 STEP: Check cloud credential in cluster @ 04/09/24 20:42:37.215
 STEP: Creating CredentialsRequest object @ 04/09/24 20:42:37.442
 STEP: Waiting for cloud secret to be available @ 04/09/24 20:42:40.528
 STEP: Configure cert-manager to use credential, setting this credential secret name in subscription object @ 04/09/24 20:42:56.978
 STEP: Creating new certificate ClusterIssuer @ 04/09/24 20:42:57.428
 STEP: Creating a test namespace @ 04/09/24 20:42:59.92
 STEP: Creating new certificate @ 04/09/24 20:43:00.151
 STEP: Waiting for certificate to get ready @ 04/09/24 20:43:02.381
 STEP: checking for certificate validity from secret contents @ 04/09/24 20:45:50.794
 STEP: resetting cert-manager state @ 04/09/24 20:45:59.698
• [204.037 seconds]
------------------------------
S
------------------------------
[ReportAfterSuite] Autogenerated ReportAfterSuite for --json-report --junit-report
autogenerated by Ginkgo
[ReportAfterSuite] PASSED [0.011 seconds]
------------------------------

Ran 2 of 21 Specs in 322.247 seconds
SUCCESS! -- 2 Passed | 0 Failed | 0 Pending | 19 Skipped

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@lunarwhite lunarwhite mentioned this pull request Jul 24, 2024
Merged
swghosh
swghosh reviewed Aug 21, 2024
View reviewed changes
Copy link
Member

@swghosh swghosh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got the aim for this PR
(being: AWS has both explicit, implicit creds issuer, GCP lacks explicit creds; supporting completeness of tests),
but it seems to me that it'd be worth to re-work this PR a bit on the basis of #194 (once t'is merged).

It'd help in adding the Platform:GCP label to this specific test and avoid unnecessary rebase across conflict too. Hope that works!

@swghosh
Copy link
Member

swghosh commented Aug 30, 2024
edited
Loading

generally looking fine on the contents of the test case,
might need some re-work on the ginkgo
/hold
please consider merging this only after #194
also, that should take care of the merge conflict IMO

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 30, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 30, 2024
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 7, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 7, 2024
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 7, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 7, 2024
edited by openshift-ci bot
Loading

@lunarwhite: This pull request references CM-318 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.18.0" version, but no target version was set.

This pull request references CM-261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

Details

In response to this:

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Pass log:

go test \
-timeout 1h \
-count 1 \
-v \
-p 1 \
-tags e2e \
-run "" \
./test/e2e \
-ginkgo.label-filter="Platform: isSubsetOf {GCP}"

------------------------------
ACME Certificate
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:35
 dns-01 challenge with Google CloudDNS [Platform:GCP]
 /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:383
   should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer
   /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384
 > Enter [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.073
 STEP: creating Kube clients - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:41 @ 11/07/24 21:40:32.073
 STEP: adding override args to cert-manager controller - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:49 @ 11/07/24 21:40:32.345
 < Exit [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.898 (825ms)
 > Enter [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:32.898
 STEP: waiting for operator status to become available - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:67 @ 11/07/24 21:40:32.898
 < Exit [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:35.466 (2.569s)
 > Enter [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:40:35.466
 STEP: creating a test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:386 @ 11/07/24 21:40:35.467
 STEP: obtaining GCP credentials from kube-system namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:391 @ 11/07/24 21:40:35.768
 STEP: copying GCP secret service account to test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:396 @ 11/07/24 21:40:36.023
 STEP: getting GCP project ID from Infrastructure object - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:411 @ 11/07/24 21:40:36.301
 STEP: creating new certificate Issuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:418 @ 11/07/24 21:40:36.577
 STEP: creating new certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:457 @ 11/07/24 21:40:36.846
 STEP: waiting for certificate to get ready - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:481 @ 11/07/24 21:40:37.367
 STEP: checking for certificate validity from secret contents - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:485 @ 11/07/24 21:42:21.882
 < Exit [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:42:29.848 (1m54.383s)
• [117.777 seconds]

------------------------------

Ran 18 of 22 Specs in 554.625 seconds
SUCCESS! -- 18 Passed | 0 Failed | 0 Pending | 4 Skipped
--- PASS: TestAll (554.63s)
PASS
ok  	github.com/openshift/cert-manager-operator/test/e2e	764.757s

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@lunarwhite lunarwhite changed the title CM-318,CM-261: Add case to use explicit credentials in ACME DNS-01 on GCP CM-318: Add case to use explicit credentials in ACME DNS-01 on GCP Nov 7, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 7, 2024
edited by openshift-ci bot
Loading

@lunarwhite: This pull request references CM-318 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.18.0" version, but no target version was set.

Details

In response to this:

Configuring an ACME issuer by using explicit credentials for GCP CloudDNS

Similair to "should obtain a valid LetsEncrypt certificate", but change to use CloudDNS DNS-01 solver

Pass log:

go test \
-timeout 1h \
-count 1 \
-v \
-p 1 \
-tags e2e \
-run "" \
./test/e2e \
-ginkgo.label-filter="Platform: isSubsetOf {GCP}"

------------------------------
ACME Certificate
/Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:35
 dns-01 challenge with Google CloudDNS [Platform:GCP]
 /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:383
   should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer
   /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384
 > Enter [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.073
 STEP: creating Kube clients - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:41 @ 11/07/24 21:40:32.073
 STEP: adding override args to cert-manager controller - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:49 @ 11/07/24 21:40:32.345
 < Exit [BeforeAll] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:40 @ 11/07/24 21:40:32.898 (825ms)
 > Enter [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:32.898
 STEP: waiting for operator status to become available - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:67 @ 11/07/24 21:40:32.898
 < Exit [BeforeEach] ACME Certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:66 @ 11/07/24 21:40:35.466 (2.569s)
 > Enter [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:40:35.466
 STEP: creating a test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:386 @ 11/07/24 21:40:35.467
 STEP: obtaining GCP credentials from kube-system namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:391 @ 11/07/24 21:40:35.768
 STEP: copying GCP secret service account to test namespace - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:396 @ 11/07/24 21:40:36.023
 STEP: getting GCP project ID from Infrastructure object - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:411 @ 11/07/24 21:40:36.301
 STEP: creating new certificate Issuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:418 @ 11/07/24 21:40:36.577
 STEP: creating new certificate - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:457 @ 11/07/24 21:40:36.846
 STEP: waiting for certificate to get ready - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:481 @ 11/07/24 21:40:37.367
 STEP: checking for certificate validity from secret contents - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:485 @ 11/07/24 21:42:21.882
 < Exit [It] should obtain a valid LetsEncrypt certificate using explicit credentials with ClusterIssuer - /Users/yuewu/Documents/workspace/fork/ocp-cert-manager-operator/test/e2e/certificates_test.go:384 @ 11/07/24 21:42:29.848 (1m54.383s)
• [117.777 seconds]

------------------------------

Ran 18 of 22 Specs in 554.625 seconds
SUCCESS! -- 18 Passed | 0 Failed | 0 Pending | 4 Skipped
--- PASS: TestAll (554.63s)
PASS
ok  	github.com/openshift/cert-manager-operator/test/e2e	764.757s

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@lunarwhite
Copy link
Member Author

lunarwhite commented Nov 7, 2024
edited
Loading

@swghosh Ready for another review. You could take a look when you're around. TYIA!
EDIT: pass log updated in: #181 (comment)

@swghosh
Copy link
Member

swghosh commented Nov 12, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 12, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 12, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lunarwhite, swghosh, xingxingxia

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@swghosh
Copy link
Member

swghosh commented Nov 12, 2024

/remove-hold

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 12, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 628090a into openshift:master Nov 12, 2024
@lunarwhite lunarwhite deleted the e2e-gcp branch November 12, 2024 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TrilokGeer TrilokGeer TrilokGeer left review comments

@xingxingxia xingxingxia Awaiting requested review from xingxingxia

@deads2k deads2k Awaiting requested review from deads2k

+1 more reviewer

@swghosh swghosh swghosh left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@swghosh swghosh

@xingxingxia xingxingxia

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. docs-approved Signifies that Docs has signed off on this PR jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. px-approved Signifies that Product Support has signed off on this PR qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@lunarwhite @openshift-ci-robot @xingxingxia @openshift-bot @swghosh @TrilokGeer @openshift-merge-robot