Skip to content

Commit ac18ecf

Browse files
gangwgrgangwgr
committed
TLS propagation test
1 parent ac3bb40 commit ac18ecf

6 files changed

Lines changed: 1921 additions & 2 deletions

File tree

log

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
I0310 13:36:07.195791 11792 i18n.go:139] Couldn't find translations for en_IN, using default
2+
I0310 13:36:07.314155 11792 binary.go:78] Found 8569 test specs
3+
I0310 13:36:07.315187 11792 binary.go:95] 1119 test specs remain, after filtering out k8s
4+
openshift-tests v4.1.0-10773-gce82a97
5+
I0310 13:36:12.554906 11792 test_setup.go:125] Extended test version v4.1.0-10773-gce82a97
6+
I0310 13:36:12.555070 11792 test_context.go:559] Tolerating taints "node-role.kubernetes.io/control-plane" when considering if nodes are ready
7+
I0310 13:36:12.789860 11792 binary.go:122] Loaded test configuration: &framework.TestContextType{KubeConfig:"/Users/rgangwar/office-work/kubeconfig/kube.txt1", KubeContext:"", KubeAPIContentType:"application/vnd.kubernetes.protobuf", KubeletRootDir:"/var/lib/kubelet", KubeletConfigDropinDir:"", CertDir:"", Host:"https://api.ci-op-pd7p726c.ocpqe.arm.eng.rdu2.redhat.com:6443", BearerToken:"<redacted>", RepoRoot:"../../", ListImages:false, listTests:false, listLabels:false, ListConformanceTests:false, Provider:"skeleton", Tooling:"", timeouts:framework.TimeoutContext{Poll:2000000000, PodStart:300000000000, PodStartShort:120000000000, PodStartSlow:900000000000, PodDelete:300000000000, ClaimProvision:300000000000, DataSourceProvision:300000000000, ClaimProvisionShort:60000000000, ClaimBound:180000000000, PVReclaim:180000000000, PVBound:180000000000, PVCreate:180000000000, PVDelete:300000000000, PVDeleteSlow:1200000000000, SnapshotCreate:300000000000, SnapshotDelete:300000000000, SnapshotControllerMetrics:300000000000, SystemPodsStartup:600000000000, NodeSchedulable:1800000000000, SystemDaemonsetStartup:300000000000, NodeNotReady:180000000000}, CloudConfig:framework.CloudConfig{APIEndpoint:"", ProjectID:"", Zone:"", Zones:[]string{}, Region:"", MultiZone:false, MultiMaster:true, Cluster:"", MasterName:"", NodeInstanceGroup:"", NumNodes:3, ClusterIPRange:"", ClusterTag:"", Network:"", ConfigFile:"", NodeTag:"", MasterTag:"", Provider:framework.NullProvider{}}, KubectlPath:"kubectl", OutputDir:"/tmp", ReportDir:"", ReportPrefix:"", ReportCompleteGinkgo:false, ReportCompleteJUnit:false, Prefix:"e2e", MinStartupPods:-1, EtcdUpgradeStorage:"", EtcdUpgradeVersion:"", GCEUpgradeScript:"", ContainerRuntimeEndpoint:"unix:///run/containerd/containerd.sock", ContainerRuntimeProcessName:"containerd", ContainerRuntimePidFile:"/run/containerd/containerd.pid", SystemdServices:"containerd*", DumpSystemdJournal:false, ImageServiceEndpoint:"", MasterOSDistro:"custom", NodeOSDistro:"custom", NodeOSArch:"amd64", VerifyServiceAccount:true, DeleteNamespace:true, DeleteNamespaceOnFailure:true, AllowedNotReadyNodes:-1, CleanStart:false, GatherKubeSystemResourceUsageData:"false", GatherLogsSizes:false, GatherMetricsAfterTest:"false", GatherSuiteMetricsAfterTest:false, MaxNodesToGather:0, IncludeClusterAutoscalerMetrics:false, OutputPrintType:"json", CreateTestingNS:(framework.CreateTestingNSFn)(0x103b06570), DumpLogsOnFailure:true, DisableLogDump:false, LogexporterGCSPath:"", NodeTestContextType:framework.NodeTestContextType{NodeE2E:false, NodeName:"", NodeConformance:false, PrepullImages:false, ImageDescription:"", RuntimeConfig:map[string]string(nil), SystemSpecName:"", RestartKubelet:false, ExtraEnvs:map[string]string(nil), StandaloneMode:false, CriProxyEnabled:false}, ClusterDNSDomain:"cluster.local", NodeKiller:framework.NodeKillerConfig{Enabled:false, FailureRatio:0.01, Interval:60000000000, JitterFactor:60, SimulatedDowntime:600000000000, NodeKillerStopCtx:context.Context(nil), NodeKillerStop:(func())(nil)}, IPFamily:"ipv6", NonblockingTaints:"node-role.kubernetes.io/control-plane", ProgressReportURL:"", SriovdpConfigMapFile:"", SpecSummaryOutput:"", DockerConfigFile:"", E2EDockerConfigFile:"", KubeTestRepoList:"", SnapshotControllerPodName:"", SnapshotControllerHTTPPort:0, RequireDevices:false, EnabledVolumeDrivers:[]string(nil)}
8+
I0310 13:36:12.809266 11792 discovery.go:214] Invalidating discovery information
9+
[
10+
{
11+
"name": "[sig-api-machinery][Feature:TLSObservedConfig][Suite:openshift/tls-observed-config][Serial] should restore inject-tls annotation after deletion - openshift-image-registry [Serial] [Disruptive]",
12+
"lifecycle": "blocking",
13+
"duration": 217502,
14+
"startTime": "2026-03-10 08:06:12.790209 UTC",
15+
"endTime": "2026-03-10 08:09:50.292431 UTC",
16+
"result": "passed",
17+
"output": " STEP: Creating a kubernetes client @ 03/10/26 13:36:12.808\nI0310 13:36:16.639263 11792 client.go:293] configPath is now \"/var/folders/14/wkhr28xn4x10z1rxnvh42bdh0000gn/T/configfile1280964152\"\nI0310 13:36:16.639383 11792 client.go:368] The user is now \"e2e-test-tls-observed-config-vrbvm-user\"\nI0310 13:36:16.639406 11792 client.go:370] Creating project \"e2e-test-tls-observed-config-vrbvm\"\nI0310 13:36:16.906451 11792 client.go:378] Waiting on permissions in project \"e2e-test-tls-observed-config-vrbvm\" ...\nI0310 13:36:17.862761 11792 client.go:407] DeploymentConfig capability is enabled, adding 'deployer' SA to the list of default SAs\nI0310 13:36:18.104400 11792 client.go:422] Waiting for ServiceAccount \"default\" to be provisioned...\nI0310 13:36:18.682100 11792 client.go:422] Waiting for ServiceAccount \"builder\" to be provisioned...\nI0310 13:36:19.255767 11792 client.go:422] Waiting for ServiceAccount \"deployer\" to be provisioned...\nI0310 13:36:19.826107 11792 client.go:432] Waiting for RoleBinding \"system:image-pullers\" to be provisioned...\nI0310 13:36:20.291796 11792 client.go:432] Waiting for RoleBinding \"system:image-builders\" to be provisioned...\nI0310 13:36:20.759103 11792 client.go:432] Waiting for RoleBinding \"system:deployers\" to be provisioned...\nI0310 13:36:22.851526 11792 client.go:469] Project \"e2e-test-tls-observed-config-vrbvm\" has been fully provisioned.\nI0310 13:36:22.853048 11792 framework.go:2324] [precondition-check] checking if cluster is MicroShift\nI0310 13:36:23.094682 11792 framework.go:2348] IsMicroShiftCluster: microshift-version configmap not found, not MicroShift\n STEP: verifying namespace openshift-image-registry exists @ 03/10/26 13:36:23.332\n STEP: getting ConfigMap openshift-image-registry/image-registry-operator-config @ 03/10/26 13:36:23.566\n STEP: deleting config.openshift.io/inject-tls annotation @ 03/10/26 13:36:23.803\nI0310 13:36:24.049482 11792 tls_observed_config.go:923] Deleted inject-tls annotation from ConfigMap openshift-image-registry/image-registry-operator-config\n STEP: waiting for operator to restore the inject-tls annotation @ 03/10/26 13:36:24.049\nI0310 13:36:24.289397 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:29.347815 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:34.399784 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:39.289434 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:44.286629 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:49.288068 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:54.289617 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:36:59.315737 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:04.301970 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:09.295681 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:14.340958 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:19.299495 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:24.303065 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:29.316348 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:34.285756 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:39.286456 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:44.425704 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:49.303090 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:54.301397 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:37:59.373851 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:04.288456 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:09.289678 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:14.296162 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:19.285659 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:24.298160 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:29.378706 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:34.394178 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:39.289808 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:44.353088 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:49.342385 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:54.286240 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:38:59.319569 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:04.302470 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:09.286144 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:14.293927 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:19.285106 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:24.304289 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:29.304309 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:34.403203 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:39.287719 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:44.303564 11792 tls_observed_config.go:940] poll: annotation not yet restored (found=false, val=)\nI0310 13:39:49.288746 11792 tls_observed_config.go:937] poll: annotation restored! inject-tls=true\nI0310 13:39:49.288913 11792 tls_observed_config.go:947] PASS: inject-tls annotation was restored after deletion on ConfigMap openshift-image-registry/image-registry-operator-config\nI0310 13:39:49.556535 11792 client.go:689] Deleted {user.openshift.io/v1, Resource=users e2e-test-tls-observed-config-vrbvm-user}, err: \u003cnil\u003e\nI0310 13:39:49.807703 11792 client.go:689] Deleted {oauth.openshift.io/v1, Resource=oauthclients e2e-client-e2e-test-tls-observed-config-vrbvm}, err: \u003cnil\u003e\nI0310 13:39:50.044026 11792 client.go:689] Deleted {oauth.openshift.io/v1, Resource=oauthaccesstokens sha256~f4e_qI-W2hrIMpcsjE6XtsOcLR-hFqOBXtpdbRYgD28}, err: \u003cnil\u003e\n STEP: Destroying namespace \"e2e-test-tls-observed-config-vrbvm\" for this suite. @ 03/10/26 13:39:50.044\n"
18+
}
19+
]

pkg/testsuites/standard_suites.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -478,6 +478,23 @@ var staticSuites = []ginkgo.TestSuite{
478478
TestTimeout: 40 * time.Minute,
479479
ClusterStabilityDuringTest: ginkgo.Disruptive,
480480
},
481+
{
482+
Name: "openshift/tls-observed-config",
483+
Description: templates.LongDesc(`
484+
Tests that verify TLS configuration is properly propagated from the cluster
485+
APIServer to operator workloads. This includes ObservedConfig verification,
486+
deployment env var checks, and wire-level TLS enforcement for services that
487+
adopt the TLS config sync pattern (e.g. image-registry, controller-manager).
488+
The suite includes a disruptive config-change test that switches the cluster
489+
to Modern TLS profile and validates all targets.
490+
`),
491+
Qualifiers: []string{
492+
withStandardEarlyOrLateTests(`name.contains("[Suite:openshift/tls-observed-config]")`),
493+
},
494+
Parallelism: 1,
495+
TestTimeout: 40 * time.Minute,
496+
ClusterStabilityDuringTest: ginkgo.Disruptive,
497+
},
481498
}
482499

483500
func withExcludedTestsFilter(baseExpr string) string {

test/extended/cli/mustgather.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -609,13 +609,13 @@ var _ = g.Describe("[sig-cli] oc adm must-gather", func() {
609609
// Use the CI-accessible openshift/must-gather imagestream instead of external registry images
610610
err = oc.AsAdmin().WithoutNamespace().Run("adm").Args("must-gather", "--image-stream=openshift/must-gather", "--dest-dir="+tempDir1).Execute()
611611
o.Expect(err).NotTo(o.HaveOccurred(), "must-gather with imagestream should succeed")
612-
checkGatherLogsForImage(tempDir1)
612+
checkGatherLogsForImage(tempDir1)
613613

614614
// Check if gather.logs exists for multiple imagestreams when passed to must-gather
615615
// This tests the multi-image functionality using CI-accessible imagestreams
616616
err = oc.AsAdmin().WithoutNamespace().Run("adm").Args("must-gather", "--image-stream=openshift/must-gather", "--image-stream=openshift/must-gather", "--dest-dir="+tempDir2).Execute()
617617
o.Expect(err).NotTo(o.HaveOccurred(), "must-gather with multiple imagestreams should succeed")
618-
checkGatherLogsForImage(tempDir2)
618+
checkGatherLogsForImage(tempDir2)
619619
})
620620
})
621621

test/extended/include.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ import (
5757
_ "github.com/openshift/origin/test/extended/storage"
5858
_ "github.com/openshift/origin/test/extended/tbr_health"
5959
_ "github.com/openshift/origin/test/extended/templates"
60+
_ "github.com/openshift/origin/test/extended/tls"
6061
_ "github.com/openshift/origin/test/extended/two_node"
6162
_ "github.com/openshift/origin/test/extended/user"
6263
_ "github.com/openshift/origin/test/extended/windows"

test/extended/tls/OWNERS

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
2+
3+
reviewers:
4+
- ricardomaraschini
5+
- ingvagabund
6+
- gangwgr
7+
- kaleemsiddiqu
8+
9+
approvers:
10+
- ricardomaraschini
11+
- ingvagabund
12+
- gangwgr
13+
- kaleemsiddiqu

0 commit comments

Comments
 (0)