fix(server): enforce listen-metrics-urls client TLS info when its scheme is https/unixs #18186
Conversation
Signed-off-by: Gyuho Lee <[email protected]>
|
Hi @gyuho. Thanks for your PR. I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files
... and 21 files with indirect coverage changes @@ Coverage Diff @@
## main #18186 +/- ##
==========================================
- Coverage 68.89% 68.86% -0.04%
==========================================
Files 416 416
Lines 35151 35157 +6
==========================================
- Hits 24218 24211 -7
- Misses 9521 9541 +20
+ Partials 1412 1405 -7 Continue to review full report in Codecov by Sentry.
|
Signed-off-by: Gyuho Lee <[email protected]>
gyuho
changed the title
gyuho
changed the title
gyuho
changed the title
|
/retest |
|
@gyuho: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
gyuho
changed the title
|
/ok-to-test |
Signed-off-by: Gyuho Lee <[email protected]>
|
/retest |
| _ = proc.Close() | ||
| }() | ||
|
|
||
| if err := e2e.WaitReadyExpectProc(context.TODO(), proc, []string{embed.ErrMissingClientTLSInfoForMetricsURL.Error()}); err != nil { |
There was a problem hiding this comment.
No need to fix it now as there are more config e2e tests with this problem, but it would be a nice followup.
In case that etcd doesn't produce the log, would be nice to test to exit after couple of seconds instead of waiting infinitely.
tests/e2e/etcd_config_test.go
Outdated
| if err := proc.Stop(); err != nil { | ||
| t.Error(err) | ||
| } | ||
| proc.Wait() // ensure the port has been released |
There was a problem hiding this comment.
Looked at other test, not all of them do this. Would be nice to have a consistent approach to shutting down proc.
There was a problem hiding this comment.
Haha, yes. Some archaic code base here :)
There was a problem hiding this comment.
Heh, we have been trying to clean it slowly up but we run out of steam.
|
cc @ahrtr |
tests/e2e/etcd_config_test.go
Outdated
| proc.Wait() // ensure the port has been released | ||
| _ = proc.Close() |
There was a problem hiding this comment.
Minor comment: proc.Wait() seems to be unnecessary, proc.Close() already calls ep.wg.Wait().
Lines 356 to 362 in c70e0e4
Signed-off-by: Gyuho Lee <[email protected]>
|
/retest |
|
/retest |
1 similar comment
|
/retest |
gyuho
deleted the
enforce-non-empty-client-tls-if-metrics-url-scheme-is-https
branch
|
/cherrypick release-3.5 |
|
@jmhbnz: #18186 failed to apply on top of branch "release-3.5": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
…s https/unixs Backports a657f06, 22f20a8, 497f1a4 and 3e86af6 from etcd-io#18186. Also backports required test util elements of 4c77726 from etcd-io#17661. Signed-off-by: James Blair <[email protected]>
…s https/unixs Backports a657f06, 22f20a8, 497f1a4 and 3e86af6 from etcd-io#18186. Also backports required test util elements of 4c77726 from etcd-io#17661. Signed-off-by: James Blair <[email protected]>
…s https/unixs Backports a657f06, 22f20a8, 497f1a4 and 3e86af6 from etcd-io#18186. Also backports required test util elements of 4c77726 from etcd-io#17661. Signed-off-by: James Blair <[email protected]>
…s https/unixs Backports a657f06, 22f20a8, 497f1a4 and 3e86af6 from etcd-io#18186. Also backports required test util elements of 4c77726 from etcd-io#17661. Signed-off-by: James Blair <[email protected]>
Otherwise, it will fail with
We should instead explicitly fail fast, with a clear error message.
Also, adding some documentation how to configure TLS for metrics URLs.
c.f., #8060