dynatrace-operator
dynatrace-operator copied to clipboard
Published
20 hours ago •
Dynatrace
Dynatrace
Add e2e tests for custom truststore
Description
Adds e2e tests to verify propagation of trustedCAs certificates and ActiveGate certificate to OneAgent pods, ActiveGate and injected OneAgents.
All custom truststore specific tests are based on existing cloudnative.WithProxy* features. There is no point in duplicating running time.
How can this be tested?
make test/e2e/istio
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 58.68%. Comparing base (
75cea33) to head (0e95586).
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@ Coverage Diff @@
## main #3023 +/- ##
=======================================
Coverage 58.68% 58.68%
=======================================
Files 325 325
Lines 18053 18053
=======================================
Hits 10595 10595
Misses 6284 6284
Partials 1174 1174
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Getting some errors on my local cluster... Maybe try running the E2E test via github action? so they run in FLC environments. If they fail there, there's definitely an issue. And remember to rebase with main before doing it
~/develop/dynatrace-operator on feature/truststore-e2e-test ················································· at 14:24:18
❯ make test/e2e/istio
go install "sigs.k8s.io/kustomize/kustomize/[email protected]"
go install "sigs.k8s.io/controller-tools/cmd/[email protected]"
/home/alberto/go/bin/controller-gen "crd:crdVersions=v1" paths="./..." output:crd:artifacts:config=config/crd/bases
./hack/helm/generate-crd.sh /home/alberto/go/bin/kustomize config/helm/chart/default//templates//Common/crd/ config/deploy/
go test -v -tags "osusergo,netgo,sqlite_omit_load_extension,e2e," -timeout 200m -count=1 ./test/scenarios/istio -args
{"level":"info","logLevel":"info","msg":"logging level","ts":"2024-04-25T14:24:25.165+0200"}
=== RUN TestIstio
default.go:58: istio enabled: true
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/restrict_csi-driver
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/create_sample_namespace
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/created_tenant_secret
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/'dynakube'_dynakube_created
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/oneagent_started
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/'dynakube'_dynakube_phase_changes_to_'Running'
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/install_sample-apps
=== RUN TestIstio/cloudnative_resilience_in_case_of_network_problems/check_for_dummy_volume
network_problems.go:104:
Error Trace: /home/alberto/develop/dynatrace-operator/test/features/cloudnative/network_problems/network_problems.go:104
/home/alberto/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/loop.go:87
/home/alberto/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/loop.go:88
/home/alberto/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/poll.go:33
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/klient/wait/wait.go:106
/home/alberto/develop/dynatrace-operator/test/features/cloudnative/network_problems/network_problems.go:100
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
client rate limiter Wait returned an error: context deadline exceeded
Test: TestIstio/cloudnative_resilience_in_case_of_network_problems/check_for_dummy_volume
=== RUN TestIstio/activegate
=== RUN TestIstio/activegate/install_proxy
I0425 14:29:50.680769 244743 warning_handler.go:65] "addresses are required for ports serving TCP (or unset) protocol" logger="KubeAPIWarningLogger"
=== RUN TestIstio/activegate/proxy_started
=== RUN TestIstio/activegate/proxy_ready
=== RUN TestIstio/activegate/cut_off_dynatrace_namespace
=== RUN TestIstio/activegate/ingress_-_query_namespace
=== RUN TestIstio/activegate/ingress_-_namespace_is_cutoff
=== RUN TestIstio/activegate/egress_-_query_namespace
=== RUN TestIstio/activegate/egress_-_namespace_is_cutoff
=== RUN TestIstio/activegate/created_tenant_secret
=== RUN TestIstio/activegate/'dynakube'_dynakube_created
I0425 14:30:12.311934 244743 warning_handler.go:65] "ActiveGate specification missing memory limits. Can cause excess memory usage." logger="KubeAPIWarningLogger"
=== RUN TestIstio/activegate/'dynakube'_dynakube_phase_changes_to_'Running'
dynakube.go:80:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/components/dynakube/dynakube.go:80
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
context deadline exceeded
Test: TestIstio/activegate/'dynakube'_dynakube_phase_changes_to_'Running'
=== RUN TestIstio/activegate/ActiveGate_started
wait.go:35:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/kubeobjects/statefulset/wait.go:35
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
context deadline exceeded
Test: TestIstio/activegate/ActiveGate_started
=== RUN TestIstio/activegate/ActiveGate_has_required_containers
activegate.go:114:
Error Trace: /home/alberto/develop/dynatrace-operator/test/features/activegate/activegate.go:114
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
pods "dynakube-activegate-0" not found
Test: TestIstio/activegate/ActiveGate_has_required_containers
=== RUN TestIstio/activegate/ActiveGate_modules_are_active
logs.go:22:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/logs/logs.go:22
/home/alberto/develop/dynatrace-operator/test/helpers/components/activegate/installation.go:35
/home/alberto/develop/dynatrace-operator/test/features/activegate/activegate.go:129
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
pods "dynakube-activegate-0" not found
Test: TestIstio/activegate/ActiveGate_modules_are_active
=== RUN TestIstio/activegate/ActiveGate_uses_proxy
logs.go:22:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/logs/logs.go:22
/home/alberto/develop/dynatrace-operator/test/helpers/components/activegate/installation.go:35
/home/alberto/develop/dynatrace-operator/test/features/activegate/activegate.go:138
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
pods "dynakube-activegate-0" not found
Test: TestIstio/activegate/ActiveGate_uses_proxy
=== RUN TestIstio/activegate/ActiveGate_containers_have_mount_points
activegate.go:150:
Error Trace: /home/alberto/develop/dynatrace-operator/test/features/activegate/activegate.go:150
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
pods "dynakube-activegate-0" not found
Test: TestIstio/activegate/ActiveGate_containers_have_mount_points
=== RUN TestIstio/activegate/creating_https_curl_pod_for_activeGate
=== RUN TestIstio/activegate/waiting_for_https_curl_pod_for_activeGate
=== RUN TestIstio/activegate/checking_https_curl_pod_for_activeGate
logs.go:45:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/logs/logs.go:45
/home/alberto/develop/dynatrace-operator/test/features/activegate/curl.go:79
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: "* Uses proxy env variable https_proxy == 'http://squid.proxy.svc.cluster.local:3128'\n % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host squid.proxy.svc.cluster.local:3128 was resolved.\n* IPv6: (none)\n* IPv4: 10.100.2.26\n* Trying 10.100.2.26:3128...\n* Connected to squid.proxy.svc.cluster.local (10.100.2.26) port 3128\n* CONNECT tunnel: HTTP/1.1 negotiated\n* allocate connect buffer\n* Establish HTTP proxy tunnel to dynakube-activegate.dynatrace.svc.cluster.local:443\n> CONNECT dynakube-activegate.dynatrace.svc.cluster.local:443 HTTP/1.1\n> Host: dynakube-activegate.dynatrace.svc.cluster.local:443\n> User-Agent: curl/8.7.1\n> Proxy-Connection: Keep-Alive\n> \n< HTTP/1.1 200 Connection established\n< \n* CONNECT phase completed\n* CONNECT tunnel established, response 200\n* ALPN: curl offers h2,http/1.1\n} [5 bytes data]\n* TLSv1.3 (OUT), TLS handshake, Client hello (1):\n} [512 bytes data]\n* TLSv1.3 (IN), TLS handshake, Server hello (2):\n{ [122 bytes data]\n* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):\n{ [6 bytes data]\n* TLSv1.3 (IN), TLS handshake, Certificate (11):\n{ [1744 bytes data]\n* TLSv1.3 (IN), TLS handshake, CERT verify (15):\n{ [264 bytes data]\n* TLSv1.3 (IN), TLS handshake, Finished (20):\n{ [52 bytes data]\n* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):\n} [1 bytes data]\n* TLSv1.3 (OUT), TLS handshake, Finished (20):\n} [52 bytes data]\n* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS\n* ALPN: server did not agree on a protocol. Uses default.\n* Server certificate:\n* subject: CN=dynakube-activegate.dynatrace.svc.cluster.local\n* start date: Aug 7 13:53:20 2023 GMT\n* expire date: Aug 6 13:53:20 2024 GMT\n* issuer: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd\n* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.\n* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption\n* using HTTP/1.x\n} [5 bytes data]\n> GET /rest/state HTTP/1.1\n> Host: dynakube-activegate.dynatrace.svc.cluster.local\n> User-Agent: curl/8.7.1\n> Accept: */*\n> \n* Request completely sent off\n{ [5 bytes data]\n* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):\n{ [233 bytes data]\n* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):\n{ [233 bytes data]\n* old SSL session ID is stale, removing\n{ [5 bytes data]\n<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">\n<html><head>\n<meta type=\"copyright\" content=\"Copyright (C) 1996-2023 The Squid Software Foundation and contributors\">\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n<title>ERROR: The requested URL could not be retrieved</title>\n<style type=\"text/css\"><!-- \n /*\n * Copyright (C) 1996-2023 The Squid Software Foundation and contributors\n *\n * Squid software is distributed under GPLv2+ license and includes\n * contributions from numerous individuals and organizations.\n * Please see the COPYING and CONTRIBUTORS files for details.\n */\n\n/*\n Stylesheet for Squid Error pages\n Adapted from design by Free CSS Templates\n http://www.freecsstemplates.org\n Released for free under a Creative Commons Attribution 2.5 License\n*/\n\n/* Page basics */\n* {\n\tfont-family: verdana, sans-serif;\n}\n\nhtml body {\n\tmargin: 0;\n\tpadding: 0;\n\tbackground: #efefef;\n\tfont-size: 12px;\n\tcolor: #1e1e1e;\n}\n\n/* Page displayed title area */\n#titles {\n\tmargin-left: 15px;\n\tpadding: 10px;\n\tpadding-left: 100px;\n\tbackground: url('/squid-internal-static/icons/SN.png') no-repeat left;\n}\n\n/* initial title */\n#titles h1 {\n\tcolor: #000000;\n}\n#titles h2 {\n\tcolor: #000000;\n}\n\n/* special event: FTP success page titles */\n#titles ftpsuccess {\n\tbackground-color:#00ff00;\n\twidth:100%;\n}\n\n/* Page displayed body content area */\n#content {\n\tpadding: 10px;\n\tbackground: #ffffff;\n}\n\n/* General text */\np {\n}\n\n/* error brief description */\n#error p {\n}\n\n/* some data which may have caused the problem */\n#data {\n}\n\n/* the error message received from the system or other software */\n#sysmsg {\n}\n\npre {\n}\n\n/* special event: FTP directory listing */\n#dirmsg {\n font-family: courier, monospace;\n color: black;\n font-size: 10pt;\n}\n#dirlisting {\n margin-left: 2%;\n margin-right: 2%;\n}\n#dirlisting tr.entry td.icon,td.filename,td.size,td.date {\n border-bottom: groove;\n}\n#dirlisting td.size {\n width: 50px;\n text-align: right;\n padding-right: 5px;\n}\n\n/* horizontal lines */\nhr {\n\tmargin: 0;\n}\n\n/* page displayed footer area */\n#footer {\n\tfont-size: 9px;\n\tpadding-left: 10px;\n}\n\n\nbody\n:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }\n:lang(he) { direction: rtl; }\n --></style>\n</head><body id=ERR_DNS_FAIL>\n<div id=\"titles\">\n<h1>ERROR</h1>\n<h2>The requested URL could not be retrieved</h2>\n</div>\n<hr>\n\n<div id=\"content\">\n<p>The following error was encountered while trying to retrieve the URL: <a href=\"https://dynakube-activegate.dynatrace.svc.cluster.local/*\">https://dynakube-activegate.dynatrace.svc.cluster.local/*</a></p>\n\n<blockquote id=\"error\">\n<p><b>Unable to determine IP address from host name <q>dynakube-activegate.dynatrace.svc.cluster.local</q></b></p>\n</blockquote>\n\n<p>The DNS server returned:</p>\n<blockquote id=\"data\">\n<pre>Name Error: The domain name does not exist.</pre>\n</blockquote>\n\n<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>\n\n<p>Your cache administrator is <a href=\"mailto:webmaster?subject=CacheErrorInfo%20-%20ERR_DNS_FAIL&body=CacheHost%3A%20squid-d757584f6-2rgcs%0D%0AErrPage%3A%20ERR_DNS_FAIL%0D%0AErr%3A%20%5Bnone%5D%0D%0ADNS%20ErrMsg%3A%20Name%20Error%3A%20The%20domain%20name%20does%20not%20exist.%0D%0ATimeStamp%3A%20Thu,%2025%20Apr%202024%2012%3A45%3A13%20GMT%0D%0A%0D%0AClientIP%3A%2010.96.2.41%0D%0A%0D%0AHTTP%20Request%3A%0D%0ACONNECT%20%20HTTP%2F1.1%0AHost%3A%20dynakube-activegate.dynatrace.svc.cluster.local%3A443%0D%0AUser-Agent%3A%20curl%2F8.7.1%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0A%0D%0A%0D%0A\">webmaster</a>.</p>\n<br>\n</div>\n\n<hr>\n<div id=\"footer\">\n<p>Generated Thu, 25 Apr 2024 12:45:13 GMT by squid-d757584f6-2rgcs (squid/6.5)</p>\n<!-- ERR_DNS_FAIL -->\n</div>\n</body></html>\n< HTTP/1.1 503 Service Unavailable\n< Server: squid/6.5\n< Mime-Version: 1.0\n< Date: Thu, 25 Apr 2024 12:45:13 GMT\n< Content-Type: text/html;charset=utf-8\n< Content-Length: 3851\n< X-Squid-Error: ERR_DNS_FAIL 0\n< Vary: Accept-Language\n< Content-Language: en\n< Cache-Status: squid-d757584f6-2rgcs\n< Via: 1.1 squid-d757584f6-2rgcs (squid/6.5)\n< Connection: close\n< \n{ [3851 bytes data]\n\r100 3851 100 3851 0 0 102k 0 --:--:-- --:--:-- --:--:-- 104k\n* Closing connection\n{ [5 bytes data]\n* TLSv1.3 (IN), TLS alert, close notify (256):\n{ [2 bytes data]\n" does not contain "RUNNING"
Test: TestIstio/activegate/checking_https_curl_pod_for_activeGate
=== RUN TestIstio/activegate/creating_http_curl_pod_for_activeGate
=== RUN TestIstio/activegate/waiting_for_http_curl_pod_for_activeGate
=== RUN TestIstio/activegate/checking_http_curl_pod_for_activeGate
logs.go:45:
Error Trace: /home/alberto/develop/dynatrace-operator/test/helpers/logs/logs.go:45
/home/alberto/develop/dynatrace-operator/test/features/activegate/curl.go:79
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: dynakube-activegate.dynatrace.svc.cluster.local\n* Closing connection\ncurl: (6) Could not resolve host: dynakube-activegate.dynatrace.svc.cluster.local\n" does not contain "RUNNING"
Test: TestIstio/activegate/checking_http_curl_pod_for_activeGate
=== RUN TestIstio/activegate/ActiveGate_ro_filesystem
activegate.go:255:
Error Trace: /home/alberto/develop/dynatrace-operator/test/features/activegate/activegate.go:255
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:428
/home/alberto/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/env/env.go:466
Error: Received unexpected error:
pods "dynakube-activegate-0" not found
Test: TestIstio/activegate/ActiveGate_ro_filesystem
=== RUN TestIstio/cloudnative_default_installation
=== RUN TestIstio/cloudnative_default_installation/create_sample_namespace
=== RUN TestIstio/cloudnative_default_installation/created_tenant_secret
=== RUN TestIstio/cloudnative_default_installation/'dynakube'_dynakube_created
=== RUN TestIstio/cloudnative_default_installation/oneagent_started
OpenShift Cluster FAILED
The custom truststore tests not executed:
=== SKIP: test/scenarios/istio TestIstio (0.03s)
default.go:58: istio enabled: true
install.go:44: skipping istio test, istio namespace is not present
Error is unrelated to TestIstio:
=== FAIL: test/scenarios/release TestRelease/upgrade_a_cloudnative_installation (677.54s)
--- FAIL: TestRelease/upgrade_a_cloudnative_installation (677.54s)