Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: allow insecure clusters #800

Merged
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion testsupport/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/codeready-toolchain/toolchain-e2e/testsupport/wait"
"github.com/stretchr/testify/assert"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
"k8s.io/kubectl/pkg/scheme"

openshiftappsv1 "github.com/openshift/api/apps/v1"
Expand Down Expand Up @@ -53,7 +54,12 @@ func WaitForDeployments(t *testing.T) wait.Awaitilities {

apiConfig, err := clientcmd.NewDefaultClientConfigLoadingRules().Load()
require.NoError(t, err)
kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
configOverrides := clientcmd.ConfigOverrides{
ClusterDefaults: api.Cluster{
InsecureSkipTLSVerify: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to make this an option we can pass make instead of hardcoding to true? What if we want to test security?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

It seems that disabling the TLSVerify doesn't work on openshift CI at least. If this configuration works on your cluster then maybe we could introduce an env variable to optionally turn it off?

Something like:

make test-e2e DISABLE_KUBE_CLIENT_TLS_VERIFY=true

and keep the tls verification on by default, as it is now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the review. I implemented this in 96535fb. Do you have any suggestion on a better place where to fetch the env variable?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Extracting the config logic builder into a function is what I was thinking as well! 👍

Should we add few lines to document this new variable, maybe adding a know issues/workarounds section here: https://github.com/codeready-toolchain/toolchain-e2e/blob/master/CRC.adoc
reporting the tls failure and the workaround of using this env variable ?

If it's not specific to CRC maybe we could add this new section in the main README.

WDYT?

Copy link
Contributor Author

@filariow filariow Sep 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the idea, let me work on this! 👍🏾
It's not related to CRC, so I'll go for the README change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mfrancisc I've added a note in the README's Running End-to-End Tests. WDYT?

},
}
kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &configOverrides).ClientConfig()
require.NoError(t, err)

cl, err := client.New(kubeconfig, client.Options{
Expand Down
7 changes: 6 additions & 1 deletion testsupport/space/spacerequest.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,12 @@ func newKubeClientFromSecret(t *testing.T, cl client.Client, secretName, secretN
require.False(t, api.IsConfigEmpty(apiConfig))

// create a new client with the given kubeconfig
kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
configOverrides := clientcmd.ConfigOverrides{
ClusterDefaults: api.Cluster{
InsecureSkipTLSVerify: true,
},
}
kubeconfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &configOverrides).ClientConfig()
require.NoError(t, err)
s := scheme.Scheme
builder := append(runtime.SchemeBuilder{},
Expand Down
8 changes: 7 additions & 1 deletion testsupport/wait/host.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
"k8s.io/kubectl/pkg/scheme"
"sigs.k8s.io/controller-runtime/pkg/client"
)
Expand Down Expand Up @@ -1664,7 +1665,12 @@ func (a *HostAwaitility) GetHostOperatorPod() (corev1.Pod, error) {
func (a *HostAwaitility) CreateAPIProxyConfig(t *testing.T, usertoken, proxyURL string) *rest.Config {
apiConfig, err := clientcmd.NewDefaultClientConfigLoadingRules().Load()
require.NoError(t, err)
defaultConfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &clientcmd.ConfigOverrides{}).ClientConfig()
configOverrides := clientcmd.ConfigOverrides{
ClusterDefaults: api.Cluster{
InsecureSkipTLSVerify: true,
},
}
defaultConfig, err := clientcmd.NewDefaultClientConfig(*apiConfig, &configOverrides).ClientConfig()
require.NoError(t, err)

return &rest.Config{
Expand Down
Loading