From 51aa7264b5f78f480d153099ecb69423957b143c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Mon, 9 Sep 2024 10:22:01 +0200 Subject: [PATCH 1/5] Debug flaky --- .../OpenShiftServingCertificatesIT.java | 29 ++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java index 317bbfe10..7022c5f13 100644 --- a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java +++ b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java @@ -3,7 +3,9 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; -import java.time.Duration; +import java.io.IOException; + +import jakarta.inject.Inject; import org.junit.jupiter.api.MethodOrderer; import org.junit.jupiter.api.Order; @@ -13,11 +15,12 @@ import io.quarkus.test.bootstrap.Protocol; import io.quarkus.test.bootstrap.RestService; +import io.quarkus.test.bootstrap.inject.OpenShiftClient; import io.quarkus.test.scenarios.OpenShiftScenario; import io.quarkus.test.services.Certificate; import io.quarkus.test.services.Certificate.ServingCertificates; import io.quarkus.test.services.QuarkusApplication; -import io.quarkus.test.utils.AwaitilityUtils; +import io.quarkus.test.utils.Command; import hero.Hero; import hero.HeroClient; @@ -39,6 +42,9 @@ public class OpenShiftServingCertificatesIT { private static final String HERO_CLIENT = "hero-client"; private static final String SERVER_TLS_CONFIG_NAME = "cert-serving-test-server"; + @Inject + static OpenShiftClient ocp; + @QuarkusApplication(ssl = true, certificates = @Certificate(tlsConfigName = SERVER_TLS_CONFIG_NAME, servingCertificates = { @ServingCertificates(addServiceCertificate = true) }), classes = { HeroResource.class, Hero.class, Villain.class, @@ -54,17 +60,24 @@ public class OpenShiftServingCertificatesIT { @Order(1) @Test public void testSecuredCommunicationBetweenClientAndServer() { + // REST client use OpenShift internal CA // server is configured with OpenShift serving certificates // ad "untilAsserted": we experienced unknown SAN, so to avoid flakiness I am adding here retry: - AwaitilityUtils.untilAsserted(() -> { + try { var hero = client.given().get("hero-client-resource").then().statusCode(200).extract().as(Hero.class); assertNotNull(hero); assertNotNull(hero.name()); assertTrue(hero.name().startsWith("Name-")); assertNotNull(hero.otherName()); assertTrue(hero.otherName().startsWith("Other-")); - }, AwaitilityUtils.AwaitilitySettings.usingTimeout(Duration.ofSeconds(50))); + } catch (Throwable t) { + // FIXME: debug only, don't merge this + runOcpCmd("oc", "get", "pod", "-o", "wide"); + ocp.podsInService(server).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); + ocp.podsInService(client).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); + throw t; + } } @Order(2) @@ -78,4 +91,12 @@ public void testConfiguredTlsProtocolEnforced() { client.logs().assertContains("Received fatal alert: protocol_version"); } + private static void runOcpCmd(String... commands) { + try { + new Command(commands).outputToConsole().runAndWait(); + } catch (IOException | InterruptedException e) { + throw new RuntimeException(e); + } + } + } From 94ef8f3baa1bfa12fcac343c400cff85e27cda57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Mon, 9 Sep 2024 17:54:41 +0200 Subject: [PATCH 2/5] wip2 --- .../src/test/java/hero/HeroClientResource.java | 14 ++++++++++++++ .../src/test/java/hero/HeroResource.java | 14 ++++++++++++++ .../reactive/OpenShiftServingCertificatesIT.java | 2 ++ 3 files changed, 30 insertions(+) diff --git a/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java b/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java index 726d96017..dc3cb358d 100644 --- a/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java +++ b/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java @@ -1,10 +1,14 @@ package hero; +import jakarta.enterprise.event.Observes; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; import org.eclipse.microprofile.rest.client.inject.RestClient; +import io.quarkus.runtime.StartupEvent; +import io.quarkus.tls.TlsConfigurationRegistry; + @Path("hero-client-resource") public class HeroClientResource { @@ -16,4 +20,14 @@ public Hero triggerClientToServerCommunication() { return heroClient.getRandomHero(); } + void observer(@Observes StartupEvent ev, TlsConfigurationRegistry registry) { + try { + var ts = registry.get("hero-client").get().getTrustStore(); + ts.aliases().asIterator().forEachRemaining(alias -> { + System.out.println("hero client alias is " + alias); + }); + } catch (Exception e) { + e.printStackTrace(); + } + } } diff --git a/http/rest-client-reactive/src/test/java/hero/HeroResource.java b/http/rest-client-reactive/src/test/java/hero/HeroResource.java index f1a51a7e2..e253c1adf 100644 --- a/http/rest-client-reactive/src/test/java/hero/HeroResource.java +++ b/http/rest-client-reactive/src/test/java/hero/HeroResource.java @@ -2,9 +2,13 @@ import java.util.random.RandomGenerator; +import jakarta.enterprise.event.Observes; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; +import io.quarkus.runtime.StartupEvent; +import io.quarkus.tls.TlsConfigurationRegistry; + @Path("/api/heroes/random") public class HeroResource { @@ -14,4 +18,14 @@ public Hero getRandomHero() { return new Hero(random, "Name-" + random, "Other-" + random, 1, "placeholder", "root"); } + void observer(@Observes StartupEvent ev, TlsConfigurationRegistry registry) { + try { + var ts = registry.get("cert-serving-test-server").get().getTrustStore(); + ts.aliases().asIterator().forEachRemaining(alias -> { + System.out.println("hero server alias is " + alias); + }); + } catch (Exception e) { + e.printStackTrace(); + } + } } diff --git a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java index 7022c5f13..3de21f97b 100644 --- a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java +++ b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java @@ -74,6 +74,8 @@ public void testSecuredCommunicationBetweenClientAndServer() { } catch (Throwable t) { // FIXME: debug only, don't merge this runOcpCmd("oc", "get", "pod", "-o", "wide"); + runOcpCmd("oc", "describe", "secret", "serving-certificates-secret"); + runOcpCmd("oc", "describe", "configmap", "ca-bundle-configmap"); ocp.podsInService(server).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); ocp.podsInService(client).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); throw t; From 1cc8ee447161febac7357c8b035fb0c239f07027 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Mon, 9 Sep 2024 20:03:45 +0200 Subject: [PATCH 3/5] wip3 --- .../http/restclient/reactive/OpenShiftServingCertificatesIT.java | 1 + 1 file changed, 1 insertion(+) diff --git a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java index 3de21f97b..9c55ca107 100644 --- a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java +++ b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java @@ -75,6 +75,7 @@ public void testSecuredCommunicationBetweenClientAndServer() { // FIXME: debug only, don't merge this runOcpCmd("oc", "get", "pod", "-o", "wide"); runOcpCmd("oc", "describe", "secret", "serving-certificates-secret"); + runOcpCmd("oc", "get", "secret", "mysecret", "-o", "yaml"); runOcpCmd("oc", "describe", "configmap", "ca-bundle-configmap"); ocp.podsInService(server).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); ocp.podsInService(client).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); From 928d20b57b7385f9e8aeb8dcbf642c9907aa078b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Mon, 9 Sep 2024 20:12:27 +0200 Subject: [PATCH 4/5] wip2 --- .../src/test/java/hero/HeroClientResource.java | 3 +++ .../src/test/java/hero/HeroResource.java | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java b/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java index dc3cb358d..93ad27a0a 100644 --- a/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java +++ b/http/rest-client-reactive/src/test/java/hero/HeroClientResource.java @@ -23,6 +23,9 @@ public Hero triggerClientToServerCommunication() { void observer(@Observes StartupEvent ev, TlsConfigurationRegistry registry) { try { var ts = registry.get("hero-client").get().getTrustStore(); + if (ts == null) { + System.out.println("ts is null..."); + } ts.aliases().asIterator().forEachRemaining(alias -> { System.out.println("hero client alias is " + alias); }); diff --git a/http/rest-client-reactive/src/test/java/hero/HeroResource.java b/http/rest-client-reactive/src/test/java/hero/HeroResource.java index e253c1adf..8d080c59b 100644 --- a/http/rest-client-reactive/src/test/java/hero/HeroResource.java +++ b/http/rest-client-reactive/src/test/java/hero/HeroResource.java @@ -20,8 +20,12 @@ public Hero getRandomHero() { void observer(@Observes StartupEvent ev, TlsConfigurationRegistry registry) { try { - var ts = registry.get("cert-serving-test-server").get().getTrustStore(); - ts.aliases().asIterator().forEachRemaining(alias -> { + var ks = registry.get("cert-serving-test-server").get().getKeyStore(); + if (ks == null) { + System.out.println("ks is null ............."); + return; + } + ks.aliases().asIterator().forEachRemaining(alias -> { System.out.println("hero server alias is " + alias); }); } catch (Exception e) { From 29c20110baaedd7106f74e789097c95c33edca99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= Date: Mon, 9 Sep 2024 20:15:37 +0200 Subject: [PATCH 5/5] wip4 --- .../restclient/reactive/OpenShiftServingCertificatesIT.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java index 9c55ca107..4b84207fe 100644 --- a/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java +++ b/http/rest-client-reactive/src/test/java/io/quarkus/ts/http/restclient/reactive/OpenShiftServingCertificatesIT.java @@ -75,7 +75,7 @@ public void testSecuredCommunicationBetweenClientAndServer() { // FIXME: debug only, don't merge this runOcpCmd("oc", "get", "pod", "-o", "wide"); runOcpCmd("oc", "describe", "secret", "serving-certificates-secret"); - runOcpCmd("oc", "get", "secret", "mysecret", "-o", "yaml"); + runOcpCmd("oc", "get", "secret", "serving-certificates-secret", "-o", "yaml"); runOcpCmd("oc", "describe", "configmap", "ca-bundle-configmap"); ocp.podsInService(server).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName())); ocp.podsInService(client).forEach(pod -> runOcpCmd("oc", "describe", "pod", pod.getMetadata().getName()));