Skip to content

Remove curl usage from test cmd to prevent cert flakes #18710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Remove curl usage from test cmd to prevent cert flakes #18710

wants to merge 1 commit into from

Conversation

enj
Copy link
Contributor

@enj enj commented Feb 22, 2018

curl + nssdb have started to flake with

curl: (35) You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.

after 266aa46 was merged. This change replaces curl with wget until we can figure out how to correctly handle these cert issues.

Signed-off-by: Monis Khan [email protected]

/kind bug
/assign @smarterclayton @stevekuznetsov

@openshift/sig-security

@mrogers950 can you figure out a better solution for this?

@enj
Remove curl usage from test cmd to prevent cert flakes
f337498 
curl + nssdb have started to flake with

curl: (35) You are attempting to import a cert with the same
issuer/serial as an existing cert, but that is not the same cert.

after 266aa46 was merged.  This
change replaces curl with wget until we can figure out how to
correctly handle these cert issues.

Signed-off-by: Monis Khan <[email protected]>
@openshift-ci-robot openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. sig/security labels Feb 22, 2018
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Feb 22, 2018
@enj
Copy link
Contributor Author

enj commented Feb 22, 2018

See https://openshift-gce-devel.appspot.com//build/origin-ci-test/pr-logs/pull/18634/test_pull_request_origin_cmd/10416/ and https://openshift-gce-devel.appspot.com//build/origin-ci-test/pr-logs/pull/18634/test_pull_request_origin_cmd/10416/ as examples.

@liggitt
Copy link
Contributor

liggitt commented Feb 22, 2018

Seems like reverting that PR would be a better response.

@liggitt liggitt closed this Feb 22, 2018
@liggitt liggitt reopened this Feb 22, 2018
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 22, 2018
edited
Loading

@enj: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
ci/openshift-jenkins/extended_networking_minimal f337498 link /test extended_networking_minimal

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@enj enj mentioned this pull request Feb 22, 2018
Merged
@enj
Copy link
Contributor Author

enj commented Feb 22, 2018

Superseded by #18713

@enj enj closed this Feb 22, 2018
openshift-merge-robot added a commit that referenced this pull request Feb 24, 2018
@openshift-merge-robot
Merge pull request #18713 from enj/enj/i/serial_file_start
d2bd543 
Automatic merge from submit-queue.

Guarantee that SerialFileGenerator starts at 2

This changes makes it so that SerialFileGenerator never returns a value less than 2 for a call to Next.  This guarantees that certificates generated using it do not have a serial number that conflicts with the CA's serial number of 1.  This behavior was lost in 266aa46.

Signed-off-by: Monis Khan <[email protected]>

/kind bug
/assign @liggitt

Supersedes #18710

@openshift/sig-security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danwinship danwinship Awaiting requested review from danwinship

@juanvallejo juanvallejo Awaiting requested review from juanvallejo

Assignees

@smarterclayton smarterclayton

@stevekuznetsov stevekuznetsov

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. sig/security size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@enj @openshift-ci-robot @liggitt @smarterclayton @stevekuznetsov