Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix PEM certificate generation and mounting in OpenShift #1123

Merged

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented May 9, 2024

Summary

Fixes:

  • PEM NPE in OCP: I have fixes in Quarkus QE Test Suite that requires FIPS-compatible PEM certificates. However right now the certificate library we use to generation returns path to the some-prefix-server-ca.crt even though it doesn't exist and so mounting in OpenShift fails over missing file.
  • PEM cert and key mounting: private key and certificates are not mounted for us. This fixes that issue.
  • scope of certificate config properties: I mentioned that when tests share same base class as Vert.x JWT tests do, all previously generated certs are mounted to OCP because the scope of properties set via io.quarkus.test.bootstrap.BaseService#withProperty(java.lang.String, java.lang.String) is all the tests of all test classes (AKA RestService is stored in a static field). This PR avoids mounting of certs from previous tests.

Here are tests quarkus-qe/quarkus-test-suite@774d6d0 I run both baremetal (in FIPS) and OpenShift tests with this change and they pass.

Please check the relevant options

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Dependency update
  • Refactoring
  • Breaking change (fix or feature that would cause existing functionality to change)
  • This change requires a documentation update
  • This change requires execution against OCP (use run tests phrase in comment)

Checklist:

  • Example scenarios has been updated / added
  • Methods and classes used in PR scenarios are meaningful
  • Commits are well encapsulated and follow the best practices

@michalvavrik michalvavrik added the triage/backport-1.4? Quarkus 3.8 stream label May 9, 2024
@michalvavrik michalvavrik force-pushed the feature/main-fix-pem-cert-mounting branch from 8c09e30 to 12b08e4 Compare May 9, 2024 22:50
@michalvavrik
Copy link
Member Author

run tests

@michalvavrik michalvavrik requested a review from mjurc May 10, 2024 08:07
@michalvavrik
Copy link
Member Author

@mjurc Run OpenShift Tests in JVM is notoriously unstable these days, I personally run it more than 10 times this week in various PRs (see the job history) and it often fails over Jenkins job failure:

FATAL: command execution failed
java.io.EOFException
	at java.base/java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2911)

Not sure what is going on there, but considering the native job succeeds I think this PR is alright. Even though I retriggered it manually, I wouldn't wait.

Copy link
Member

@mjurc mjurc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update.

@mjurc mjurc merged commit 4001100 into quarkus-qe:main May 10, 2024
9 of 10 checks passed
@michalvavrik michalvavrik mentioned this pull request May 10, 2024
11 tasks
@michalvavrik michalvavrik deleted the feature/main-fix-pem-cert-mounting branch May 10, 2024 13:06
@michalvavrik michalvavrik removed the triage/backport-1.4? Quarkus 3.8 stream label May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants