Add tests to the TLS certificate reload #38820
Conversation
quarkus-bot
bot
added
area/dependencies
This comment has been minimized.
This comment has been minimized.
|
🙈 The PR is closed and the preview is expired. |
This comment has been minimized.
This comment has been minimized.
|
Ok... I broke everything :-). Will have a look Monday. |
|
@cescoffier Sorry, also missed the review request, it looks promising in any case 👍 |
cescoffier
force-pushed
the
cert-reloading-test
branch
from
8987e84 to
63b33dd
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
cescoffier
force-pushed
the
cert-reloading-test
branch
from
63b33dd to
1107268
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
- for both the primary and management server - also update the docs
cescoffier
force-pushed
the
cert-reloading-test
branch
from
1107268 to
fd46a61
Compare
Status for workflow
|
Status for workflow
|
| Status | Name | Step | Failures | Logs | Raw logs | Build scan |
|---|---|---|---|---|---|---|
| ✖ | Native Tests - Data5 | Build |
Failures | Logs | Raw logs | 🚧 |
Full information is available in the Build summary check run.
Failures
⚙️ Native Tests - Data5 #
- Failing: integration-tests/jpa-postgresql-withxml
📦 integration-tests/jpa-postgresql-withxml
✖ io.quarkus.it.jpa.postgresql.ImageMetricsITCase.verifyImageMetrics line 15 - History - More details - Source on GitHub
org.opentest4j.AssertionFailedError: Expected analysis_results.fields.reflection to be within range [163 +- 3%] but was 168 ==> expected: <true> but was: <false>
at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
at org.junit.jupiter.api.AssertTrue.failNotTrue(AssertTrue.java:63)
at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:36)
at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:214)
at io.quarkus.test.junit.nativeimage.NativeBuildOutputExtension.assertValueWithinRange(NativeBuildOutputExtension.java:90)
at io.quarkus.test.junit.nativeimage.NativeBuildOutputExtension.lambda$verifyImageMetrics$0(NativeBuildOutputExtension.java:66)
|
@sberyozkin Fixed! Your review would be much appreciated. The goal is to use this technique to avoid hand-crafted certificates. Here, it's slightly more complicated as I'm testing the hot reload, which means I need two sets of certificates: the initial certificate and the one triggering the reload. In the other case, we should have only one. Also, while adding that feature to the REST client, we discovered that the REST client did not support PEMs and P12 (getting fixed right now), and the trust store format needs to be completed. It is the case with gRPC, too. Because creating certificates was painful, I can understand why it was not adequately tested. So, a consequence would be the addition of more certificate formats in various extensions. |
| <dependency> | ||
| <groupId>me.escoffier.certs</groupId> | ||
| <artifactId>certificate-generator-junit5</artifactId> | ||
| <version>0.3.0</version> | ||
| </dependency> |
There was a problem hiding this comment.
@cescoffier I don't think this should be in the BOM. I would move it to the build-parent.
There was a problem hiding this comment.
Ok, I will do that in my next PR about kafka TLS support (which as I needed to fix something in the junit5 extension)
This PR uses the new certificate generator utility.
Once in, we will be able to remove all the hand-crafted certificates.