Skip to content

USHIFT-5775: TLS config RF test: skip cipher if not available #4939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 21, 2025
Merged

USHIFT-5775: TLS config RF test: skip cipher if not available #4939

merged 2 commits into from
May 21, 2025

Conversation

agullon
Copy link
Contributor

@agullon agullon commented May 20, 2025
edited
Loading

Added a condition to skip checking a cipher when it's not available, for example, when FIPS mode is enabled.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 20, 2025
@openshift-ci-robot
Copy link

@agullon: This pull request explicitly references no jira issue.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from ggiguash and jerpeter1 May 20, 2025 15:37
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 20, 2025
@agullon agullon changed the title NO-ISSUE: skip cipher check if not available in ssl list USHIFT-5775: TLS config RF test: skip cipher if not available May 21, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented May 21, 2025
edited by openshift-ci bot
Loading

@agullon: This pull request references USHIFT-5775 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.20.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot
Copy link

openshift-ci-robot commented May 21, 2025
edited by openshift-ci bot
Loading

@agullon: This pull request references USHIFT-5775 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.20.0" version, but no target version was set.

In response to this:

Added a condition to skip checking a cipher when it's not available, for example, when FIPS mode is enabled.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

pacevedom
pacevedom reviewed May 21, 2025
View reviewed changes
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 21, 2025

@agullon: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

pacevedom
pacevedom approved these changes May 21, 2025
View reviewed changes
Copy link
Contributor

@pacevedom pacevedom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/hold
Just one nit, held in case you want to do it. If not we can always do it later as its not critical and we are a bit tight on schedule.

test/suites/standard2/tls-configuration.robot
@@ -155,15 +155,20 @@ Restore Valid TLS Configuration

Openssl Connect Command
[Documentation] Run Openssl Connect Command in the remote server
[Arguments] ${host_and_port} ${args}
[Arguments] ${host_and_port} ${args} ${expected_rc} ${expected_str}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: If you default expected_str to empty string then you shouldnt need the IF below, right? Would also wouldnt require some string regardless of the rc when you call it (like in 194 below).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't remove the IF because it's needed to validate the cipher under tests is in the stdout of the openssl command. See this line: https://github.com/openshift/microshift/pull/4939/files#diff-af253f15d1596775b3ca9cf4154438c05a0007533c49259a222eb7f9d4adc9aaR184

Furthermore, I'm happy to set the default value of ${expected_str} to an empty string, but I prefer to be not use default values on testing functions to force user to configure everything making sure what is being tested.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 21, 2025
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 21, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 21, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: agullon, pacevedom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@agullon
Copy link
Contributor Author

agullon commented May 21, 2025

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 21, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit 450a853 into openshift:main May 21, 2025
9 checks passed
@agullon
Copy link
Contributor Author

agullon commented May 21, 2025

/cherrypick release-4.19

@openshift-cherrypick-robot
Copy link

@agullon: #4939 failed to apply on top of branch "release-4.19":

Applying: feature: skip cipher check if not available in ssl list
Using index info to reconstruct a base tree...
A	test/suites/standard2/tls-configuration.robot
Falling back to patching base and 3-way merge...
CONFLICT (modify/delete): test/suites/standard2/tls-configuration.robot deleted in HEAD and modified in feature: skip cipher check if not available in ssl list. Version feature: skip cipher check if not available in ssl list of test/suites/standard2/tls-configuration.robot left in tree.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 feature: skip cipher check if not available in ssl list

In response to this:

/cherrypick release-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@agullon agullon mentioned this pull request May 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ggiguash ggiguash Awaiting requested review from ggiguash

@jerpeter1 jerpeter1 Awaiting requested review from jerpeter1

1 more reviewer

@pacevedom pacevedom pacevedom approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@pacevedom pacevedom

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@agullon @openshift-ci-robot @openshift-cherrypick-robot @pacevedom