OCPBUGS-29373: test/extended/router/http2: Use unique certs #28757
Conversation
Use a unique certificate for each route in the "The HAProxy router should pass the http2 tests" extended test. To fix OCPBUGS-29373, OpenShift router will be changed to configure HAProxy not to negotiate HTTP/2 with TLS ALPN for routes that share certificates. This change in the router causes the aforesaid extended test to fail because it uses the same certificate for two test routes that are used to verify HTTP/2 compliance. After this commit, the extended tests should pass with the router change. This commit is related to OCPBUGS-29373. https://issues.redhat.com/browse/OCPBUGS-29373 * test/extended/router/http2.go: Generate and use a unique certificate-key pair for each route.
openshift-ci-robot
added
jira/severity-critical
|
@Miciah: This pull request references Jira Issue OCPBUGS-29373, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
approved
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: frobware, Miciah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold Revision 1f14f77 was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
@Miciah: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Job Failure Risk Analysis for sha: 1f14f77
|
openshift-merge-bot
bot
merged commit e4b8310
into
openshift:master
|
@Miciah: Jira Issue OCPBUGS-29373: Some pull requests linked via external trackers have merged: The following pull requests linked via external trackers have not merged:
These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with Jira Issue OCPBUGS-29373 has not been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build openshift-enterprise-tests-container-v4.17.0-202405022319.p0.ge4b8310.assembly.stream.el9 for distgit openshift-enterprise-tests. |
|
Fix included in accepted release 4.16.0-0.nightly-2024-05-04-214435 |
Use a unique certificate for each route in the "The HAProxy router should pass the http2 tests" extended test.
To fix OCPBUGS-29373, OpenShift router will be changed to configure HAProxy not to negotiate HTTP/2 with TLS ALPN for routes that share certificates. This change in the router causes the aforesaid extended test to fail because it uses the same certificate for two test routes that are used to verify HTTP/2 compliance.
After this PR, the extended tests should pass with the router change.