br: add option to test encryption for all br int tests #56434
Conversation
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
ti-chi-bot
bot
added
release-note-none
|
Hi @Tristan1900. Thanks for your PR. PRs from untrusted users cannot be marked as trusted with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/hold |
ti-chi-bot
bot
added
the
do-not-merge/hold
|
/ok-to-test |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #56434 +/- ##
=================================================
- Coverage 73.3650% 57.7578% -15.6072%
=================================================
Files 1624 1777 +153
Lines 448069 647600 +199531
=================================================
+ Hits 328726 374040 +45314
- Misses 99206 248479 +149273
- Partials 20137 25081 +4944
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
ti-chi-bot
bot
added
size/M
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
|
/retest |
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
ti-chi-bot
bot
added
size/XL
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
br/tests/utils.go
Outdated
| ) | ||
|
|
||
| func main() { | ||
| if len(os.Args) < 2 { |
There was a problem hiding this comment.
You may use cobra.Command instead of manually parse the command.
br/tests/utils.go
Outdated
| storagePath := "" | ||
|
|
||
| for i, arg := range args { | ||
| if arg == "backup" || arg == "restore" { |
There was a problem hiding this comment.
Perhaps verifying backup is enough? As restore in fact contributes nothing to the files to be checked.
There was a problem hiding this comment.
I should add a comment for the code here.
For the full backup we can check the storage encryption status once the command is complete since it's a blocking call, but for log backup I believe we need some extra logic to wait for it to generate some files. So my approach is to verify log backup files before doing restore, making sure the files are actually encrypted. Let me know what you think!
br/tests/utils.go
Outdated
| if arg == "backup" || arg == "restore" { | ||
| hasBackupOrRestore = true | ||
| } | ||
| if arg == "-s" && i+1 < len(args) && strings.HasPrefix(args[i+1], "local://") { |
There was a problem hiding this comment.
Maybe also handle --storage?
There was a problem hiding this comment.
ah good call, all the tests are using -s so I thought that's the command.
tests/_utils/run_br
Outdated
| @@ -20,4 +20,4 @@ br.test -test.coverprofile="$COV_DIR/cov.$TEST_NAME.$$.out.log" DEVEL "$@" \ | |||
| -L "info" \ | |||
| --ca "$TEST_DIR/certs/ca.pem" \ | |||
| --cert "$TEST_DIR/certs/br.pem" \ | |||
| --key "$TEST_DIR/certs/br.key" | |||
| --key "$TEST_DIR/certs/br.key" \ | |||
There was a problem hiding this comment.
Maybe keep the empty line at the end of file.
There was a problem hiding this comment.
right, I added logic and later removed, need to revert it
| ENCRYPTION_ARGS="--crypter.method aes128-ctr --crypter.key 0123456789abcdef0123456789abcdef --master-key-crypter-method AES256-CTR --master-key $MASTER_KEY_PATH" | ||
|
|
||
| # plaintext data key | ||
| #ENCRYPTION_ARGS="--crypter.method aes128-ctr --crypter.key 0123456789abcdef0123456789abcdef --log.crypter.method AES256-CTR --log.crypter.key 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
There was a problem hiding this comment.
Maybe remove this if it isn't needed.
There was a problem hiding this comment.
this is sort of a placeholder if we want to test the plaintext case, we can uncomment it and run the test. The entire tests will be run as needed, not by default for every commit per discussion with Brian, but I don't think it will hurt if we just enable encryption by default, let me know your thoughts.!
There was a problem hiding this comment.
Perhaps add some hints about when and hot to use it(Say, # If you want to specify a plaintext data key, uncomment and modify this as you like.? Or it looks pretty like temporary code during developing...
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
|
Please wait for this PR #51126 to be merged first. |
|
/retest |
ti-chi-bot
bot
added
approved
needs-1-more-lgtm
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
Signed-off-by: Wenqi Mou <wenqimou@gmail.com>
|
/unhold |
ti-chi-bot
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: BornChanger, YuJuncen The full list of commands accepted by this bot can be found here. The pull request process is described here |
ti-chi-bot
bot
added
lgtm
and removed
needs-1-more-lgtm
[LGTM Timeline notifier]Timeline:
|
|
/retest |
What problem does this PR solve?
Issue Number: close #56433
Problem Summary:
What changed and how does it work?
Check List
Tests
Side effects
Documentation
Release note
Please refer to Release Notes Language Style Guide to write a quality release note.