Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

E2E tests for channel: TLS key pair rotation #3406

Merged
merged 33 commits into from
Oct 26, 2023
Merged

E2E tests for channel: TLS key pair rotation #3406

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
f5ac537
Save work progress
Leo6Leo Oct 17, 2023
26758d9
Expose the TLS port
Leo6Leo Oct 17, 2023
faa9c76
Adding the logger to see what is happening
Leo6Leo Oct 17, 2023
4c63fd3
Java - Adding the debugging information
Leo6Leo Oct 18, 2023
006ec33
Merge branch 'main' into channel-rekt-keypair-rotation
Leo6Leo Oct 18, 2023
10678c9
Adding the path to the contract
Leo6Leo Oct 20, 2023
3280c52
Comment out the certificate rotation test portion
Leo6Leo Oct 20, 2023
85ed59a
Resolve the source certificate not found issue
Leo6Leo Oct 20, 2023
dc9f1f6
Fix the issue in the test
Leo6Leo Oct 20, 2023
aaaf376
Update control-plane/pkg/prober/prober.go
Leo6Leo Oct 20, 2023
9fff9f7
Update control-plane/pkg/reconciler/channel/channel.go
Leo6Leo Oct 20, 2023
b086371
Update control-plane/pkg/reconciler/channel/channel.go
Leo6Leo Oct 20, 2023
add2b7c
Update control-plane/pkg/reconciler/channel/resources/service.go
Leo6Leo Oct 20, 2023
5ff4cca
Update data-plane/receiver/src/main/java/dev/knative/eventing/kafka/b…
Leo6Leo Oct 20, 2023
855cfbf
Fix the inconsistent varable name
Leo6Leo Oct 20, 2023
cb94ca4
Merge branch 'main' into channel-rekt-keypair-rotation
Leo6Leo Oct 20, 2023
bf7a082
Fix the failed build issue
Leo6Leo Oct 20, 2023
b4dd5ef
Remove the logger
Leo6Leo Oct 20, 2023
becbf40
Run formatting
Leo6Leo Oct 20, 2023
18982a1
Update data-plane/receiver/src/main/java/dev/knative/eventing/kafka/b…
Leo6Leo Oct 20, 2023
228d0dc
Remove the logger
Leo6Leo Oct 20, 2023
316ca1c
Code gen
Leo6Leo Oct 20, 2023
25f0a30
Merge branch 'main' into channel-rekt-keypair-rotation
Leo6Leo Oct 23, 2023
1d22a88
Update control-plane/pkg/reconciler/channel/channel.go
Leo6Leo Oct 23, 2023
a9f57d0
Remove the uncessary code
Leo6Leo Oct 23, 2023
71a7b69
Fix the failing reconciler tests due to the missing newly added filed…
Leo6Leo Oct 23, 2023
feb7c5a
Merge remote-tracking branch 'origin/channel-rekt-keypair-rotation' i…
Leo6Leo Oct 23, 2023
92f4efb
Format fix
Leo6Leo Oct 23, 2023
a26cb6e
Merge branch 'main' into channel-rekt-keypair-rotation
Leo6Leo Oct 23, 2023
0784406
Merge main branch
Leo6Leo Oct 25, 2023
8c94e7d
Merge branch 'main' into channel-rekt-keypair-rotation
Leo6Leo Oct 26, 2023
35a647a
Instead of using channel service name, we directly use channel name f…
Leo6Leo Oct 26, 2023
939a589
Instead of using channel service name, we directly use channel name f…
Leo6Leo Oct 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions control-plane/config/eventing-kafka-broker/100-channel/100-kafka-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,28 @@ spec:
required:
- url
properties:
name:
type: string
url:
type: string
CACerts:
type: string
audience:
type: string
addresses:
description: Kafka Sink is Addressable. It exposes the endpoints as URIs to get events delivered into the Kafka topic.
type: array
items:
type: object
properties:
name:
type: string
url:
type: string
CACerts:
type: string
audience:
type: string
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
Expand Down
5 changes: 3 additions & 2 deletions control-plane/pkg/reconciler/channel/channel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta
}

httpAddress := receiver.ChannelHTTPAddress(channelHttpHost)
httpsAddress := receiver.HTTPSAddress(channelHttpsHost, channelService, caCerts)
httpsAddress := receiver.HTTPSAddress(channelHttpsHost, channel, caCerts)
// Permissive mode:
// - status.address http address with path-based routing
// - status.addresses:
Expand All @@ -337,7 +337,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta
return err
}

httpsAddress := receiver.HTTPSAddress(channelHttpsHost, channelService, caCerts)
httpsAddress := receiver.HTTPSAddress(channelHttpsHost, channel, caCerts)
addressableStatus.Addresses = []duckv1.Addressable{httpsAddress}
addressableStatus.Address = &httpsAddress
} else {
Expand Down Expand Up @@ -672,6 +672,7 @@ func (r *Reconciler) getChannelContractResource(ctx context.Context, topic strin
Ingress: &contract.Ingress{
Host: receiver.Host(channel.GetNamespace(), channel.GetName()),
EnableAutoCreateEventTypes: feature.FromContext(ctx).IsEnabled(feature.EvenTypeAutoCreate),
Path: receiver.Path(channel.GetNamespace(), channel.GetName()),
},
BootstrapServers: config.GetBootstrapServers(),
Reference: &contract.Reference{
Expand Down
26 changes: 23 additions & 3 deletions control-plane/pkg/reconciler/channel/channel_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -262,6 +263,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
EgressConfig: &contract.EgressConfig{
Expand Down Expand Up @@ -338,6 +340,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -408,6 +411,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -482,6 +486,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{},
Expand Down Expand Up @@ -554,6 +559,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -631,6 +637,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -713,6 +720,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -795,6 +803,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -883,6 +892,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -1173,6 +1183,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -1270,6 +1281,7 @@ func TestReconcileKind(t *testing.T) {
},
},
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -1376,6 +1388,7 @@ func TestReconcileKind(t *testing.T) {
},
},
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -1479,6 +1492,7 @@ func TestReconcileKind(t *testing.T) {
},
},
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
Egresses: []*contract.Egress{{
Expand Down Expand Up @@ -1557,6 +1571,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -1626,6 +1641,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -1738,6 +1754,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down Expand Up @@ -1823,6 +1840,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
EgressConfig: &contract.EgressConfig{
Expand Down Expand Up @@ -1864,7 +1882,7 @@ func TestReconcileKind(t *testing.T) {
WithChannelAddresses([]duckv1.Addressable{
{
Name: pointer.String("https"),
URL: httpsURL(ChannelServiceName, ChannelNamespace),
URL: httpsURL(ChannelName, ChannelNamespace),
CACerts: pointer.String(testCaCerts),
},
{
Expand Down Expand Up @@ -1925,6 +1943,7 @@ func TestReconcileKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
EgressConfig: &contract.EgressConfig{
Expand Down Expand Up @@ -1966,13 +1985,13 @@ func TestReconcileKind(t *testing.T) {
WithChannelAddresses([]duckv1.Addressable{
{
Name: pointer.String("https"),
URL: httpsURL(ChannelServiceName, ChannelNamespace),
URL: httpsURL(ChannelName, ChannelNamespace),
CACerts: pointer.String(testCaCerts),
},
}),
WithChannelAddress(duckv1.Addressable{
Name: pointer.String("https"),
URL: httpsURL(ChannelServiceName, ChannelNamespace),
URL: httpsURL(ChannelName, ChannelNamespace),
CACerts: pointer.String(testCaCerts),
}),
WithChannelAddessable(),
Expand Down Expand Up @@ -2014,6 +2033,7 @@ func TestFinalizeKind(t *testing.T) {
BootstrapServers: ChannelBootstrapServers,
Reference: ChannelReference(),
Ingress: &contract.Ingress{
Path: receiver.Path(ChannelNamespace, ChannelName),
Host: receiver.Host(ChannelNamespace, ChannelName),
},
},
Expand Down
10 changes: 9 additions & 1 deletion control-plane/pkg/reconciler/channel/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,9 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf

logger := logging.FromContext(ctx)

featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"))
featureStore.WatchConfigs(watcher)

_, err := reconciler.GetOrCreateDataPlaneConfigMap(ctx)
if err != nil {
logger.Fatal("Failed to get or create data plane config map",
Expand All @@ -96,7 +99,12 @@ func NewController(ctx context.Context, watcher configmap.Watcher, configs *conf
logger.Warn("Failed to get CA certs when at least one address uses TLS", zap.Error(err))
}

impl := kafkachannelreconciler.NewImpl(ctx, reconciler)
impl := kafkachannelreconciler.NewImpl(ctx, reconciler,
func(impl *controller.Impl) controller.Options {
return controller.Options{
ConfigStore: featureStore,
}
})
IPsLister := prober.IdentityIPsLister()
reconciler.IngressHost = network.GetServiceHostname(configs.IngressName, configs.SystemNamespace)
reconciler.Prober, err = prober.NewComposite(ctx, "", "", IPsLister, impl.EnqueueKey, &caCerts)
Expand Down
4 changes: 4 additions & 0 deletions control-plane/pkg/reconciler/channel/controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,12 @@ func TestNewController(t *testing.T) {
configmap.NewStaticWatcher(&corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: apisconfig.FlagsConfigName,
}}, &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: "config-features",
},
}),

configs,
)
if controller == nil {
Expand Down
13 changes: 11 additions & 2 deletions control-plane/pkg/reconciler/channel/resources/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,12 @@ import (
)

const (
portName = "http"
portNumber = 80
portName = "http"
portNumber = 80

tlsPortName = "https"
tlsPortNumber = 443

MessagingRoleLabel = "messaging.knative.dev/role"
MessagingRole = "kafka-channel"

Expand Down Expand Up @@ -86,6 +90,11 @@ func MakeK8sService(kc *v1beta1.KafkaChannel, opts ...ServiceOption) (*corev1.Se
Protocol: corev1.ProtocolTCP,
Port: portNumber,
},
{
Name: tlsPortName,
Protocol: corev1.ProtocolTCP,
Port: tlsPortNumber,
},
},
},
}
Expand Down
5 changes: 5 additions & 0 deletions control-plane/pkg/reconciler/testing/objects_channel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,11 @@ func NewPerChannelService(env *config.Env) *corev1.Service {
Protocol: corev1.ProtocolTCP,
Port: 80,
},
{
Name: "https",
Protocol: corev1.ProtocolTCP,
Port: 443,
},
},
},
}
Expand Down
48 changes: 48 additions & 0 deletions test/e2e_new/channel_eventing_tls_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
//go:build e2e
// +build e2e

/*
* Copyright 2023 The Knative Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package e2e_new

import (
"testing"
"time"

"knative.dev/eventing-kafka-broker/test/rekt/features"
"knative.dev/pkg/system"
"knative.dev/reconciler-test/pkg/environment"
"knative.dev/reconciler-test/pkg/eventshub"
"knative.dev/reconciler-test/pkg/k8s"
"knative.dev/reconciler-test/pkg/knative"
)

func TestChannelTLSCARotation(t *testing.T) {
t.Parallel()

ctx, env := global.Environment(
knative.WithKnativeNamespace(system.Namespace()),
knative.WithLoggingConfig,
knative.WithTracingConfig,
k8s.WithEventListener,
environment.Managed(t),
eventshub.WithTLS(t),
environment.WithPollTimings(5*time.Second, 4*time.Minute),
)

env.Test(ctx, t, features.RotateChannelTLSCertificates())
}
Loading
Loading