kubernetes-sigs/secrets-store-csi-driver PR #930 pull-secrets-store-csi-driver-e2e-azure #1514642649947049984
Recent runs || View in Spyglass
Recent runs || View in Spyglass
| PR | aramase: test: use helm charts for azure provider |
| Result | FAILURE |
| Tests | 0 failed / 0 succeeded |
| Started | |
| Elapsed | 23m9s |
| Revision | 93b7f5c8726012ea0f9d8d08b90e82c30bcc8056 |
| Refs |
930 |
... skipping 335 lines ... kubectl cluster-info --context kind-kind Have a nice day! 👋 make[1]: Leaving directory '/home/prow/go/src/sigs.k8s.io/secrets-store-csi-driver' docker pull gcr.io/k8s-staging-csi-secrets-store/driver:v1.1.0-e2e-6f1391dc || make e2e-container Error response from daemon: manifest for gcr.io/k8s-staging-csi-secrets-store/driver:v1.1.0-e2e-6f1391dc not found: manifest unknown: Failed to fetch "v1.1.0-e2e-6f1391dc" from request "/v2/k8s-staging-csi-secrets-store/driver/manifests/v1.1.0-e2e-6f1391dc". make[1]: Entering directory '/home/prow/go/src/sigs.k8s.io/secrets-store-csi-driver' make container make[2]: Entering directory '/home/prow/go/src/sigs.k8s.io/secrets-store-csi-driver' rm -rf _output/crds/* mkdir -p _output/crds cp -R manifest_staging/charts/secrets-store-csi-driver/crds/ _output/crds/ ... skipping 422 lines ... client.go:128: [debug] creating 1 resource(s) client.go:529: [debug] Watching for changes to Job secrets-store-csi-driver-upgrade-crds with timeout of 5m0s I0414 16:37:22.035506 13611 reflector.go:203] Reflector from k8s.io/client-go@v0.23.5/tools/cache/reflector.go:167 configured with expectedType of *unstructured.Unstructured with empty GroupVersionKind. I0414 16:37:22.035557 13611 reflector.go:219] Starting reflector *unstructured.Unstructured (0s) from k8s.io/client-go@v0.23.5/tools/cache/reflector.go:167 I0414 16:37:22.035575 13611 reflector.go:255] Listing and watching *unstructured.Unstructured from k8s.io/client-go@v0.23.5/tools/cache/reflector.go:167 client.go:557: [debug] Add/Modify event for secrets-store-csi-driver-upgrade-crds: ADDED client.go:596: [debug] secrets-store-csi-driver-upgrade-crds: Jobs active: 0, jobs failed: 0, jobs succeeded: 0 client.go:557: [debug] Add/Modify event for secrets-store-csi-driver-upgrade-crds: MODIFIED client.go:596: [debug] secrets-store-csi-driver-upgrade-crds: Jobs active: 1, jobs failed: 0, jobs succeeded: 0 client.go:557: [debug] Add/Modify event for secrets-store-csi-driver-upgrade-crds: MODIFIED client.go:596: [debug] secrets-store-csi-driver-upgrade-crds: Jobs active: 0, jobs failed: 0, jobs succeeded: 0 client.go:557: [debug] Add/Modify event for secrets-store-csi-driver-upgrade-crds: MODIFIED I0414 16:37:24.423956 13611 reflector.go:225] Stopping reflector *unstructured.Unstructured (0s) from k8s.io/client-go@v0.23.5/tools/cache/reflector.go:167 client.go:299: [debug] Starting delete for "csi-secrets-store-secrets-store-csi-driver-upgrade-crds" ServiceAccount client.go:299: [debug] Starting delete for "csi-secrets-store-secrets-store-csi-driver-upgrade-crds" ClusterRole client.go:299: [debug] Starting delete for "csi-secrets-store-secrets-store-csi-driver-upgrade-crds" ClusterRoleBinding client.go:299: [debug] Starting delete for "secrets-store-csi-driver-upgrade-crds" Job ... skipping 1035 lines ... ok 2 create azure k8s secret ok 3 secretproviderclasses crd is established ok 4 Test rbac roles and role bindings exist ok 5 deploy azure secretproviderclass crd not ok 6 CSI inline volume test with pod portability # (in test file test/bats/azure.bats, line 113) # `kubectl wait --for=condition=Ready --timeout=300s pod/secrets-store-inline-crd' failed # pod/secrets-store-inline-crd created # error: timed out waiting for the condition on pods/secrets-store-inline-crd not ok 7 CSI inline volume test with pod portability - read azure kv secret from pod # (from function `wait_for_process' in file test/bats/helpers.bash, line 65, # in test file test/bats/azure.bats, line 120) # `wait_for_process $WAIT_TIME $SLEEP_TIME "kubectl exec secrets-store-inline-crd -- cat /mnt/secrets-store/$SECRET_NAME | grep '${SECRET_VALUE}'"' failed # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") # error: unable to upgrade connection: container not found ("busybox") not ok 8 CSI inline volume test with pod portability - read azure kv key from pod # (in test file test/bats/azure.bats, line 127) # `result=$(kubectl exec secrets-store-inline-crd -- cat /mnt/secrets-store/$KEY_NAME)' failed # error: unable to upgrade connection: container not found ("busybox") ok 9 CSI inline volume test with pod portability - unmount succeeds not ok 10 Sync with K8s secrets - create deployment # (in test file test/bats/azure.bats, line 165) # `kubectl wait --for=condition=Ready --timeout=90s pod -l app=busybox' failed # secretproviderclass.secrets-store.csi.x-k8s.io/azure-sync created # customresourcedefinition.apiextensions.k8s.io/secretproviderclasses.secrets-store.csi.x-k8s.io condition met # {"apiVersion":"secrets-store.csi.x-k8s.io/v1","kind":"SecretProviderClass","metadata":{"annotations":{},"name":"azure-sync","namespace":"default"},"spec":{"parameters":{"keyvaultName":"csi-secrets-store-e2e","objects":"array:\n - |\n objectName: secret1\n objectType: secret # object types: secret, key or cert\n objectAlias: secretalias\n objectVersion: # [OPTIONAL] object versions, default to latest if empty\n - |\n objectName: key1\n objectType: key\n objectVersion: 7cc095105411491b84fe1b92ebbcf01a\n","tenantId":"097f89a0-9286-43d2-9a1a-08f1d49b1af8","usePodIdentity":"false"},"provider":"azure","secretObjects":[{"data":[{"key":"username","objectName":"secretalias"}],"labels":{"environment":"test"},"secretName":"foosecret","type":"Opaque"}]}} # name: azure-sync # provider: azure # deployment.apps/busybox-deployment created # deployment.apps/busybox-deployment-two created # timed out waiting for the condition on pods/busybox-deployment-7d8886b464-h4qzc # timed out waiting for the condition on pods/busybox-deployment-7d8886b464-hqpd9 # timed out waiting for the condition on pods/busybox-deployment-two-7d8886b464-czf8x # timed out waiting for the condition on pods/busybox-deployment-two-7d8886b464-jvpt6 not ok 11 Sync with K8s secrets - read secret from pod, read K8s secret, read env var, check secret ownerReferences with multiple owners # (in test file test/bats/azure.bats, line 171) # `result=$(kubectl exec $POD -- cat /mnt/secrets-store/secretalias)' failed # error: unable to upgrade connection: container not found ("busybox") not ok 12 Sync with K8s secrets - delete deployment, check owner ref updated, check secret deleted # (from function `assert_success' in file test/bats/helpers.bash, line 8, # in test file test/bats/azure.bats, line 199) # `assert_success' failed # expected: 0 # actual: 1 # output: Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found # Error from server (NotFound): secrets "foosecret" not found not ok 13 Test Namespaced scope SecretProviderClass - create deployment # (in test file test/bats/azure.bats, line 233) # `kubectl wait --for=condition=Ready --timeout=60s pod -l app=busybox -n test-ns' failed # secretproviderclass.secrets-store.csi.x-k8s.io/azure-sync configured # secretproviderclass.secrets-store.csi.x-k8s.io/azure-sync created # customresourcedefinition.apiextensions.k8s.io/secretproviderclasses.secrets-store.csi.x-k8s.io condition met # {"apiVersion":"secrets-store.csi.x-k8s.io/v1","kind":"SecretProviderClass","metadata":{"annotations":{},"name":"azure-sync","namespace":"default"},"spec":{"parameters":{"keyvaultName":"csi-secrets-store-e2e","objects":"array:\n - |\n objectName: secret1\n objectType: secret\n objectAlias: secretalias\n objectVersion: \n - |\n objectName: key1\n objectType: key\n objectVersion: 7cc095105411491b84fe1b92ebbcf01a\n","tenantId":"097f89a0-9286-43d2-9a1a-08f1d49b1af8","usePodIdentity":"false"},"provider":"invalidprovider","secretObjects":[{"data":[{"key":"username","objectName":"secretalias"}],"secretName":"foosecret","type":"Opaque"}]}} # name: azure-sync # {"apiVersion":"secrets-store.csi.x-k8s.io/v1","kind":"SecretProviderClass","metadata":{"annotations":{},"name":"azure-sync","namespace":"test-ns"},"spec":{"parameters":{"keyvaultName":"csi-secrets-store-e2e","objects":"array:\n - |\n objectName: secret1\n objectType: secret\n objectAlias: secretalias\n objectVersion: \n - |\n objectName: key1\n objectType: key\n objectVersion: 7cc095105411491b84fe1b92ebbcf01a\n","tenantId":"097f89a0-9286-43d2-9a1a-08f1d49b1af8","usePodIdentity":"false"},"provider":"azure","secretObjects":[{"data":[{"key":"username","objectName":"secretalias"}],"secretName":"foosecret","type":"Opaque"}]}} # name: azure-sync # provider: azure # deployment.apps/busybox-deployment created # timed out waiting for the condition on pods/busybox-deployment-7d8886b464-cvl9q # timed out waiting for the condition on pods/busybox-deployment-7d8886b464-zvc59 not ok 14 Test Namespaced scope SecretProviderClass - Sync with K8s secrets - read secret from pod, read K8s secret, read env var, check secret ownerReferences # (in test file test/bats/azure.bats, line 239) # `result=$(kubectl exec -n test-ns $POD -- cat /mnt/secrets-store/secretalias)' failed # error: unable to upgrade connection: container not found ("busybox") ok 15 Test Namespaced scope SecretProviderClass - Sync with K8s secrets - delete deployment, check secret deleted ok 16 Test Namespaced scope SecretProviderClass - Should fail when no secret provider class in same namespace ok 17 deploy multiple azure secretproviderclass crd not ok 18 deploy pod with multiple secret provider class # (in test file test/bats/azure.bats, line 304) # `kubectl wait --for=condition=Ready --timeout=60s pod/secrets-store-inline-multiple-crd' failed # pod/secrets-store-inline-multiple-crd created # error: timed out waiting for the condition on pods/secrets-store-inline-multiple-crd not ok 19 CSI inline volume test with multiple secret provider class # (in test file test/bats/azure.bats, line 311) # `result=$(kubectl exec secrets-store-inline-multiple-crd -- cat /mnt/secrets-store-0/secretalias)' failed # error: unable to upgrade connection: container not found ("busybox") not ok 20 Test auto rotation of mount contents and K8s secrets - Create deployment # (from function `assert_success' in file test/bats/helpers.bash, line 8, # in test file test/bats/azure.bats, line 356) # `assert_success' failed # expected: 0 # actual: 1 # output: ERROR: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '097412bb-d728-4416-93ed-d51e2ebfda44'. # Trace ID: 3b2fbcc3-fe29-4f8f-88e6-7c96d0063000 # Correlation ID: 0454e3be-4bf8-4941-8e6d-388d17a04855 # Timestamp: 2022-04-14 16:54:47Z # To re-authenticate, please run: # az login not ok 21 Test auto rotation of mount contents and K8s secrets # (in test file test/bats/azure.bats, line 371) # `result=$(kubectl exec -n rotation secrets-store-inline-rotation -- cat /mnt/secrets-store/secretalias)' failed # Error from server (NotFound): pods "secrets-store-inline-rotation" not found make: *** [Makefile:471: e2e-azure] Error 1 + EXIT_VALUE=2 + set +o xtrace Cleaning up after docker in docker. ================================================================================ Cleaning up after docker bccfca568fb7 ... skipping 4 lines ...