Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-459

maistra TP11 Plugging in external CA key and certs not working

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • maistra-0.11.0
    • citadel
    • None

    Description

      Plugging in external CA key and certs test fails on OCP4.1 AWS. The failed task is:
      https://istio.io/docs/tasks/security/plugin-ca-cert/

      After user edit the citadel deployment and compare certs, test result shows certs are not the same. It looks like new certs are not mounted on the proxy or not propagated to the pod after citadel redeployment.

      In TP10, this test case works fine.

      Build: istio maistra-0.11.0
      Environment: OCP4.1 AWS
      Test script:
      https://github.com/yxun/moitt/blob/master/test/maistra/tc_21_plugging_external_ca_test.go

      Results:
      — FAIL: Test21 (125.10s)
      tc_21_plugging_external_ca_test.go:156: @@ -3,53 +3,56 @@
      Version: 3 (0x2)
      Serial Number:

      • 8b:b0:09:7f:1c:e7:53:68:38:c0:16:dd:34:79:43:88
        + e2:11:0e:13:9c:c6:cc:7a
        Signature Algorithm: sha256WithRSAEncryption
      • Issuer: O = cluster.local
        + Issuer: C = US, ST = California, L = Sunnyvale, O = Istio, OU = Test, CN = Root CA, emailAddress = testrootca@istio.io
        Validity
      • Not Before: May 28 15:32:17 2019 GMT
      • Not After : May 27 15:32:17 2020 GMT
      • Subject: O = cluster.local
        + Not Before: Jan 24 19:15:51 2018 GMT
        + Not After : Dec 31 19:15:51 2117 GMT
        + Subject: C = US, ST = California, L = Sunnyvale, O = Istio, OU = Test, CN = Root CA, emailAddress = testrootca@istio.io
        Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        Public-Key: (2048 bit)
        Modulus:
      • 00:cf:c1:20:f8:e0:c5:cf:c9:fe:4d:1e:99:5f:0a:
      • 36:95:68:57:25:f6:41:d5:36:39:98:c5:47:cd:a7:
      • ea:04:f1:e5:4f:22:09:7b:9e:62:af:ec:76:3a:da:
      • 7c:bd:5d:3e:17:dc:ec:50:b0:1b:e5:32:03:d4:46:
      • 18:ae:f4:46:07:6b:96:09:cf:8a:f1:f9:34:9a:6b:
      • 9c:ca:21:e9:84:08:20:a0:1c:99:2b:95:12:a4:db:
      • fd:a0:7b:d0:8a:1e:01:c6:c7:85:78:8c:e8:32:f3:
      • af:94:01:bc:1c:39:ca:1a:57:7f:19:70:0a:65:d3:
      • 4e:97:9d:d4:fa:e1:b9:c2:18:40:92:03:75:d0:25:
      • 26:0a:b2:be:37:74:2c:a9:ee:73:93:a9:f7:c6:1a:
      • 03:92:ba:8d:df:8a:a4:c7:39:f1:3d:25:75:04:b1:
      • 39:18:43:54:53:74:16:cc:ca:c0:b4:cb:9c:94:29:
      • 0a:c3:79:5f:09:ba:eb:ea:a9:1f:a5:ff:7d:22:58:
      • d0:ab:13:00:09:27:98:62:91:f0:3c:3b:f7:3b:b5:
      • a9:4d:1c:1b:a6:03:e7:e0:09:bc:ce:11:92:24:be:
      • c9:7f:e0:87:2e:27:f2:7c:bc:fe:64:0f:0f:44:ef:
      • 69:aa:65:e2:57:ee:6d:3d:3d:e1:23:43:e0:a2:3b:
      • 61:01
        + 00:df:cb:84:7c:06:ad:cd:06:2a:6d:a2:e8:bb:59:
        + f1:27:7e:3c:57:23:73:ba:66:0c:98:30:ed:e6:96:
        + cb:61:1a:c2:a3:6a:52:de:48:b5:65:50:cd:f3:2c:
        + 48:10:d2:45:92:92:b0:f5:47:2d:4c:67:5b:34:6b:
        + 86:0a:24:83:3f:bb:aa:17:a0:62:56:7f:97:28:05:
        + 3f:de:99:cf:14:16:d3:77:44:b7:dc:da:9b:0c:44:
        + 2e:21:8a:da:1d:29:7f:b5:29:39:ac:04:5b:0b:50:
        + eb:41:17:59:ea:76:03:d8:aa:da:a4:2e:20:d1:76:
        + e3:63:a3:ee:e6:5e:32:ec:a9:c5:c1:2b:a7:9e:9f:
        + 6e:aa:96:70:b8:44:6f:fc:18:2e:98:9e:50:95:27:
        + 92:78:29:a1:9c:38:4b:c6:8a:06:f3:0e:6d:0b:6c:
        + 95:af:5c:83:a6:c3:87:1a:29:8f:fe:67:3c:09:db:
        + 38:57:4c:df:22:14:2f:63:37:c8:1e:98:61:13:d0:
        + ca:8e:69:e3:05:82:ce:76:3e:1a:c9:cb:f8:e2:31:
        + e7:38:67:3e:c2:f0:35:26:ab:25:eb:4b:77:c2:09:
        + ac:fb:32:53:89:6c:00:04:b7:70:ce:03:00:6b:bc:
        + b1:2f:2a:15:d3:e3:e2:55:0b:9d:ea:4f:bc:66:82:
        + 05:73
        Exponent: 65537 (0x10001)
        X509v3 extensions:
      • X509v3 Key Usage: critical
      • Certificate Sign
      • X509v3 Basic Constraints: critical
        + X509v3 Subject Key Identifier:
        + 39:46:06:B5:4C:A1:7A:EC:4E:E2:51:9E:E0:EA:75:CB:C3:55:A1:A8
        + X509v3 Authority Key Identifier:
        + keyid:39:46:06:B5:4C:A1:7A:EC:4E:E2:51:9E:E0:EA:75:CB:C3:55:A1:A8
        +
        + X509v3 Basic Constraints:
        CA:TRUE
        Signature Algorithm: sha256WithRSAEncryption
      • 5b:ea:ed:91:ff:a9:cb:5b:6a:d3:15:67:ba:90:c0:91:b3:db:
      • e8:fe:e2:28:73:f0:5a:5d:05:39:8f:e4:15:26:0e:44:e9:6c:
      • 82:62:f3:09:30:ed:8b:20:4a:a3:7b:ad:8a:a7:e4:d4:b4:31:
      • 8a:d5:5e:1f:8b:b6:5c:03:fd:c5:4d:77:b4:60:7c:78:ea:2c:
      • 97:77:4e:49:5e:13:9b:0b:63:d7:79:63:33:04:64:82:39:0b:
      • a4:54:87:89:ff:05:2e:e6:31:9b:de:d7:6b:3b:2b:20:07:dc:
      • a8:61:1e:8c:2b:21:12:84:a7:ed:58:48:b2:1d:a1:d6:ca:58:
      • 7b:a4:f2:0a:d1:82:e6:d6:6e:f9:5d:30:96:aa:43:cf:3c:2a:
      • 55:61:19:08:50:ae:04:98:5f:29:85:28:c1:19:7a:c8:5e:64:
      • 2a:aa:d4:c3:d0:4c:cf:ad:19:53:3b:ba:be:2b:8e:a5:f4:4f:
      • 73:49:39:6d:ec:b3:6c:0c:26:21:95:85:42:89:02:a5:ed:1c:
      • c3:12:db:1f:4f:ef:0e:e5:b0:de:ad:fd:e2:a4:22:54:12:13:
      • 7a:9f:f1:69:1c:7b:df:77:73:49:73:7b:17:af:e4:38:57:b9:
      • a1:fc:ed:2a:21:5e:43:5f:5f:58:da:5d:62:f3:b5:6f:36:8d:
      • 40:cb:78:94
        + 35:72:f2:7c:0b:3b:27:da:e6:05:a9:86:26:f3:d9:96:dc:77:
        + f7:45:b1:cf:32:c5:42:c0:51:01:a1:fa:ae:07:a2:a4:1a:b7:
        + 75:1f:6a:12:30:30:6f:a0:53:17:e4:4e:9a:d4:33:5f:e7:e3:
        + b2:d0:91:ac:9c:42:b6:8f:56:b4:2f:0a:bd:74:dd:45:f2:23:
        + 7c:20:99:8e:1b:48:38:12:aa:47:11:38:28:95:7f:44:17:ef:
        + f7:10:f9:97:28:ed:08:f0:90:97:72:1a:e8:c4:9f:e3:63:7e:
        + 69:b0:0a:58:27:54:e8:a0:a8:8c:0f:16:07:d6:21:48:2c:f3:
        + 6b:76:90:6c:f4:f3:77:6e:8e:0b:f2:5b:94:9a:55:82:db:ac:
        + e5:ff:08:2f:30:ac:cf:ea:5b:32:29:a0:4e:48:72:02:e8:58:
        + 46:9a:49:69:0d:b8:00:f8:a3:b0:40:bd:f8:62:1a:54:a3:e0:
        + e4:8c:16:ae:88:8f:a2:3f:90:5c:da:6c:86:eb:ea:55:04:17:
        + bc:66:91:8a:ae:33:a1:29:f1:c4:02:73:fb:0f:2d:8e:b0:d6:
        + 71:ff:36:e9:53:75:e0:82:fe:fc:29:aa:96:0f:eb:21:f0:79:
        + 08:77:70:54:87:d6:c2:9b:86:07:ae:aa:fd:48:8f:7a:06:4c:
        + 36:cf:1a:de
        FAIL

      Attachments

        Activity

          People

            kconner@redhat.com Kevin Conner (Inactive)
            yuaxu@redhat.com Yuanlin Xu
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: