chef-server
chef-server copied to clipboard
chef
Replace AWS sigv2 with sigv4
This PR is part of a broader effort to replace AWS sigv2 with sigv4, encompassing modifications to oc_erchef, bookshelf, mini_s3, erlcloud, pedant clients, and other systems. In brief, the erlcloud library was wired-in to oc-erchef and bookshelf via mini_s3. oc-erchef was modified to generate sigv4 requests. bookshelf was modified to accept sigv4 requests. A host of issues were solved pertaining to host headers and ports, expiration windows, ipv6, etc. Finally, new unit tests exercising various aspects of newly-added functionality were added.
These commits were originally squashed and had to be unsquashed. Consequently, the commit messages were lost. However a brief list of some changes can be found at the end.
A few umbrella tests occasionally fail and eventually pass on a re-run. However, master seems to exhibit the same behavior, e.g. https://buildkite.com/chef/chef-umbrella-master-chef-server/builds/239#46e6ab07-c720-4a4a-8982-64a63f0d550d
See: https://github.com/chef/chef-server/issues/1911 https://github.com/chef/mini_s3/pull/31 https://github.com/chef/erlcloud/pull/2
verify: https://buildkite.com/chef/chef-chef-server-master-verify/builds/2324 https://buildkite.com/chef/chef-chef-server-master-verify/builds/3295
adhoc: https://buildkite.com/chef/chef-chef-server-master-omnibus-adhoc/builds/1606 https://buildkite.com/chef/chef-chef-server-master-omnibus-adhoc/builds/2202
umbrella: https://buildkite.com/chef/chef-umbrella-master-chef-server/builds/278
add sigv4 presigned url request verification
add unit tests for bksw_sec.erl
add 2nd method for sigv4 url request verification and associated tests
add authorization header request vs previously-coded presigned url request
add headers check; add -specs
fix chef_s3_tests.erl:
if i understood the tests correctly, and understood what was being
tested, there was some impedance mismatch between how the old mini_s3
did things and how the new erlcloud and mini_s3 wrapper does things. old
mini_s3 config apparently stores a whole url, either with port
(scheme://whatever.com:port) or without port (scheme://whatever.com).
erlcloud config stores the url in separate pieces (scheme, uri, port,
etc), and it always stores a port. the issue with these tests was,
the test result wanted the url which may or may not have originally
included a port. this was fine for old mini_s3, as it just stored the
whole url (which either included or didn't include the port), and could
produce this url on demand. but this wasn't fine for erlcloud, because
it always has a port stored, and defaults to a port if there isn't one.
this fix attempted to address this issue.set cache-control header
bksw_sec: dont trigger new sha256 calculation in erlcloud sigv4 signing
change test dealing with seemingly url-encoded bucket; revert previous change which assumed bucket listings needed to be url-decoded.
patch in alternate computation/evaluation of host header
fix pedant test expecting a 503 but getting a 500
got the following pedant test failure:
Sandboxes API Endpoint
Sandboxes Endpoint, PUT
when committing an incomplete sandbox
should respond with 503 Service Unavailable (FAILED - 1)
Deleting organization pedant_testorg_api_10584 ...
Failures:
1) Sandboxes API Endpoint Sandboxes Endpoint, PUT when committing an incomplete sandbox should respond with 503 Service Unavailable
Failure/Error: should look_like expected_response
Response should have HTTP status code 503 ('Service Unavailable'), but it was actually 500 ('Internal Server Error')
Reponse Body: {"error":["internal service error"]}
# ./lib/pedant/rspec/common.rb:78:in `block in should_respond_with'
Finished in 1.94 seconds (files took 2.02 seconds to load)
1 example, 1 failure
Failed examples:
rspec ./spec/api/sandboxes/complete_endpoint_spec.rb:196 # Sandboxes API Endpoint Sandboxes Endpoint, PUT when committing an incomplete sandbox should respond with 503 Service Unavailable
it appears to have been caused by this (404s):
==> /var/log/opscode/opscode-erchef/erchef.log <==
2020-06-16 18:13:15.818 [error] Checking presence of file (checksum: <<"d43de48f09dfd4affdb95a87516342fd">>) for org <<"db654ca8f09eac95246f4f5965b0e433">> from bucket "lbaker-east-ohio" (key: "organization-db654ca8f09eac95246f4f5965b0e433/checksum-d43de48f09dfd4affdb95a87516342fd") raised exception error:{aws_error,{http_error,404,"Not Found",<<>>}}
==> /var/log/opscode/opscode-erchef/crash.log <==
2020-06-16 18:13:15 =ERROR REPORT====
Checking presence of file (checksum: <<"d43de48f09dfd4affdb95a87516342fd">>) for org <<"db654ca8f09eac95246f4f5965b0e433">> from bucket "lbaker-east-ohio" (key: "organization-db654ca8f09eac95246f4f5965b0e433/checksum-d43de48f09dfd4affdb95a87516342fd") raised exception error:{aws_error,{http_error,404,"Not Found",<<>>}}
no one is around for me to ask. assuming for now that a 404 is supposed to return a 503 for this pedant test, and that's the behavior we want? patching for this assumed behavior for now.
Related erlcloud PR: https://github.com/chef/erlcloud/pull/1 Related mini_s3 PR: https://github.com/chef/mini_s3/pull/31
@lbakerchef thank you for your work on this! Will be happy to talk through the comments/suggestions.
Deploy Preview for chef-server processing.
| Name | Link |
|---|---|
| Latest commit | 0b5ea86682250064ae5ed3ae076a10b96398db9c |
| Latest deploy log | https://app.netlify.com/sites/chef-server/deploys/6352baeaa0ef7e0008378aea |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi friends, any chance you could take my github name out of the commit message in 4bd9b70? Otherwise I get notified on every push to this branch.
You may also want to do the same for whoever owns @-ssd on Github.
8/9/22 https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/4838 https://buildkite.com/chef/chef-umbrella-main-chef-server-full/builds/230
NO VHOST
9/28/22 after vhost removal: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/4987 bookshelf configuration https://buildkite.com/chef/chef-umbrella-main-chef-server/builds/1540 s3 configuration standalone-fresh-install [confirm path setting] [objects confirmed written to s3]
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>2,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>27,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 22 minutes 20 seconds (files took 3.66 seconds to load)
5199 examples, 8 failures, 128 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
compared with main branch s3 configuration standalone-fresh-install
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>2,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>27,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 22 minutes 57 seconds (files took 4.07 seconds to load)
5199 examples, 8 failures, 128 pending
Last test before vhost changes: https://buildkite.com/chef/chef-umbrella-main-chef-server-full/builds/245
last adhoc: https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/4931
TESTS OF VHOST SETTING
Test of backend with vhost setting. Objects were confirmed written to S3 bucket. Bookshelf service confirmed off.
# SCENARIO=chef-backend PLATFORM=ubuntu-18.04 BACKEND_VERSION=3.1.2 MANAGE_VERSION=3.2.20 INSTALL_VERSION=15.1.7 UPGRADE_VERSION=15.1.7+20220909192304 ENABLE_ADDON_PUSH_JOBS=false ENABLE_GATHER_LOGS_TEST=false ENABLE_PEDANT_TEST=false ENABLE_PSQL_TEST=false ENABLE_SMOKE_TEST=true ENABLE_IPV6=false make apply
root@ip-10-0-2-53:~# chef-server-ctl version
15.1.7+20220909192304
root@ip-10-0-2-53:~# chef-server-ctl status
-------------------
Internal Services
-------------------
run: haproxy: (pid 19962) 2825s; run: log: (pid 2589) 2942s
run: nginx: (pid 6338) 2311s; run: log: (pid 19940) 2833s
run: oc_bifrost: (pid 19967) 2825s; run: log: (pid 19767) 2916s
run: oc_id: (pid 20062) 2824s; run: log: (pid 19785) 2909s
run: opscode-erchef: (pid 20218) 2698s; run: log: (pid 19902) 2884s
run: redis_lb: (pid 6062) 2370s; run: log: (pid 20112) 2823s
-------------------
External Services
-------------------
run: elasticsearch: connected OK to http://127.0.0.1:9200
run: postgresql: connected OK to 127.0.0.1:5432
root@ip-10-0-2-53:~# cat /etc/opscode/chef-server.rb
# snip...
bookshelf["enable"] = false
bookshelf["vip"] = "s3.us-west-2.amazonaws.com"
bookshelf["external_url"] = "https://s3.us-west-2.amazonaws.com"
opscode_erchef["s3_bucket"] = "CENSORED"
bookshelf["access_key_id"] = "CENSORED"
bookshelf["secret_access_key"] = "CENSORED"
root@ip-10-0-2-53:~# chef-server-ctl test
# snip
Finished in 1 minute 0.4 seconds (files took 4.09 seconds to load)
173 examples, 0 failures, 2 pending
root@ip-10-0-2-53:~# chef-server-ctl test --all
# snip
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>2,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>27,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 25 minutes 30 seconds (files took 3.99 seconds to load)
5181 examples, 8 failures, 131 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Comparison with vanilla Backend (same failures?):
# SCENARIO=chef-backend PLATFORM=ubuntu-18.04 BACKEND_VERSION=3.1.2 MANAGE_VERSION=3.2.20 INSTALL_VERSION=15.1.7 UPGRADE_VERSION=15.1.7 ENABLE_ADDON_PUSH_JOBS=false ENABLE_GATHER_LOGS_TEST=false ENABLE_PEDANT_TEST=false ENABLE_PSQL_TEST=false ENABLE_SMOKE_TEST=true ENABLE_IPV6=false make apply
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>2,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>27,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 24 minutes 12 seconds (files took 3.74 seconds to load)
5181 examples, 8 failures, 131 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
TESTED WITH vhost SETTING: tiered-fresh-install - PASS tiered-upgrade - PASS standalone-fresh-install - PASS standalone-upgrade - PASS external-openldap - FAIL [local umbrella issue unrelated to sigv4, also on main]
null_resource.ldap_cookbook (local-exec): + git remote add origin -f https://github.com/chef/chef-server.git
null_resource.ldap_cookbook (local-exec): error: remote origin already exists.
Test of external-elasticsearch with vhost setting. Objects were confirmed written to S3 bucket. Bookshelf service confirmed off.
root@ip-10-0-12-243:~# chef-server-ctl status
-------------------
Internal Services
-------------------
run: nginx: (pid 9879) 303s; run: log: (pid 20401) 1107s
run: oc_bifrost: (pid 6308) 605s; run: log: (pid 20030) 1155s
run: oc_id: (pid 6403) 605s; run: log: (pid 20049) 1144s
run: opscode-erchef: (pid 6406) 604s; run: log: (pid 20347) 1111s
run: postgresql: (pid 6272) 743s; run: log: (pid 19518) 1167s
run: redis_lb: (pid 9605) 362s; run: log: (pid 20699) 1096s
-------------------
External Services
-------------------
run: elasticsearch: connected OK to http://elasticsearch.internal:9200
root@ip-10-0-12-243:~# chef-server-ctl version
15.1.7+20220909192304
root@ip-10-0-12-243:~# cat /etc/opscode/chef-server.rb
opscode_erchef['keygen_start_size'] = 30
opscode_erchef['keygen_cache_size'] = 60
nginx['ssl_dhparam'] = '/etc/opscode/dhparam.pem'
data_collector['token'] = 'foobar'
profiles['root_url'] = 'https://localhost:9998'
opscode_solr4['external'] = true
opscode_solr4['external_url'] = 'http://elasticsearch.internal:9200'
opscode_erchef['search_provider'] = 'elasticsearch'
opscode_erchef['search_queue_mode'] = 'batch'
bookshelf["enable"] = false
bookshelf["vip"] = "s3.us-west-2.amazonaws.com"
bookshelf["external_url"] = "https://s3.us-west-2.amazonaws.com"
opscode_erchef["s3_bucket"] = "CENSORED"
bookshelf["access_key_id"] = "CENSORED"
bookshelf["secret_access_key"] = "CENSORED"
root@ip-10-0-12-243:~# chef-server-ctl
# snip
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>63,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>63,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>63,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>64,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>88,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>89,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 63
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 21 minutes 30 seconds (files took 3.41 seconds to load)
5200 examples, 8 failures, 127 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Compared with main, default settings (path):
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>59,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>59,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>59,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>60,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>84,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>85,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 59
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 21 minutes 20 seconds (files took 3.62 seconds to load)
5200 examples, 8 failures, 127 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
external-postgres
null_resource.postgresql_config (remote-exec): W: The repository 'http://apt.postgresql.org/pub/repos/apt xenial-pgdg Release' does not have a Release file.
null_resource.postgresql_config (remote-exec): N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
null_resource.postgresql_config (remote-exec): N: See apt-secure(8) manpage for repository creation and user configuration details.
null_resource.postgresql_config (remote-exec): E: Failed to fetch http://apt.postgresql.org/pub/repos/apt/dists/xenial-pgdg/main/binary-amd64/Packages 404 Not Found [IP: 72.32.157.246 80]
null_resource.postgresql_config (remote-exec): E: Some index files failed to download. They have been ignored, or old ones used instead.
╷
│ Error: remote-exec provisioner error
│
│ with null_resource.postgresql_config,
│ on main.tf line 85, in resource "null_resource" "postgresql_config":
│ 85: provisioner "remote-exec" {
│
│ error executing "/tmp/terraform_1921380137.sh": Process exited with status 100
The same issue exists on vanilla main.
external-opensearch
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>67,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>67,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>67,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>68,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>92,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>93,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 67
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 22 minutes 15 seconds (files took 3.77 seconds to load)
5199 examples, 8 failures, 128 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
compared with main:
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>69,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>69,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>69,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>70,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>94,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>95,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 69
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 31 minutes 0 seconds (files took 4.35 seconds to load)
5199 examples, 8 failures, 128 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
fips vhost s3 [objects were observed being written to s3]: NOTE: must use rhel-7
[ec2-user@ip-10-0-10-224 ~]$ sudo sysctl crypto.fips_enabled
crypto.fips_enabled = 1
[ec2-user@ip-10-0-10-224 ~]$ chef-server-ctl test --all
[snip]
Finished in 42 minutes 56 seconds (files took 9.86 seconds to load)
5199 examples, 145 failures, 128 pending
main fips path [bookshelf]:
mtls vhost setting (pointed to s3):
null_resource.mutual_tls_config (remote-exec): BEGIN USER LIST TEST
null_resource.mutual_tls_config (remote-exec): sudo chef-server-ctl user-list
null_resource.mutual_tls_config (remote-exec): + sudo chef-server-ctl user-list
null_resource.mutual_tls_config (remote-exec): ERROR: The object you are looking for could not be found
null_resource.mutual_tls_config (remote-exec): Response: <html>
compared with main, mtls, vhost setting (pointed to s3):
null_resource.mutual_tls_config (remote-exec): BEGIN USER LIST TEST
null_resource.mutual_tls_config (remote-exec): sudo chef-server-ctl user-list
null_resource.mutual_tls_config (remote-exec): + sudo chef-server-ctl user-list
null_resource.mutual_tls_config (remote-exec): ERROR: The object you are looking for could not be found
null_resource.mutual_tls_config (remote-exec): Response: <html>
null_resource.mutual_tls_config (remote-exec): <head><title>404 Not Found</title></head>
mtls path setting (pointed to bookshelf):
root@ip-10-0-14-12:~# chef-server-ctl test --all
Configuring logging...
Creating platform...
Configured server URL: https://ip-10-0-14-12.us-west-2.compute.internal
Configured base resource URL: https://ip-10-0-14-12.us-west-2.compute.internal
Creating org pedant_testorg_ip-10-0-14-12_26009
bundler: failed to load command: ./bin/oc-chef-pedant (./bin/oc-chef-pedant)
RuntimeError: Bad error code 400 from create org: <html>
<head><title>400 No required SSL certificate was sent</title></head>
compared with main, mtls, path setting (pointed to bookshelf):
root@ip-10-0-11-103:~# chef-server-ctl test --all
Configuring logging...
Creating platform...
Configured server URL: https://ip-10-0-11-103.us-west-2.compute.internal
Configured base resource URL: https://ip-10-0-11-103.us-west-2.compute.internal
Creating org pedant_testorg_ip-10-0-11-103_25960
bundler: failed to load command: ./bin/oc-chef-pedant (./bin/oc-chef-pedant)
RuntimeError: Bad error code 400 from create org: <html>
<head><title>400 No required SSL certificate was sent</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
supermarket-upgrade vhost setting
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>70,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>70,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>70,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>71,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>95,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>96,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 70
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 22 minutes 32 seconds (files took 3.48 seconds to load)
5199 examples, 8 failures, 128 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
compared with main:
Failures:
1) license GET /license with no nodes returns 200 and correct body for superuser
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>75,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:28:in `block (4 levels) in <top (required)>'
2) license GET /license with no nodes returns 200 and correct body for admin user
Failure/Error:
get(request_url, platform.admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>75,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:35:in `block (4 levels) in <top (required)>'
3) license GET /license with no nodes returns 200 and correct body for normal user
Failure/Error:
get(request_url, platform.non_admin_user).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>75,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>0,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:42:in `block (4 levels) in <top (required)>'
4) license GET /license with nodes with one node should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>76,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>1,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:83:in `block (5 levels) in <top (required)>'
5) license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>100,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>false,
"node_license"=>25,
"node_count"=>25,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:94:in `block (5 levels) in <top (required)>'
6) license GET /license with nodes with 26 (license exceeded) should return correct body for license status
Failure/Error:
get(request_url, superuser).should look_like(
:body_exact => response_body,
:status => 200
)
Expected a full match of the result
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>101,
"upgrade_url"=>"https://www.chef.io/pricing"}
to the spec
{"limit_exceeded"=>true,
"node_license"=>25,
"node_count"=>26,
"upgrade_url"=>/^https\:\/\.*/}
to succeed, but it didn't!
# ./spec/api/license_spec.rb:104:in `block (5 levels) in <top (required)>'
7) Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 1
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:584
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
8) Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Failure/Error: num_before_add.should eq 0
expected: 0
got: 75
(compared using ==)
Shared Example Group: "Deletes from Solr Index" called from ./spec/api/search/search_spec.rb:592
# ./lib/pedant/rspec/search_util.rb:838:in `block (2 levels) in <module:RSpec>'
Finished in 21 minutes 55 seconds (files took 3.78 seconds to load)
5199 examples, 8 failures, 128 pending
Failed examples:
rspec ./spec/api/license_spec.rb:27 # license GET /license with no nodes returns 200 and correct body for superuser
rspec ./spec/api/license_spec.rb:34 # license GET /license with no nodes returns 200 and correct body for admin user
rspec ./spec/api/license_spec.rb:41 # license GET /license with no nodes returns 200 and correct body for normal user
rspec ./spec/api/license_spec.rb:82 # license GET /license with nodes with one node should return correct body for license status
rspec ./spec/api/license_spec.rb:93 # license GET /license with nodes with 25 nodes (license not exceeded) should return correct body for license status
rspec ./spec/api/license_spec.rb:103 # license GET /license with nodes with 26 (license exceeded) should return correct body for license status
rspec ./spec/api/search/search_spec.rb:584 # Search API endpoint Index Deletion Roles it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
rspec ./spec/api/search/search_spec.rb:592 # Search API endpoint Index Deletion Nodes it should behave like Deletes from Solr Index deletes an object from Solr when deleting from the system as a whole
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information