search

gardener / gardener

Homogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes.
https://gardener.cloud
Apache License 2.0
2.88k stars 472 forks source link

[SLOW TEST]: should properly generate Basic Auth Object with Bcrypt hashed password if specified in config #3362

Closed timebertt closed 3 years ago

timebertt commented 3 years ago

How to categorize this issue?

/area testing security /kind bug /priority normal

What happened:

This test is consistently slow in test runs: https://github.com/gardener/gardener/blob/ca4b82674028bfe4c5dcd515cec397c234645626/pkg/utils/secrets/basic_auth_test.go#L84-L89

For example, see https://concourse.ci.gardener.cloud/teams/gardener/pipelines/gardener-master/jobs/master-head-update-job/builds/135#L5ff4d8a5:393:395

• [SLOW TEST:124.746 seconds]
Basic Auth Secrets Basic Auth Configuration #Generate should properly generate Basic Auth Object with Bcrypt hashed password if specified in config 
/go/src/github.com/gardener/gardener/pkg/utils/secrets/basic_auth_test.go:84

What you expected to happen:

The test and the generation of basic auth secrets in general shouldn't take so long.

How to reproduce it (as minimally and precisely as possible):

./hack/test.sh -timeout=1m ./pkg/utils/secrets to figure out, where this is hanging:

Output ``` $ ./hack/test.sh -timeout=1m ./pkg/utils/secrets Using cached envtest tools from /Users/d067603/go/src/github.com/gardener/gardener/bin/kubebuilder setting up env vars > Test Running Suite: Utility Secrets Suite ==================================== Random Seed: 1610097775 Will run 48 of 48 specs •••••••••••••••••panic: test timed out after 1m0s goroutine 44 [running]: testing.(*M).startAlarm.func1() /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1618 +0x11f created by time.goFunc /usr/local/Cellar/go/1.15.5/libexec/src/time/sleep.go:167 +0x52 goroutine 1 [chan receive, 1 minutes]: testing.(*T).Run(0xc0000c5200, 0x3247519, 0xb, 0x3305998, 0x0) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1169 +0x5f4 testing.runTests.func1(0xc0000c5200) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1439 +0xa7 testing.tRunner(0xc0000c5200, 0xc000951ce0) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1123 +0x203 testing.runTests(0xc0003a6100, 0x41702d0, 0x1, 0x1, 0xbff6270ac78acd28, 0xdfd336167, 0x41a96a0, 0x105b725) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1437 +0x613 testing.(*M).Run(0xc000402000, 0x0) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1345 +0x3b4 main.main() _testmain.go:45 +0x237 goroutine 19 [chan receive]: k8s.io/klog/v2.(*loggingT).flushDaemon(0x41a99a0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/k8s.io/klog/v2/klog.go:1131 +0xb1 created by k8s.io/klog/v2.init.0 /Users/d067603/go/src/github.com/gardener/gardener/vendor/k8s.io/klog/v2/klog.go:416 +0x190 goroutine 43 [syscall]: os/signal.signal_recv(0x10b47a1) /usr/local/Cellar/go/1.15.5/libexec/src/runtime/sigqueue.go:144 +0x9d os/signal.loop() /usr/local/Cellar/go/1.15.5/libexec/src/os/signal/signal_unix.go:23 +0x30 created by os/signal.Notify.func1.1 /usr/local/Cellar/go/1.15.5/libexec/src/os/signal/signal.go:150 +0x7d goroutine 16 [chan receive]: github.com/onsi/ginkgo/internal/specrunner.(*SpecRunner).registerForInterrupts(0xc000252640, 0xc000190f60) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/specrunner/spec_runner.go:223 +0xf4 created by github.com/onsi/ginkgo/internal/specrunner.(*SpecRunner).Run /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/specrunner/spec_runner.go:60 +0xaf goroutine 15 [select]: github.com/onsi/ginkgo/internal/leafnodes.(*runner).runAsync(0xc0001d28a0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/runner.go:93 +0x1cc github.com/onsi/ginkgo/internal/leafnodes.(*runner).run(0xc0001d28a0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/runner.go:62 +0xa5 github.com/onsi/ginkgo/internal/leafnodes.(*ItNode).Run(0xc0003a6ce0, 0x3491b60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/it_node.go:26 +0x9a github.com/onsi/ginkgo/internal/spec.(*Spec).runSample(0xc0004bd2c0, 0x0, 0x3491b60, 0xc000256ec0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/spec/spec.go:215 +0x714 github.com/onsi/ginkgo/internal/spec.(*Spec).Run(0xc0004bd2c0, 0x3491b60, 0xc000256ec0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/spec/spec.go:138 +0x188 github.com/onsi/ginkgo/internal/specrunner.(*SpecRunner).runSpec(0xc000252640, 0xc0004bd2c0, 0x0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/specrunner/spec_runner.go:200 +0x17c github.com/onsi/ginkgo/internal/specrunner.(*SpecRunner).runSpecs(0xc000252640, 0x1) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/specrunner/spec_runner.go:170 +0x22b github.com/onsi/ginkgo/internal/specrunner.(*SpecRunner).Run(0xc000252640, 0x8) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/specrunner/spec_runner.go:66 +0x146 github.com/onsi/ginkgo/internal/suite.(*Suite).Run(0xc0001c9730, 0x2ea068e8, 0xc0000c5380, 0x325529f, 0x15, 0xc00039e820, 0x1, 0x1, 0x34de020, 0xc000256ec0, ...) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/suite/suite.go:79 +0x89a github.com/onsi/ginkgo.RunSpecsWithCustomReporters(0x34926e0, 0xc0000c5380, 0x325529f, 0x15, 0xc000090e70, 0x1, 0x1, 0xc000790e70) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/ginkgo_dsl.go:219 +0x35d github.com/onsi/ginkgo.RunSpecs(0x34926e0, 0xc0000c5380, 0x325529f, 0x15, 0x0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/ginkgo_dsl.go:200 +0x259 github.com/gardener/gardener/pkg/utils/secrets_test.TestSecrets(0xc0000c5380) /Users/d067603/go/src/github.com/gardener/gardener/pkg/utils/secrets/secrets_suite_test.go:26 +0x109 testing.tRunner(0xc0000c5380, 0x3305998) /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1123 +0x203 created by testing.(*T).Run /usr/local/Cellar/go/1.15.5/libexec/src/testing/testing.go:1168 +0x5bc goroutine 114 [runnable]: golang.org/x/crypto/blowfish.encryptBlock(0x5bffc5e3f457cf09, 0xc0005aa000, 0x5bffc5e3f457cf09) /Users/d067603/go/src/github.com/gardener/gardener/vendor/golang.org/x/crypto/blowfish/block.go:115 +0x1145 golang.org/x/crypto/blowfish.ExpandKey(0xc000208480, 0x21, 0x40, 0xc0005aa000) /Users/d067603/go/src/github.com/gardener/gardener/vendor/golang.org/x/crypto/blowfish/block.go:62 +0x4b6 golang.org/x/crypto/bcrypt.expensiveBlowfishSetup(0xc0005a5938, 0x20, 0x20, 0x10, 0xc000244ae0, 0x16, 0x18, 0x1, 0x1f, 0x0) /Users/d067603/go/src/github.com/gardener/gardener/vendor/golang.org/x/crypto/bcrypt/bcrypt.go:227 +0x1d5 golang.org/x/crypto/bcrypt.bcrypt(0xc0005a5938, 0x20, 0x20, 0x10, 0xc000244ae0, 0x16, 0x18, 0x0, 0xc000208400, 0x0, ...) /Users/d067603/go/src/github.com/gardener/gardener/vendor/golang.org/x/crypto/bcrypt/bcrypt.go:191 +0x152 golang.org/x/crypto/bcrypt.CompareHashAndPassword(0xc000208400, 0x3c, 0x40, 0xc0005a5938, 0x20, 0x20, 0x2eca301, 0xc0005a5988) /Users/d067603/go/src/github.com/gardener/gardener/vendor/golang.org/x/crypto/bcrypt/bcrypt.go:105 +0x126 github.com/gardener/gardener/pkg/utils/secrets_test.glob..func2.1.1(0x3491080, 0xc0004db220, 0xc0004db180, 0x100) /Users/d067603/go/src/github.com/gardener/gardener/pkg/utils/secrets/basic_auth_test.go:46 +0xb75 github.com/gardener/gardener/pkg/utils/secrets_test.glob..func2.1.3.2(0xc0001d3d40) /Users/d067603/go/src/github.com/gardener/gardener/pkg/utils/secrets/basic_auth_test.go:90 +0x27b reflect.Value.call(0x2fff820, 0xc0003a6bc0, 0x13, 0x323e263, 0x4, 0xc0006c3f18, 0x1, 0x1, 0x0, 0x0, ...) /usr/local/Cellar/go/1.15.5/libexec/src/reflect/value.go:476 +0x9aa reflect.Value.Call(0x2fff820, 0xc0003a6bc0, 0x13, 0xc000797f18, 0x1, 0x1, 0x0, 0x0, 0x0) /usr/local/Cellar/go/1.15.5/libexec/src/reflect/value.go:337 +0xd9 github.com/onsi/ginkgo/internal/leafnodes.newRunner.func1(0xc0001d3d40) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/runner.go:49 +0x16f github.com/onsi/ginkgo/internal/leafnodes.(*runner).runAsync.func1(0xc0001d28a0, 0xc0001d3d40) /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/runner.go:86 +0xc8 created by github.com/onsi/ginkgo/internal/leafnodes.(*runner).runAsync /Users/d067603/go/src/github.com/gardener/gardener/vendor/github.com/onsi/ginkgo/internal/leafnodes/runner.go:71 +0xc5 FAIL github.com/gardener/gardener/pkg/utils/secrets 60.923s FAIL ```
timebertt commented 3 years ago

/assign @Kristian-ZH @plkokanov I think, you added tests and BcryptPasswordHashRequest functionality. Can you check this, please?

ialidzhikov commented 3 years ago

+1. I had an item in my list to check whether we can remove the Bcrypt handling as it was introduced with searchguard/elasticsearch and it should be no longer used now.

ialidzhikov commented 3 years ago

/assign @ialidzhikov

timebertt commented 3 years ago

For now: https://github.com/gardener/gardener/pull/3363

Kristian-ZH commented 3 years ago

+1. I had an item in my list to check whether we can remove the Bcrypt handling as it was introduced with searchguard/elasticsearch and it should be no longer used now.

Yup, the bcrypt is no longer used in the logging stack