You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by jm...@apache.org on 2021/09/24 15:34:27 UTC

[cassandra-dtest] branch trunk updated: Revise auth CL tests to allow different CL checks

This is an automated email from the ASF dual-hosted git repository.

jmckenzie pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 955bde2  Revise auth CL tests to allow different CL checks
955bde2 is described below

commit 955bde21fae2a9f50fdf040127d77dcfcbcb4723
Author: Josh McKenzie <jm...@apache.org>
AuthorDate: Thu Sep 9 09:56:19 2021 -0400

    Revise auth CL tests to allow different CL checks
    
    patch by Josh McKenzie; reviewed by Benjamin Lerer for CASSANDRA-12988
---
 auth_test.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/auth_test.py b/auth_test.py
index a85bca5..00f7831 100644
--- a/auth_test.py
+++ b/auth_test.py
@@ -2711,12 +2711,15 @@ class TestAuthRoles(Tester):
 class TestAuthUnavailable(Tester):
     """
     * These tests verify behavior when backends for authentication & authorization are unable to pull data from the
-    * system_auth keyspace. Failure scenarios are simulated based on the assumption that internal queries for role
-    * hierarchies and role properties of the "cassandra" super-user get CL=QUORUM (other roles get CL=LOCAL_ONE). And so
-    * we expect these internal queries to fail when one of two nodes are down and system_auth have RF=2. Though the
-    * permissions cache is used in these tests, it is always populated by permissions derived from the super-user status
-    * (all applicable to resource) of the "cassandra" user. The network_authorizer is always disabled to make sure the
-    * queries utilize the role/permissions cache only.
+    * system_auth keyspace. Failure scenarios are simulated based on the default CL for auth being LOCAL_QUORUM for reads,
+    * EACH_QUORUM for writes. We expect these internal queries to fail when one of the two nodes are down and system_auth
+    * has RF=2. Though the permissions cache is used in these tests, it is always populated by permissions derived from
+    * the super-user status (all applicable to resource) of the "cassandra" user. The network_authorizer is always disabled
+    * to make sure the queries utilize the role/permissions cache only.
+    *
+    * Notably, the default CL changed from a combination of ONE, LOCAL_ONE, and QUORUM <= 4.0 to the above in version 4.1+;
+    * we simply relax the constraint on the expected CL found in the error message to allow these tests to satisfy both
+    * release regimes.
     """
 
     def test_authentication_handle_unavailable(self):
@@ -2750,7 +2753,7 @@ class TestAuthUnavailable(Tester):
             # AuthenticationFailed from server
             assert re.search("code=0100", str(e))
             # Message from server
-            assert re.search("Unable to perform authentication:.* Cannot achieve consistency level QUORUM", str(e))
+            assert re.search("Unable to perform authentication:.* Cannot achieve consistency level", str(e))
 
     def test_authentication_through_cache_handle_unavailable(self):
         """
@@ -2789,7 +2792,7 @@ class TestAuthUnavailable(Tester):
             # AuthenticationFailed from server
             assert re.search("code=0100", str(e))
             # Message from server
-            assert re.search("Unable to perform authentication:.* Cannot achieve consistency level QUORUM", str(e))
+            assert re.search("Unable to perform authentication:.* Cannot achieve consistency level", str(e))
 
     @since('4.0')
     def test_authentication_from_cache_while_unavailable(self):
@@ -2880,7 +2883,7 @@ class TestAuthUnavailable(Tester):
 
         node1.stop()
 
-        assert_exception(cassandra, "SELECT * from ks.cf", matching="Unable to perform authorization of super-user permission: Cannot achieve consistency level QUORUM", expected=Unauthorized)
+        assert_exception(cassandra, "SELECT * from ks.cf", matching="Unable to perform authorization of super-user permission: Cannot achieve consistency level", expected=Unauthorized)
 
     def test_authorization_through_cache_handle_unavailable(self):
         """
@@ -2914,7 +2917,7 @@ class TestAuthUnavailable(Tester):
         # Wait for cache to timeout
         time.sleep(1)
 
-        assert_exception(cassandra, "SELECT * from ks.cf", matching="Unable to perform authorization of super-user permission: Cannot achieve consistency level QUORUM", expected=Unauthorized)
+        assert_exception(cassandra, "SELECT * from ks.cf", matching="Unable to perform authorization of super-user permission: Cannot achieve consistency level", expected=Unauthorized)
 
     def test_authorization_from_cache_while_unavailable(self):
         """

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org