You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/24 14:58:34 UTC
[GitHub] [kafka] rondagostino commented on a change in pull request #10199: MINOR: Fix security_test system test for Raft case
rondagostino commented on a change in pull request #10199:
URL: https://github.com/apache/kafka/pull/10199#discussion_r582029624
##########
File path: tests/kafkatest/tests/core/security_test.py
##########
@@ -82,7 +82,19 @@ def test_client_ssl_endpoint_validation_failure(self, security_protocol, interbr
# now set the certs to have invalid hostnames so we can run the actual test
SecurityConfig.ssl_stores.valid_hostname = False
- self.kafka.restart_cluster()
+ if quorum.for_test(self.test_context) == quorum.zk or interbroker_security_protocol != 'SSL':
+ self.kafka.restart_cluster()
+ else:
+ # Raft-based metadata quorum with SSL communication between quorum and broker
+ # will simply fail to work due to TLS hostname mismatch
+ self.kafka.remote_controller_quorum.restart_cluster()
+ try:
+ self.kafka.restart_cluster()
+ raise RuntimeError("Kafka restarted successfully but should not have!"
+ " Endpoint validation did not fail with invalid hostname")
+ except TimeoutError:
Review comment:
The test burns 120 seconds waiting because the restart and shutdown timeouts are both 60 seconds by default. We can adjust the restart timeout to 30 seconds if we wanted to, but the shutdown timeout is set by ducktape during the teardown and can't be changed. So we burn 120 seconds but could probably drop that to 90 seconds. The test currently runs like this: `run time: 2 minutes 43.263 seconds`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org