You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2020/04/23 23:11:58 UTC
[kudu] 01/02: [test] fix TestCorruptKerberosCC scenario
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch branch-1.12.x
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 43957e9d14b5a242c8f5c7e20d53054f446f9105
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Wed Apr 22 17:17:19 2020 -0700
[test] fix TestCorruptKerberosCC scenario
On macOS, the SecurityITest.TestCorruptKerberosCC scenario was failing
with errors like below:
src/kudu/integration-tests/security-itest.cc:430: Failure
Value of: s.ok()
Actual: true
Expected: false
Google Test trace:
src/kudu/integration-tests/security-itest.cc:419: Truncating ccache at
'security-itest.0.SecurityITest.TestCorruptKerberosCC/krb5kdc/krb5cc' to 500
It seems Kerberos cache truncated to 500 bytes is big enough to
successfully extract necessary data on macOS.
This patch decreases the size of the corrupted client cache to 266
bytes, so now the scenario passes on macOS as well. In addition,
the truncation size is now selected randomly.
Change-Id: I765e9f1f6cd208f86bc321e962588982f9e01447
Reviewed-on: http://gerrit.cloudera.org:8080/15786
Reviewed-by: Bankim Bhavsar <ba...@cloudera.com>
Tested-by: Kudu Jenkins
Reviewed-by: Grant Henke <gr...@apache.org>
(cherry picked from commit b0d5852591b2452cd12b46ab4070752014b2e954)
Reviewed-on: http://gerrit.cloudera.org:8080/15789
Reviewed-by: Hao Hao <ha...@cloudera.com>
---
src/kudu/integration-tests/security-itest.cc | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/kudu/integration-tests/security-itest.cc b/src/kudu/integration-tests/security-itest.cc
index 1dc43ae..07ba0a3 100644
--- a/src/kudu/integration-tests/security-itest.cc
+++ b/src/kudu/integration-tests/security-itest.cc
@@ -17,10 +17,10 @@
#include <sys/stat.h>
+#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <functional>
-#include <initializer_list>
#include <memory>
#include <ostream>
#include <string>
@@ -64,6 +64,8 @@
#include "kudu/util/net/net_util.h"
#include "kudu/util/net/sockaddr.h"
#include "kudu/util/path_util.h"
+#include "kudu/util/random.h"
+#include "kudu/util/random_util.h"
#include "kudu/util/slice.h"
#include "kudu/util/status.h"
#include "kudu/util/subprocess.h"
@@ -410,11 +412,12 @@ TEST_F(SecurityITest, TestCorruptKerberosCC) {
security::KinitContext kinit_ctx;
ASSERT_OK(kinit_ctx.Kinit(admin_keytab, "test-admin"));
- // Truncate at different lengths to exercise different failure modes, e.g. failed to
- // read header, some credentials missing.
- for (int trunc_len : {10, 75, 500}) {
- // Truncate the credential cache so that it no longer contains a valid ticket for
- // "test-admin".
+ // Truncate at different lengths to exercise different failure modes.
+ Random rng(GetRandomSeed32());
+ for (auto i = 0; i < 3; ++i) {
+ const int32_t trunc_len = 10 + rng.Uniform(256);
+ // Truncate the credential cache so that it no longer contains a valid
+ // ticket for "test-admin".
const char* cc_path = getenv("KRB5CCNAME");
SCOPED_TRACE(Substitute("Truncating ccache at '$0' to $1", cc_path, trunc_len));
{
@@ -427,7 +430,7 @@ TEST_F(SecurityITest, TestCorruptKerberosCC) {
// With corrupt cache, we shouldn't be able to open connection.
Status s = TrySetFlagOnTS();
- EXPECT_FALSE(s.ok());
+ ASSERT_FALSE(s.ok());
ASSERT_STR_CONTAINS(s.ToString(), "server requires authentication, but client does "
"not have Kerberos credentials available");