You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/24 14:44:30 UTC

[GitHub] [kafka] mumrah commented on a change in pull request #10199: MINOR: Fix security_test system test for Raft case

mumrah commented on a change in pull request #10199:
URL: https://github.com/apache/kafka/pull/10199#discussion_r582017351



##########
File path: tests/kafkatest/tests/core/security_test.py
##########
@@ -82,7 +82,19 @@ def test_client_ssl_endpoint_validation_failure(self, security_protocol, interbr
 
         # now set the certs to have invalid hostnames so we can run the actual test
         SecurityConfig.ssl_stores.valid_hostname = False
-        self.kafka.restart_cluster()
+        if quorum.for_test(self.test_context) == quorum.zk or interbroker_security_protocol != 'SSL':
+            self.kafka.restart_cluster()
+        else:
+            # Raft-based metadata quorum with SSL communication between quorum and broker
+            # will simply fail to work due to TLS hostname mismatch
+            self.kafka.remote_controller_quorum.restart_cluster()
+            try:
+                self.kafka.restart_cluster()
+                raise RuntimeError("Kafka restarted successfully but should not have!"
+                                   " Endpoint validation did not fail with invalid hostname")
+            except TimeoutError:

Review comment:
       How long does this test have to wait for the timeout?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org