This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch branch-1.12.x in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 43957e9d14b5a242c8f5c7e20d53054f446f9105 Author: Alexey Serbin <[email protected]> AuthorDate: Wed Apr 22 17:17:19 2020 -0700 [test] fix TestCorruptKerberosCC scenario On macOS, the SecurityITest.TestCorruptKerberosCC scenario was failing with errors like below: src/kudu/integration-tests/security-itest.cc:430: Failure Value of: s.ok() Actual: true Expected: false Google Test trace: src/kudu/integration-tests/security-itest.cc:419: Truncating ccache at 'security-itest.0.SecurityITest.TestCorruptKerberosCC/krb5kdc/krb5cc' to 500 It seems Kerberos cache truncated to 500 bytes is big enough to successfully extract necessary data on macOS. This patch decreases the size of the corrupted client cache to 266 bytes, so now the scenario passes on macOS as well. In addition, the truncation size is now selected randomly. Change-Id: I765e9f1f6cd208f86bc321e962588982f9e01447 Reviewed-on: http://gerrit.cloudera.org:8080/15786 Reviewed-by: Bankim Bhavsar <[email protected]> Tested-by: Kudu Jenkins Reviewed-by: Grant Henke <[email protected]> (cherry picked from commit b0d5852591b2452cd12b46ab4070752014b2e954) Reviewed-on: http://gerrit.cloudera.org:8080/15789 Reviewed-by: Hao Hao <[email protected]> --- src/kudu/integration-tests/security-itest.cc | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/kudu/integration-tests/security-itest.cc b/src/kudu/integration-tests/security-itest.cc index 1dc43ae..07ba0a3 100644 --- a/src/kudu/integration-tests/security-itest.cc +++ b/src/kudu/integration-tests/security-itest.cc @@ -17,10 +17,10 @@ #include <sys/stat.h> +#include <cstdint> #include <cstdio> #include <cstdlib> #include <functional> -#include <initializer_list> #include <memory> #include <ostream> #include <string> @@ -64,6 +64,8 @@ #include "kudu/util/net/net_util.h" #include "kudu/util/net/sockaddr.h" #include "kudu/util/path_util.h" +#include "kudu/util/random.h" +#include "kudu/util/random_util.h" #include "kudu/util/slice.h" #include "kudu/util/status.h" #include "kudu/util/subprocess.h" @@ -410,11 +412,12 @@ TEST_F(SecurityITest, TestCorruptKerberosCC) { security::KinitContext kinit_ctx; ASSERT_OK(kinit_ctx.Kinit(admin_keytab, "test-admin")); - // Truncate at different lengths to exercise different failure modes, e.g. failed to - // read header, some credentials missing. - for (int trunc_len : {10, 75, 500}) { - // Truncate the credential cache so that it no longer contains a valid ticket for - // "test-admin". + // Truncate at different lengths to exercise different failure modes. + Random rng(GetRandomSeed32()); + for (auto i = 0; i < 3; ++i) { + const int32_t trunc_len = 10 + rng.Uniform(256); + // Truncate the credential cache so that it no longer contains a valid + // ticket for "test-admin". const char* cc_path = getenv("KRB5CCNAME"); SCOPED_TRACE(Substitute("Truncating ccache at '$0' to $1", cc_path, trunc_len)); { @@ -427,7 +430,7 @@ TEST_F(SecurityITest, TestCorruptKerberosCC) { // With corrupt cache, we shouldn't be able to open connection. Status s = TrySetFlagOnTS(); - EXPECT_FALSE(s.ok()); + ASSERT_FALSE(s.ok()); ASSERT_STR_CONTAINS(s.ToString(), "server requires authentication, but client does " "not have Kerberos credentials available");
