[kudu] 02/02: [webserver-test] fix one of SpnegoWebserverTest scenarios on macOS

Wed, 16 Sep 2020 19:01:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 4e5ac1cb59305381325cca9daeca985bd2f05db2
Author: Alexey Serbin <[email protected]>
AuthorDate: Wed Sep 16 17:29:14 2020 -0700

    [webserver-test] fix one of SpnegoWebserverTest scenarios on macOS
    
    This patch updates SpnegoWebserverTest.TestUnauthenticatedBadKeytab
    scenario to adapt to different failure paths on Linux and macOS.
    The important invariant stays firm in both cases, though: the server
    should respond with HTTP 401.
    
    Change-Id: Ic0da58c9762496446a63d217d8822150fb341b35
    Reviewed-on: http://gerrit.cloudera.org:8080/16465
    Tested-by: Kudu Jenkins
    Reviewed-by: Grant Henke <[email protected]>
---
 src/kudu/server/webserver-test.cc | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/kudu/server/webserver-test.cc 
b/src/kudu/server/webserver-test.cc
index ddbe079..f709a8b 100644
--- a/src/kudu/server/webserver-test.cc
+++ b/src/kudu/server/webserver-test.cc
@@ -221,7 +221,21 @@ TEST_F(SpnegoWebserverTest, TestUnauthenticatedBadKeytab) {
   Status s = DoSpnegoCurl();
   EXPECT_EQ(s.ToString(), "Remote error: HTTP 401");
   EXPECT_EQ(kNotAuthn, last_authenticated_spn_);
-  EXPECT_STR_CONTAINS(buf_.ToString(), "GSS failure");
+  // The essence here is to get HTTP 401 error status in the server's response.
+  // There might be different messages returned from webserver because of
+  //   * different messages from GSSAPI on Linux and macOS (actually depends
+  //     on the version of SASL library, see kGssapiPattern in 
CleanSaslError())
+  //   * different GSSAPI failure paths depending on libkrb5 and libcurl
+  //     libraries: with the randomized keytab, the server fails with SASL step
+  //     with Status::Incomplete() on macOS. On Linux, the server fails the
+  //     SASL step with Status::NotAuthorized(). Instead of finding some
+  //     universal way of screwing up the keytab to get the same behavior on
+  //     both macOS and Linux, it's easier to rely on the fact that the 
required
+  //     HTTP error code is received and acknowledge for various error 
messages.
+  ASSERT_STR_MATCHES(buf_.ToString(),
+                     "(Unspecified GSS failure|"
+                     "GSSAPI Error: Miscellaneous failure|"
+                     "Must authenticate with SPNEGO)");
 }
 
 TEST_F(SpnegoWebserverTest, TestUnauthenticatedNoClientAuth) {

Reply via email to