According to (http://fucit.org/solr-jenkins-reports/history-trend-of-recent-failures.html#series/org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole) the latest spike in failures looks like it starts around Nov 8th. (Though the way I read that graph's bucketing by week, the cause probably could've been anywhere in the preceding week?)
I browsed git-log to see if anything grabbed my attention, but no luck. The only thing even remotely related is the MultiAuth plugin that landed in early November, but looking at the diff there's no obvious connection there at least. Good luck digging! Best, Jason On Fri, Nov 19, 2021 at 2:07 PM Timothy Potter <thelabd...@apache.org> wrote: > > https://ci-builds.apache.org/job/Solr/job/Solr-Check-main/2018/testReport/junit/org.apache.solr.security/BaseTestRuleBasedAuthorizationPlugin/testBasicPermissions/ > > Also, see: > http://fucit.org/solr-jenkins-reports/suspicious-failure-report.html > > From the failure, it looks like it's related to the "all" permission > not getting picked up: > > from the test >>> > > setUserRole("cio", "su"); > addPermission("all", "su"); > > checkRules(Map.of("resource", ReplicationHandler.PATH, > "httpMethod", "POST", > "userPrincipal", "tim", > "handler", new ReplicationHandler(), > "collectionRequests", singletonList(new CollectionRequest("mycoll")) ) > , FORBIDDEN); > <<< > As far as I can tell, that check is relying on the request to match > the "all" permission which is only granted to users in the "su" role. > > I can dig into this as I'm working on SOLR-13900 but maybe somebody > has some idea what might have changed recently that could affect the > "all" permission? > > Cheers, > Tim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org > For additional commands, e-mail: dev-h...@solr.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org For additional commands, e-mail: dev-h...@solr.apache.org
