I think Tim's failure mentioned below was caused by SOLR-11623, and it existed between Nov 18th and Nov 20th when it was reverted. See comments in https://github.com/apache/solr/pull/427
Jan > 22. nov. 2021 kl. 15:52 skrev Jason Gerlowski <gerlowsk...@gmail.com>: > > According to > (http://fucit.org/solr-jenkins-reports/history-trend-of-recent-failures.html#series/org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole) > the latest spike in failures looks like it starts around Nov 8th. > (Though the way I read that graph's bucketing by week, the cause > probably could've been anywhere in the preceding week?) > > I browsed git-log to see if anything grabbed my attention, but no > luck. The only thing even remotely related is the MultiAuth plugin > that landed in early November, but looking at the diff there's no > obvious connection there at least. > > Good luck digging! > > Best, > > Jason > > > On Fri, Nov 19, 2021 at 2:07 PM Timothy Potter <thelabd...@apache.org> wrote: >> >> https://ci-builds.apache.org/job/Solr/job/Solr-Check-main/2018/testReport/junit/org.apache.solr.security/BaseTestRuleBasedAuthorizationPlugin/testBasicPermissions/ >> >> Also, see: >> http://fucit.org/solr-jenkins-reports/suspicious-failure-report.html >> >> From the failure, it looks like it's related to the "all" permission >> not getting picked up: >> >> from the test >>> >> >> setUserRole("cio", "su"); >> addPermission("all", "su"); >> >> checkRules(Map.of("resource", ReplicationHandler.PATH, >> "httpMethod", "POST", >> "userPrincipal", "tim", >> "handler", new ReplicationHandler(), >> "collectionRequests", singletonList(new CollectionRequest("mycoll")) ) >> , FORBIDDEN); >> <<< >> As far as I can tell, that check is relying on the request to match >> the "all" permission which is only granted to users in the "su" role. >> >> I can dig into this as I'm working on SOLR-13900 but maybe somebody >> has some idea what might have changed recently that could affect the >> "all" permission? >> >> Cheers, >> Tim >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org >> For additional commands, e-mail: dev-h...@solr.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org > For additional commands, e-mail: dev-h...@solr.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org For additional commands, e-mail: dev-h...@solr.apache.org
