MartijnVisser commented on code in PR #28676:
URL: https://github.com/apache/flink/pull/28676#discussion_r3543701732


##########
flink-end-to-end-tests/flink-end-to-end-tests-restclient/src/test/java/org/apache/flink/runtime/rest/RestClientITCase.java:
##########
@@ -51,14 +56,22 @@ void testHttpsConnectionWithDefaultCerts() throws Exception 
{
                         
"apache/flink/master/flink-runtime-web/web-dashboard/package.json");
         try (final RestClient restClient =
                 RestClient.forUrl(config, Executors.directExecutor(), 
httpsUrl)) {
-            restClient
-                    .sendRequest(
-                            httpsUrl.getHost(),
-                            443,
-                            testUrlMessageHeaders,
-                            EmptyMessageParameters.getInstance(),
-                            EmptyRequestBody.getInstance())
-                    .get(60, TimeUnit.SECONDS);
+            try {
+                restClient
+                        .sendRequest(
+                                httpsUrl.getHost(),
+                                443,
+                                testUrlMessageHeaders,
+                                EmptyMessageParameters.getInstance(),
+                                EmptyRequestBody.getInstance())
+                        .get(60, TimeUnit.SECONDS);
+            } catch (ExecutionException e) {
+                // A 429/non-JSON body arrives as RestClientException only 
after a successful TLS
+                // handshake; a cert/trust failure surfaces as SSLException 
instead.
+                assertThat(ExceptionUtils.findThrowable(e, 
RestClientException.class))
+                        .as("expected an HTTP response proving the TLS 
handshake succeeded")
+                        .isPresent();

Review Comment:
   I'd lean towards keeping the assertion rather than pinning the status to 
429, for two reasons:
   
   1. What's under test is the TLS handshake, not the HTTP status. A 
`RestClientException` is only produced in `readRawResponse`, i.e. after a full 
HTTP response has been received, which already proves the default-truststore 
handshake completed. Any status code demonstrates that equally well, so 
constraining to 429 narrows the assertion in a dimension that isn't what the 
test verifies.
   2. 429 is not the only shape this transient takes. GHA runners share egress 
IPs, and GitHub's rate limiting also surfaces as 403 (secondary/abuse limits) 
and occasionally 503 under load, not just 429. Pinning to `TOO_MANY_REQUESTS` 
would very plausibly go red again on the next 403, which is the exact flakiness 
class this change is trying to remove. "Extend the test when GHA behaviour 
changes" would mean discovering it as a red leg on some unrelated PR first.
   
   The assumption here is that `RestClientException` is produced only after a 
full HTTP response (a genuine cert/trust failure surfaces as `SSLException` and 
still fails; connect-refused/DNS/reset also still fail). I verified that 
empirically against the regular endpoint, a valid-TLS non-JSON body, and 
expired.badssl.com.
   
   To address the "we should notice if GHA changes" concern without 
re-narrowing, I can log the observed `getHttpResponseStatus()` so an unexpected 
status is visible in the CI output without failing the leg. WDYT?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to