mumrah commented on a change in pull request #10199:
URL: https://github.com/apache/kafka/pull/10199#discussion_r582025258
##########
File path: tests/kafkatest/tests/core/security_test.py
##########
@@ -82,7 +82,19 @@ def test_client_ssl_endpoint_validation_failure(self,
security_protocol, interbr
# now set the certs to have invalid hostnames so we can run the actual
test
SecurityConfig.ssl_stores.valid_hostname = False
- self.kafka.restart_cluster()
+ if quorum.for_test(self.test_context) == quorum.zk or
interbroker_security_protocol != 'SSL':
+ self.kafka.restart_cluster()
+ else:
+ # Raft-based metadata quorum with SSL communication between quorum
and broker
+ # will simply fail to work due to TLS hostname mismatch
+ self.kafka.remote_controller_quorum.restart_cluster()
Review comment:
As I understand it, this test wants to mess up the inter-broker listener
and see that client's get the correct error. However, in raft mode, we can't
load any metadata if the inter-broker listener is non-functional since we
cannot connect to the raft quorum. This is analogous to breaking the connection
to ZK in ZK mode.
Maybe we should just take the raft mode out of this test and write a new
test that exercises similar behavior? Perhaps we could let the inter-broker
listener stay properly configured, but mis-configure the controller listener.
WDYT?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
