rondagostino commented on a change in pull request #10199:
URL: https://github.com/apache/kafka/pull/10199#discussion_r582029624
##########
File path: tests/kafkatest/tests/core/security_test.py
##########
@@ -82,7 +82,19 @@ def test_client_ssl_endpoint_validation_failure(self,
security_protocol, interbr
# now set the certs to have invalid hostnames so we can run the actual
test
SecurityConfig.ssl_stores.valid_hostname = False
- self.kafka.restart_cluster()
+ if quorum.for_test(self.test_context) == quorum.zk or
interbroker_security_protocol != 'SSL':
+ self.kafka.restart_cluster()
+ else:
+ # Raft-based metadata quorum with SSL communication between quorum
and broker
+ # will simply fail to work due to TLS hostname mismatch
+ self.kafka.remote_controller_quorum.restart_cluster()
+ try:
+ self.kafka.restart_cluster()
+ raise RuntimeError("Kafka restarted successfully but should
not have!"
+ " Endpoint validation did not fail with
invalid hostname")
+ except TimeoutError:
Review comment:
The test burns 120 seconds waiting because the restart and shutdown
timeouts are both 60 seconds by default. We can adjust the restart timeout to
30 seconds if we wanted to, but the shutdown timeout is set by ducktape during
the teardown and can't be changed. So we burn 120 seconds but could probably
drop that to 90 seconds. The test currently runs like this: `run time:
2 minutes 43.263 seconds`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
