(pinot) branch master updated: Fix flaky RenewableTlsUtilsTest reload wait (#17285)

Tue, 02 Dec 2025 03:21:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git


The following commit(s) were added to refs/heads/master by this push:
     new a03a8701fa3 Fix flaky RenewableTlsUtilsTest reload wait (#17285)
a03a8701fa3 is described below

commit a03a8701fa3a1da78f53ec50a7297abeea244d5b
Author: Xiang Fu <[email protected]>
AuthorDate: Tue Dec 2 03:21:14 2025 -0800

    Fix flaky RenewableTlsUtilsTest reload wait (#17285)
---
 .../common/utils/tls/RenewableTlsUtilsTest.java    | 50 +++++++++++++++-------
 1 file changed, 34 insertions(+), 16 deletions(-)

diff --git 
a/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/RenewableTlsUtilsTest.java
 
b/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/RenewableTlsUtilsTest.java
index c39a206e0ab..01a60e13a6f 100644
--- 
a/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/RenewableTlsUtilsTest.java
+++ 
b/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/RenewableTlsUtilsTest.java
@@ -82,6 +82,8 @@ public class RenewableTlsUtilsTest {
   private static final String DEFAULT_TEST_TLS_DIR
       = new File(FileUtils.getTempDirectoryPath(), "test-tls-dir" + 
System.currentTimeMillis()).getAbsolutePath();
   private static final String KEY_NAME_ALIAS = "mykey";
+  private static final long SSL_FACTORY_RELOAD_TIMEOUT_MS = 5000L;
+  private static final long SSL_FACTORY_RELOAD_POLL_INTERVAL_MS = 100L;
 
   private static final String TLS_KEYSTORE_FILE_PATH = DEFAULT_TEST_TLS_DIR + 
"/" + TLS_KEYSTORE_FILE;
   private static final String TLS_TRUSTSTORE_FILE_PATH = DEFAULT_TEST_TLS_DIR 
+ "/" + TLS_TRUSTSTORE_FILE;
@@ -109,8 +111,6 @@ public class RenewableTlsUtilsTest {
         Path destinationPath = Paths.get(DEFAULT_TEST_TLS_DIR, 
entry.getValue());
         // Use Files.copy to copy the file to the destination folder
         Files.copy(resourceStream, destinationPath, 
StandardCopyOption.REPLACE_EXISTING);
-      } catch (IOException e) {
-        e.printStackTrace(); // Handle the exception as needed
       }
     }
   }
@@ -197,6 +197,7 @@ public class RenewableTlsUtilsTest {
           }
         });
     updateTlsFilesAndWaitForSslFactoryToBeRenewed();
+    waitForTlsMaterialChange(sslFactory, privateKey, certForPrivateKey, 
acceptedIssuerForCert);
     executorService.shutdown();
 
     // after tls file update, the returned values should be the same, since 
the wrapper is the same
@@ -346,24 +347,41 @@ public class RenewableTlsUtilsTest {
     return tlsConfig;
   }
 
+  private void waitForTlsMaterialChange(SSLFactory sslFactory, PrivateKey 
privateKey, Certificate certForPrivateKey,
+      X509Certificate acceptedIssuerForCert)
+      throws InterruptedException {
+    long deadline = System.currentTimeMillis() + SSL_FACTORY_RELOAD_TIMEOUT_MS;
+    while (System.currentTimeMillis() < deadline) {
+      X509ExtendedKeyManager keyManager = 
sslFactory.getKeyManager().orElseThrow();
+      X509ExtendedTrustManager trustManager = 
sslFactory.getTrustManager().orElseThrow();
+      boolean keyChanged = 
!privateKey.equals(keyManager.getPrivateKey(KEY_NAME_ALIAS));
+      boolean certChanged = 
!certForPrivateKey.equals(keyManager.getCertificateChain(KEY_NAME_ALIAS)[0]);
+      boolean issuerChanged = 
!acceptedIssuerForCert.equals(trustManager.getAcceptedIssuers()[0]);
+      if (keyChanged && certChanged && issuerChanged) {
+        return;
+      }
+      Thread.sleep(SSL_FACTORY_RELOAD_POLL_INTERVAL_MS);
+    }
+    fail("SSLFactory was not reloaded with updated TLS material within " + 
SSL_FACTORY_RELOAD_TIMEOUT_MS + "ms");
+  }
+
   private void updateTlsFilesAndWaitForSslFactoryToBeRenewed()
       throws IOException, URISyntaxException, InterruptedException {
-    WatchService watchService = FileSystems.getDefault().newWatchService();
-    Map<WatchKey, Set<Path>> watchKeyPathMap = new HashMap<>();
-    RenewableTlsUtils.registerFile(watchService, watchKeyPathMap, 
TLS_KEYSTORE_FILE_PATH);
-    RenewableTlsUtils.registerFile(watchService, watchKeyPathMap, 
TLS_TRUSTSTORE_FILE_PATH);
+    try (WatchService watchService = 
FileSystems.getDefault().newWatchService()) {
+      Map<WatchKey, Set<Path>> watchKeyPathMap = new HashMap<>();
+      RenewableTlsUtils.registerFile(watchService, watchKeyPathMap, 
TLS_KEYSTORE_FILE_PATH);
+      RenewableTlsUtils.registerFile(watchService, watchKeyPathMap, 
TLS_TRUSTSTORE_FILE_PATH);
 
-    // wait for the new thread to start
-    Thread.sleep(100);
+      // wait for the new thread to start
+      Thread.sleep(100);
 
-    // update tls files
-    copyResourceFilesToTempFolder(
-        Map.of(TLS_KEYSTORE_UPDATED_FILE, TLS_KEYSTORE_FILE, 
TLS_TRUSTSTORE_UPDATED_FILE,
-            TLS_TRUSTSTORE_FILE));
+      // update tls files
+      copyResourceFilesToTempFolder(
+          Map.of(TLS_KEYSTORE_UPDATED_FILE, TLS_KEYSTORE_FILE, 
TLS_TRUSTSTORE_UPDATED_FILE,
+              TLS_TRUSTSTORE_FILE));
 
-    // wait for the file change event to be detected
-    watchService.take();
-    // it will take some time for the thread to be notified and reload the ssl 
factory
-    Thread.sleep(500);
+      // wait for the file change event to be detected
+      watchService.take();
+    }
   }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to