Re: [PR] [fix][test] Split and fix flaky SASL authentication first-stage auth cache tests [pulsar]

Sun, 07 Jun 2026 23:42:03 -0700 


lhotari commented on code in PR #25949:
URL: https://github.com/apache/pulsar/pull/25949#discussion_r3371242579


##########
pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/SaslAuthenticateTest.java:
##########
@@ -310,49 +310,55 @@ public void testSaslServerAndClientAuth() throws 
Exception {
 
     @Test
     @SuppressWarnings("unchecked")
-    public void testSaslOnlyAuthFirstStage() throws Exception {
+    public void testSaslOnlyAuthFirstStageKeepsInflightContextsBeforeExpiry() 
throws Exception {
         @Cleanup
         AuthenticationProviderSasl saslServer = new 
AuthenticationProviderSasl();
-        // The cache expiration time is set to 500ms. Residual auth info 
should be cleaned up
-        conf.setInflightSaslContextExpiryMs(500);
+        conf.setInflightSaslContextExpiryMs(Integer.MAX_VALUE);
         
saslServer.initialize(AuthenticationProvider.Context.builder().config(conf).build());
 
         HttpServletRequest servletRequest = mock(HttpServletRequest.class);
-        doReturn("Init").when(servletRequest).getHeader("State");
-        // 10 clients only do one-stage verification, resulting in 10 auth 
info remaining in memory
+        
doReturn(SaslConstants.SASL_STATE_CLIENT_INIT).when(servletRequest).getHeader(SaslConstants.SASL_HEADER_STATE);
         for (int i = 0; i < 10; i++) {
-            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData("localhost");
+            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData(localHostname);
             AuthData initData1 = 
dataProvider.authenticate(AuthData.INIT_AUTH_DATA);
             
doReturn(Base64.getEncoder().encodeToString(initData1.getBytes())).when(
-                    servletRequest).getHeader("SASL-Token");
-            
doReturn(String.valueOf(i)).when(servletRequest).getHeader("SASL-Server-ID");
+                    servletRequest).getHeader(SaslConstants.SASL_AUTH_TOKEN);
+            
doReturn(String.valueOf(i)).when(servletRequest).getHeader(SaslConstants.SASL_STATE_SERVER);
             saslServer.authenticateHttpRequest(servletRequest, 
mock(HttpServletResponse.class));
         }
+
         Field field = 
AuthenticationProviderSasl.class.getDeclaredField("authStates");
         field.setAccessible(true);
         Cache<Long, AuthenticationState> cache = (Cache<Long, 
AuthenticationState>) field.get(saslServer);
         assertEquals(cache.asMap().size(), 10);
-        // Add more auth info into memory
+    }
+
+    @Test
+    @SuppressWarnings("unchecked")
+    public void testSaslOnlyAuthFirstStageExpiresResidualContexts() throws 
Exception {
+        @Cleanup
+        AuthenticationProviderSasl saslServer = new 
AuthenticationProviderSasl();
+        conf.setInflightSaslContextExpiryMs(50);
+        
saslServer.initialize(AuthenticationProvider.Context.builder().config(conf).build());
+
+        HttpServletRequest servletRequest = mock(HttpServletRequest.class);
+        
doReturn(SaslConstants.SASL_STATE_CLIENT_INIT).when(servletRequest).getHeader(SaslConstants.SASL_HEADER_STATE);
         for (int i = 0; i < 10; i++) {
-            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData("localhost");
+            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData(localHostname);
             AuthData initData1 = 
dataProvider.authenticate(AuthData.INIT_AUTH_DATA);
             
doReturn(Base64.getEncoder().encodeToString(initData1.getBytes())).when(
-                    servletRequest).getHeader("SASL-Token");
-            doReturn(String.valueOf(10 + 
i)).when(servletRequest).getHeader("SASL-Server-ID");
+                    servletRequest).getHeader(SaslConstants.SASL_AUTH_TOKEN);
+            
doReturn(String.valueOf(i)).when(servletRequest).getHeader(SaslConstants.SASL_STATE_SERVER);
             saslServer.authenticateHttpRequest(servletRequest, 
mock(HttpServletResponse.class));
         }
-        long start = System.currentTimeMillis();
-        while (true) {
-            if (System.currentTimeMillis() - start > 5000) {
-                fail();
-            }
-            cache = (Cache<Long, AuthenticationState>) field.get(saslServer);
-            // Residual auth info should be cleaned up
-            if (CollectionUtils.hasElements(cache.asMap())) {
-                break;
-            }
-            Thread.sleep(5);
-        }
+
+        Field field = 
AuthenticationProviderSasl.class.getDeclaredField("authStates");
+        field.setAccessible(true);
+        Cache<Long, AuthenticationState> cache = (Cache<Long, 
AuthenticationState>) field.get(saslServer);
+        Awaitility.await().atMost(3, TimeUnit.SECONDS).pollDelay(100, 
TimeUnit.MILLISECONDS).untilAsserted(() -> {
+            cache.cleanUp();
+            assertEquals(cache.asMap().size(), 0);

Review Comment:
   does this make sense? The cache is flushed in test code and it's asserted to 
be empty.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to