Re: [PR] [fix][test] Split and fix flaky SASL authentication first-stage auth cache tests [pulsar]

via GitHub Mon, 08 Jun 2026 02:00:31 -0700


oneby-wang commented on code in PR #25949:
URL: https://github.com/apache/pulsar/pull/25949#discussion_r3371912058



##########
pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/SaslAuthenticateTest.java:
##########
@@ -310,49 +310,55 @@ public void testSaslServerAndClientAuth() throws 
Exception {
 
     @Test
     @SuppressWarnings("unchecked")
-    public void testSaslOnlyAuthFirstStage() throws Exception {
+    public void testSaslOnlyAuthFirstStageKeepsInflightContextsBeforeExpiry() 
throws Exception {
         @Cleanup
         AuthenticationProviderSasl saslServer = new 
AuthenticationProviderSasl();
-        // The cache expiration time is set to 500ms. Residual auth info 
should be cleaned up
-        conf.setInflightSaslContextExpiryMs(500);
+        conf.setInflightSaslContextExpiryMs(Integer.MAX_VALUE);
         
saslServer.initialize(AuthenticationProvider.Context.builder().config(conf).build());
 
         HttpServletRequest servletRequest = mock(HttpServletRequest.class);
-        doReturn("Init").when(servletRequest).getHeader("State");
-        // 10 clients only do one-stage verification, resulting in 10 auth 
info remaining in memory
+        
doReturn(SaslConstants.SASL_STATE_CLIENT_INIT).when(servletRequest).getHeader(SaslConstants.SASL_HEADER_STATE);
         for (int i = 0; i < 10; i++) {
-            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData("localhost");
+            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData(localHostname);
             AuthData initData1 = 
dataProvider.authenticate(AuthData.INIT_AUTH_DATA);
             
doReturn(Base64.getEncoder().encodeToString(initData1.getBytes())).when(
-                    servletRequest).getHeader("SASL-Token");
-            
doReturn(String.valueOf(i)).when(servletRequest).getHeader("SASL-Server-ID");
+                    servletRequest).getHeader(SaslConstants.SASL_AUTH_TOKEN);
+            
doReturn(String.valueOf(i)).when(servletRequest).getHeader(SaslConstants.SASL_STATE_SERVER);
             saslServer.authenticateHttpRequest(servletRequest, 
mock(HttpServletResponse.class));
         }
+
         Field field = 
AuthenticationProviderSasl.class.getDeclaredField("authStates");
         field.setAccessible(true);
         Cache<Long, AuthenticationState> cache = (Cache<Long, 
AuthenticationState>) field.get(saslServer);
         assertEquals(cache.asMap().size(), 10);
-        // Add more auth info into memory
+    }
+
+    @Test
+    @SuppressWarnings("unchecked")
+    public void testSaslOnlyAuthFirstStageExpiresResidualContexts() throws 
Exception {
+        @Cleanup
+        AuthenticationProviderSasl saslServer = new 
AuthenticationProviderSasl();
+        conf.setInflightSaslContextExpiryMs(50);
+        
saslServer.initialize(AuthenticationProvider.Context.builder().config(conf).build());
+
+        HttpServletRequest servletRequest = mock(HttpServletRequest.class);
+        
doReturn(SaslConstants.SASL_STATE_CLIENT_INIT).when(servletRequest).getHeader(SaslConstants.SASL_HEADER_STATE);
         for (int i = 0; i < 10; i++) {
-            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData("localhost");
+            AuthenticationDataProvider dataProvider =  
authSasl.getAuthData(localHostname);
             AuthData initData1 = 
dataProvider.authenticate(AuthData.INIT_AUTH_DATA);
             
doReturn(Base64.getEncoder().encodeToString(initData1.getBytes())).when(
-                    servletRequest).getHeader("SASL-Token");
-            doReturn(String.valueOf(10 + 
i)).when(servletRequest).getHeader("SASL-Server-ID");
+                    servletRequest).getHeader(SaslConstants.SASL_AUTH_TOKEN);
+            
doReturn(String.valueOf(i)).when(servletRequest).getHeader(SaslConstants.SASL_STATE_SERVER);
             saslServer.authenticateHttpRequest(servletRequest, 
mock(HttpServletResponse.class));
         }
-        long start = System.currentTimeMillis();
-        while (true) {
-            if (System.currentTimeMillis() - start > 5000) {
-                fail();
-            }
-            cache = (Cache<Long, AuthenticationState>) field.get(saslServer);
-            // Residual auth info should be cleaned up
-            if (CollectionUtils.hasElements(cache.asMap())) {
-                break;
-            }
-            Thread.sleep(5);
-        }
+
+        Field field = 
AuthenticationProviderSasl.class.getDeclaredField("authStates");
+        field.setAccessible(true);
+        Cache<Long, AuthenticationState> cache = (Cache<Long, 
AuthenticationState>) field.get(saslServer);
+        Awaitility.await().atMost(3, TimeUnit.SECONDS).pollDelay(100, 
TimeUnit.MILLISECONDS).untilAsserted(() -> {
+            cache.cleanUp();
+            assertEquals(cache.asMap().size(), 0);

Review Comment:
   Addressed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] [fix][test] Split and fix flaky SASL authentication first-stage auth cache tests [pulsar]

Reply via email to