[
https://issues.apache.org/jira/browse/GEODE-10556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18066159#comment-18066159
]
ASF subversion and git services commented on GEODE-10556:
---------------------------------------------------------
Commit 932f06c467ce47f70c7b38d18fbef4b778ffe8c2 in geode's branch
refs/heads/develop from Jinwoo Hwang
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=932f06c467 ]
GEODE-10556: Use localhost for Pulse JMX host when JmxManagerBindAddress is
empty (#7984)
When JmxManagerBindAddress is not configured (empty string, meaning bind
all interfaces), ManagementAgent was setting the pulse.host system property
to the empty string. On Linux/Docker, an empty host in the JMX service URL
resolves to InetAddress.getLocalHost(), which returns the container bridge
IP (e.g. 172.17.0.2) rather than 127.0.0.1.
The embedded test keystore (trusted.keystore) only contains
IPAddress:127.0.0.1 as a Subject Alternative Name. The SSL handshake
between Pulse JMXDataUpdater and the JMX connector server therefore failed:
SSLHandshakeException: No subject alternative names matching IP address
172.17.0.2 found
This caused PulseSecurityWithSSLTest to consistently fail on CI (Ubuntu,
Liberica JDK 17, Docker) with BAD_CREDS while passing locally on macOS
with Zulu JDK 17 (where getLocalHost() returns 127.0.0.1).
Fix: when JmxManagerBindAddress is empty, pass localhost as the
pulse.host property so JMXDataUpdater connects to 127.0.0.1, which is
always covered by the certificate SAN.
> PulseSecurityWithSSLTest fails intermittently on GitHub Actions with
> authentication errors
> ------------------------------------------------------------------------------------------
>
> Key: GEODE-10556
> URL: https://issues.apache.org/jira/browse/GEODE-10556
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> h2. Environment
> * GitHub Actions CI/CD pipeline
> * Tests pass consistently on local developer machines
> * Affects: {{geode-assembly:integrationTest}}
> h2. Description
> Two integration tests in {{PulseSecurityWithSSLTest}} fail consistently on
> GitHub Actions but pass on local machines:
> * {{loginWithIncorrectAndThenCorrectPassword}}
> * {{loginWithDeprecatedSSLOptions}}
> Both tests fail during the login phase with valid credentials, returning
> authentication error redirects instead of successful login redirects.
> h2. Steps to Reproduce
> # Run {{./gradlew :geode-assembly:integrationTest --tests
> "org.apache.geode.tools.pulse.PulseSecurityWithSSLTest"}} on GitHub Actions
> # Observe test failures
> h2. Expected Result
> {code:java}
> client.loginToPulseAndVerify("cluster", "cluster")
> {code}
> Should redirect to {{/pulse/clusterDetail.html}} (successful login)
> h2. Actual Result
> {noformat}
> Expecting actual:
> "/pulse/login.html?error=BAD_CREDS"
> to contain:
> "/pulse/clusterDetail.html"
> {noformat}
> Login with correct credentials returns authentication failure redirect
> h2. Additional Context
> * Tests pass 100% of the time on local development machines
> * Tests fail 100% of the time on slower GitHub Actions runners
> * Other similar Pulse security tests (e.g.,
> {{{}PulseSecurityIntegrationTest{}}}) do not exhibit this behavior
> * Suggests a timing or initialization issue dependent on machine performance
> h2. Impact
> * Blocks CI/CD pipeline
> * 2 out of 118 integration tests fail in geode-assembly module
> * Prevents confident merging of PRs
> h2. Affected Tests
> {code:java}
> > Task :geode-assembly:integrationTest
> PulseSecurityWithSSLTest > loginWithIncorrectAndThenCorrectPassword FAILED
> java.lang.AssertionError:
> Expecting actual:
> "/pulse/login.html?error=BAD_CREDS"
> to contain:
> "/pulse/clusterDetail.html"
> PulseSecurityWithSSLTest > loginWithDeprecatedSSLOptions FAILED
> java.lang.AssertionError:
> Expecting actual:
> "/pulse/login.html?error=BAD_CREDS"
> to contain:
> "/pulse/clusterDetail.html"
> 118 tests completed, 2 failed
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
