This is an automated email from the ASF dual-hosted git repository. CalvinKirs pushed a commit to branch 4.0-65042-59708 in repository https://gitbox.apache.org/repos/asf/doris.git
commit 28afde24fa94ff726d30f9c123c5e59829e58aff Author: guoqiang <[email protected]> AuthorDate: Tue Jun 30 18:41:00 2026 +0800 [test](auth) make node action test cluster-safe (no phantom nodes) The admin-positive assertions used ADD with 127.0.0.1 addresses, which on a real (distributed) cluster would not match an existing node and would actually register a phantom FE observer / BE into the editlog with no cleanup, polluting cluster state and risking later tests. Switch the positive path to DROP on RFC 5737 TEST-NET addresses (192.0.2.x), which can never match a real node: it reaches the operation, returns a harmless 'does not exist' error, proves the ADMIN check passed, and mutates nothing. The negative (non-admin) cases keep ADD since the auth check rejects them before the node operation runs. --- .../auth_p0/test_http_node_action_auth.groovy | 47 +++++++++++++--------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/regression-test/suites/auth_p0/test_http_node_action_auth.groovy b/regression-test/suites/auth_p0/test_http_node_action_auth.groovy index 6ddc95ffe89..5b1774a44d0 100644 --- a/regression-test/suites/auth_p0/test_http_node_action_auth.groovy +++ b/regression-test/suites/auth_p0/test_http_node_action_auth.groovy @@ -20,46 +20,56 @@ import org.junit.Assert; // Verify the node management endpoints (add/drop fe/be/broker) require // authentication and ADMIN privilege. Without the check, any caller could // add or drop cluster nodes via these REST APIs. +// +// NOTE on cluster safety: the bogus node addresses below use the RFC 5737 +// TEST-NET-1 range (192.0.2.0/24), which can never match a real FE/BE in any +// cluster. The negative (non-admin) cases use ADD, but the ADMIN check runs +// before the node operation, so the add is never executed. The positive +// (admin) cases use DROP, which on a non-existent node returns a harmless +// "does not exist" error -- it never mutates real cluster state. suite("test_http_node_action_auth", "p0,auth,nonConcurrent") { String suiteName = "test_http_node_action_auth" String user = "${suiteName}_user" String pwd = 'C123_567p' + String bogusFe = "192.0.2.111:12345" + String bogusBe = "192.0.2.112:12345" try_sql("DROP USER ${user}") sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'""" try { sql """ ADMIN SET ALL FRONTENDS CONFIG ("enable_all_http_auth" = "true"); """ - def operateFe = { check_func -> + def operateFe = { user_name, password, action, check_func -> httpTest { - basicAuthorization "${user}", "${pwd}" + basicAuthorization "${user_name}", "${password}" endpoint "${context.config.feHttpAddress}" - uri "/rest/v2/manager/node/ADD/fe" + uri "/rest/v2/manager/node/${action}/fe" op "post" - body """{"role": "OBSERVER", "hostPort": "127.0.0.1:9010"}""" + body """{"role": "OBSERVER", "hostPort": "${bogusFe}"}""" check check_func } } - def operateBe = { check_func -> + def operateBe = { user_name, password, action, check_func -> httpTest { - basicAuthorization "${user}", "${pwd}" + basicAuthorization "${user_name}", "${password}" endpoint "${context.config.feHttpAddress}" - uri "/rest/v2/manager/node/ADD/be" + uri "/rest/v2/manager/node/${action}/be" op "post" - body """{"hostPorts": ["127.0.0.1:9050"]}""" + body """{"hostPorts": ["${bogusBe}"]}""" check check_func } } // A non-admin user must be rejected by the ADMIN privilege check. - operateFe.call() { + // The node operation is never reached, so nothing is mutated. + operateFe.call(user, pwd, "ADD") { respCode, body -> log.info("add fe (non-admin) body:${body}") assertTrue("${body}".contains("Unauthorized")) } - operateBe.call() { + operateBe.call(user, pwd, "ADD") { respCode, body -> log.info("add be (non-admin) body:${body}") assertTrue("${body}".contains("Unauthorized")) @@ -67,23 +77,24 @@ suite("test_http_node_action_auth", "p0,auth,nonConcurrent") { sql """grant 'admin' to ${user}""" - // After granting ADMIN, the request passes the auth check. The add - // operation itself may still fail (fake host), but it must no longer - // be rejected with an authorization error. - operateFe.call() { + // After granting ADMIN, the request passes the auth check. We use DROP + // on a bogus (TEST-NET) node so the call reaches the operation but only + // gets a "does not exist" error -- it must no longer be rejected with an + // authorization error, and must not touch any real node. + operateFe.call(user, pwd, "DROP") { respCode, body -> - log.info("add fe (admin) body:${body}") + log.info("drop fe (admin) body:${body}") assertFalse("${body}".contains("Unauthorized")) } - operateBe.call() { + operateBe.call(user, pwd, "DROP") { respCode, body -> - log.info("add be (admin) body:${body}") + log.info("drop be (admin) body:${body}") assertFalse("${body}".contains("Unauthorized")) } // The query qerror endpoint must require authentication. Without - // credentials it must not return the stats payload (200 ok). + // credentials it must not return the stats payload. httpTest { endpoint "${context.config.feHttpAddress}" uri "/rest/v2/manager/query/qerror/no_such_query_id" --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
