This is an automated email from the ASF dual-hosted git repository.

CalvinKirs pushed a commit to branch 4.1-65042-59708
in repository https://gitbox.apache.org/repos/asf/doris.git

commit f994ca287424276766ac14754a5fb03b65018bc7
Author: guoqiang <[email protected]>
AuthorDate: Tue Jun 30 18:41:00 2026 +0800

    [test](auth) make node action test cluster-safe (no phantom nodes)
    
    The admin-positive assertions used ADD with 127.0.0.1 addresses, which on a
    real (distributed) cluster would not match an existing node and would 
actually
    register a phantom FE observer / BE into the editlog with no cleanup, 
polluting
    cluster state and risking later tests.
    
    Switch the positive path to DROP on RFC 5737 TEST-NET addresses (192.0.2.x),
    which can never match a real node: it reaches the operation, returns a 
harmless
    'does not exist' error, proves the ADMIN check passed, and mutates nothing. 
The
    negative (non-admin) cases keep ADD since the auth check rejects them 
before the
    node operation runs.
---
 .../auth_p0/test_http_node_action_auth.groovy      | 47 +++++++++++++---------
 1 file changed, 29 insertions(+), 18 deletions(-)

diff --git a/regression-test/suites/auth_p0/test_http_node_action_auth.groovy 
b/regression-test/suites/auth_p0/test_http_node_action_auth.groovy
index 6ddc95ffe89..5b1774a44d0 100644
--- a/regression-test/suites/auth_p0/test_http_node_action_auth.groovy
+++ b/regression-test/suites/auth_p0/test_http_node_action_auth.groovy
@@ -20,46 +20,56 @@ import org.junit.Assert;
 // Verify the node management endpoints (add/drop fe/be/broker) require
 // authentication and ADMIN privilege. Without the check, any caller could
 // add or drop cluster nodes via these REST APIs.
+//
+// NOTE on cluster safety: the bogus node addresses below use the RFC 5737
+// TEST-NET-1 range (192.0.2.0/24), which can never match a real FE/BE in any
+// cluster. The negative (non-admin) cases use ADD, but the ADMIN check runs
+// before the node operation, so the add is never executed. The positive
+// (admin) cases use DROP, which on a non-existent node returns a harmless
+// "does not exist" error -- it never mutates real cluster state.
 suite("test_http_node_action_auth", "p0,auth,nonConcurrent") {
     String suiteName = "test_http_node_action_auth"
     String user = "${suiteName}_user"
     String pwd = 'C123_567p'
+    String bogusFe = "192.0.2.111:12345"
+    String bogusBe = "192.0.2.112:12345"
     try_sql("DROP USER ${user}")
     sql """CREATE USER '${user}' IDENTIFIED BY '${pwd}'"""
 
     try {
         sql """ ADMIN SET ALL FRONTENDS CONFIG ("enable_all_http_auth" = 
"true"); """
 
-        def operateFe = { check_func ->
+        def operateFe = { user_name, password, action, check_func ->
             httpTest {
-                basicAuthorization "${user}", "${pwd}"
+                basicAuthorization "${user_name}", "${password}"
                 endpoint "${context.config.feHttpAddress}"
-                uri "/rest/v2/manager/node/ADD/fe"
+                uri "/rest/v2/manager/node/${action}/fe"
                 op "post"
-                body """{"role": "OBSERVER", "hostPort": "127.0.0.1:9010"}"""
+                body """{"role": "OBSERVER", "hostPort": "${bogusFe}"}"""
                 check check_func
             }
         }
 
-        def operateBe = { check_func ->
+        def operateBe = { user_name, password, action, check_func ->
             httpTest {
-                basicAuthorization "${user}", "${pwd}"
+                basicAuthorization "${user_name}", "${password}"
                 endpoint "${context.config.feHttpAddress}"
-                uri "/rest/v2/manager/node/ADD/be"
+                uri "/rest/v2/manager/node/${action}/be"
                 op "post"
-                body """{"hostPorts": ["127.0.0.1:9050"]}"""
+                body """{"hostPorts": ["${bogusBe}"]}"""
                 check check_func
             }
         }
 
         // A non-admin user must be rejected by the ADMIN privilege check.
-        operateFe.call() {
+        // The node operation is never reached, so nothing is mutated.
+        operateFe.call(user, pwd, "ADD") {
             respCode, body ->
                 log.info("add fe (non-admin) body:${body}")
                 assertTrue("${body}".contains("Unauthorized"))
         }
 
-        operateBe.call() {
+        operateBe.call(user, pwd, "ADD") {
             respCode, body ->
                 log.info("add be (non-admin) body:${body}")
                 assertTrue("${body}".contains("Unauthorized"))
@@ -67,23 +77,24 @@ suite("test_http_node_action_auth", 
"p0,auth,nonConcurrent") {
 
         sql """grant 'admin' to ${user}"""
 
-        // After granting ADMIN, the request passes the auth check. The add
-        // operation itself may still fail (fake host), but it must no longer
-        // be rejected with an authorization error.
-        operateFe.call() {
+        // After granting ADMIN, the request passes the auth check. We use DROP
+        // on a bogus (TEST-NET) node so the call reaches the operation but 
only
+        // gets a "does not exist" error -- it must no longer be rejected with 
an
+        // authorization error, and must not touch any real node.
+        operateFe.call(user, pwd, "DROP") {
             respCode, body ->
-                log.info("add fe (admin) body:${body}")
+                log.info("drop fe (admin) body:${body}")
                 assertFalse("${body}".contains("Unauthorized"))
         }
 
-        operateBe.call() {
+        operateBe.call(user, pwd, "DROP") {
             respCode, body ->
-                log.info("add be (admin) body:${body}")
+                log.info("drop be (admin) body:${body}")
                 assertFalse("${body}".contains("Unauthorized"))
         }
 
         // The query qerror endpoint must require authentication. Without
-        // credentials it must not return the stats payload (200 ok).
+        // credentials it must not return the stats payload.
         httpTest {
             endpoint "${context.config.feHttpAddress}"
             uri "/rest/v2/manager/query/qerror/no_such_query_id"


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to