[jira] [Commented] (SOLR-15484) Frequent test failures for JWTAuthPluginIntegrationTest

Jira Wed, 23 Jun 2021 04:36:05 -0700


    [ 
https://issues.apache.org/jira/browse/SOLR-15484?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17368062#comment-17368062
 ]


Jan Høydahl commented on SOLR-15484:
------------------------------------

I inspected the test log in Jenkins: 
[https://jenkins.thetaphi.de/job/Solr-BadApples-main-Linux/49/]
{noformat}
927760 INFO  (zkCallback-10371-thread-2) [     ] o.a.s.c.CoreContainer 
Initializing authentication plugin: solr.JWTAuthPlugin
  2> 927760 INFO  (zkCallback-10371-thread-2) [     ] o.a.s.s.JWTAuthPlugin 
Reading trustedCerts PEM from configuration string
  2> 927760 INFO  (zkCallback-10390-thread-2) [     ] o.a.s.s.JWTAuthPlugin 
Reading trustedCerts PEM from configuration string
  2> 927771 ERROR (zkCallback-10371-thread-2) [     ] o.a.s.c.c.ZkStateReader 
Error running collections node listener
  2>           => org.apache.solr.common.SolrException: Well-known config could 
not be read from url 
https://localhost.localdomain:48139/default/.well-known/openid-configuration
  2>    at 
org.apache.solr.security.JWTIssuerConfig$WellKnownDiscoveryConfig.parse(JWTIssuerConfig.java:452)
  2> org.apache.solr.common.SolrException: Well-known config could not be read 
from url 
https://localhost.localdomain:48139/default/.well-known/openid-configuration
  2>    at 
org.apache.solr.security.JWTIssuerConfig$WellKnownDiscoveryConfig.parse(JWTIssuerConfig.java:452)
 ~[main/:?]
  2>    at 
org.apache.solr.security.JWTIssuerConfig.fetchWellKnown(JWTIssuerConfig.java:190)
 ~[main/:?]
  2>    at 
org.apache.solr.security.JWTIssuerConfig.init(JWTIssuerConfig.java:111) 
~[main/:?]
  2>    at 
org.apache.solr.security.JWTAuthPlugin.parseIssuerFromTopLevelConfig(JWTAuthPlugin.java:267)
 ~[main/:?]
  2>    at org.apache.solr.security.JWTAuthPlugin.init(JWTAuthPlugin.java:213) 
~[main/:?]
  2>    at 
org.apache.solr.core.CoreContainer.initializeAuthenticationPlugin(CoreContainer.java:508)
 ~[main/:?]
  2>    at 
org.apache.solr.core.CoreContainer.reloadSecurityProperties(CoreContainer.java:978)
 ~[main/:?]
  2>    at 
org.apache.solr.core.CoreContainer.securityNodeChanged(CoreContainer.java:968) 
~[main/:?]
  2>    at 
org.apache.solr.cloud.ZkController.lambda$new$0(ZkController.java:463) 
~[main/:9.0.0-SNAPSHOT 498f9c4c42a0824eaaef1e312992a5eb41da4e3e [snapshot 
build, details omitted]]
  2>    at 
org.apache.solr.common.cloud.ZkStateReader.lambda$createClusterStateWatchersAndUpdate$0(ZkStateReader.java:445)
 ~[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT 
498f9c4c42a0824eaaef1e312992a5eb41da4e3e [snapshot build, details omitted]]
  2>    at 
org.apache.solr.common.cloud.ZkStateReader$2.process(ZkStateReader.java:484) 
[solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT 
498f9c4c42a0824eaaef1e312992a5eb41da4e3e [snapshot build, details omitted]]
  2>    at 
org.apache.solr.common.cloud.SolrZkClient$ProcessWatchWithExecutor.lambda$process$1(SolrZkClient.java:863)
 [solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT 
498f9c4c42a0824eaaef1e312992a5eb41da4e3e [snapshot build, details omitted]]
  2>    at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
  2>    at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
  2>    at 
org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:224)
 [solr-solrj-9.0.0-SNAPSHOT.jar:9.0.0-SNAPSHOT 
498f9c4c42a0824eaaef1e312992a5eb41da4e3e [snapshot build, details omitted]]
  2>    at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) 
[?:?]
  2>    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) 
[?:?]
  2>    at java.lang.Thread.run(Thread.java:831) [?:?]
  2> Caused by: javax.net.ssl.SSLHandshakeException: No name matching 
localhost.localdomain found
  2>    at sun.security.ssl.Alert.createSSLException(Alert.java:131) 
~[?:?]{noformat}
So the core issue here is {{javax.net.ssl.SSLHandshakeException: No name 
matching localhost.localdomain found}}.

So my canned SSL certificate with hostname "localhost" fails when the hostname 
ends up as "localhost.localdomain". The MockWebServer uses  
{{InetAddress.getByName("localhost")}} which ends up with 
"localhost.localdomain". Wdyt [~uschindler] is there a way to make Jenkins 
server return only "localhost" here? E.g. by using 
{{InetAddress.getLoopbackAddress()}} instead? Or should I extend the SSL cert 
to also contain localhost.localdomain...

> Frequent test failures for JWTAuthPluginIntegrationTest
> -------------------------------------------------------
>
>                 Key: SOLR-15484
>                 URL: https://issues.apache.org/jira/browse/SOLR-15484
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: main (9.0)
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: main (9.0)
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Example:
> Build: [https://ci-builds.apache.org/job/Solr/job/Solr-Check-main/1053/]
> {code}
> 1 tests failed.
> FAILED:  
> org.apache.solr.security.JWTAuthPluginIntegrationTest.mockOAuth2Server
> Error Message:
> org.junit.ComparisonFailure: Should have received 401 code expected:<[401]> 
> but was:<[200]>
> Stack Trace:
> org.junit.ComparisonFailure: Should have received 401 code expected:<[401]> 
> but was:<[200]>
>  at __randomizedtesting.SeedInfo.seed([7827798BF4D91EFE:FF2798DB9165E212]:0)
>  at org.junit.Assert.assertEquals(Assert.java:117)
>  at 
> org.apache.solr.security.JWTAuthPluginIntegrationTest.mockOAuth2Server(JWTAuthPluginIntegrationTest.java:143)
> ...
> {code}
> The other test failure is
> {code}
> org.apache.solr.security.JWTAuthPluginTest.initWithInvalidTrustedCertsFile
> Failing for the past 1 build (Since #924 )
> Took 7 ms.
> Error Message
> junit.framework.AssertionFailedError: Expected exception SolrException but no 
> exception was thrown
> Stacktrace
> junit.framework.AssertionFailedError: Expected exception SolrException but no 
> exception was thrown
>       at 
> __randomizedtesting.SeedInfo.seed([8651FF5FA6DE29A1:91C33C9AFD0459B5]:0)
>       at 
> org.apache.lucene.util.LuceneTestCase.expectThrows(LuceneTestCase.java:2863)
>       at 
> org.apache.lucene.util.LuceneTestCase.expectThrows(LuceneTestCase.java:2849)
>       at 
> org.apache.solr.security.JWTAuthPluginTest.initWithInvalidTrustedCertsFile(JWTAuthPluginTest.java:521)
> ...
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Commented] (SOLR-15484) Frequent test failures for JWTAuthPluginIntegrationTest

Reply via email to