Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] RoleDescriptorTests testSerialization failing #82216

Closed
jakelandis opened this issue Jan 4, 2022 · 5 comments
Closed

[CI] RoleDescriptorTests testSerialization failing #82216

jakelandis opened this issue Jan 4, 2022 · 5 comments
Assignees
@tvernum
Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@jakelandis
Copy link
Contributor

Build scan:
https://gradle-enterprise.elastic.co/s/rszuztj2zglxw/tests/:x-pack:plugin:security:test/org.elasticsearch.xpack.security.authz.RoleDescriptorTests/testSerialization

Reproduction line:
./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authz.RoleDescriptorTests.testSerialization" -Dtests.seed=D84C48900B786F5A -Dtests.locale=es-CL -Dtests.timezone=Canada/Atlantic -Druntime.java=8

Applicable branches:
7.16

Reproduces locally?:
Yes

Failure history:
https://gradle-enterprise.elastic.co/scans/tests?tests.container=org.elasticsearch.xpack.security.authz.RoleDescriptorTests&tests.test=testSerialization

Failure excerpt:

java.lang.AssertionError: 
Expected: <Role[name=fWPnNBrlZHmsQXJKqNWqaQGKyykyTKWThZjpbEPW, cluster=[read_ccr], global=[], indicesPrivileges=[IndicesPrivileges[indices=[ZFeu,Rudm,xnkc,HjcM,xvWO], allowRestrictedIndices=[true], privileges=[read,manage,create_index,monitor], , query={ "match_all": {} }],], applicationPrivileges=[ApplicationResourcePrivileges[application=AoGoqwyuIx, privileges=[fOJdz,AAMDk], resources=[gXWHCjlT,XACQdsSw]],ApplicationResourcePrivileges[application=zSeLCgHFsFtH, privileges=[MpcRtekS], resources=[uMsUISiW,zJuOBTBz,tBdWczGw]],], runAs=[TSBUGKQB,NrnAIDen], metadata=[{PtJDXWag=107338494}]]>
     but: was <Role[name=fWPnNBrlZHmsQXJKqNWqaQGKyykyTKWThZjpbEPW, cluster=[read_ccr], global=[], indicesPrivileges=[IndicesPrivileges[indices=[ZFeu,Rudm,xnkc,HjcM,xvWO], allowRestrictedIndices=[false], privileges=[read,manage,create_index,monitor], , query={ "match_all": {} }],], applicationPrivileges=[ApplicationResourcePrivileges[application=AoGoqwyuIx, privileges=[fOJdz,AAMDk], resources=[gXWHCjlT,XACQdsSw]],ApplicationResourcePrivileges[application=zSeLCgHFsFtH, privileges=[MpcRtekS], resources=[uMsUISiW,zJuOBTBz,tBdWczGw]],], runAs=[TSBUGKQB,NrnAIDen], metadata=[{PtJDXWag=107338494}]]>

  at __randomizedtesting.SeedInfo.seed([D84C48900B786F5A:8C9429D82C2A52C6]:0)
  at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:18)
  at org.junit.Assert.assertThat(Assert.java:956)
  at org.junit.Assert.assertThat(Assert.java:923)
  at org.elasticsearch.xpack.security.authz.RoleDescriptorTests.testSerialization(RoleDescriptorTests.java:246)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1750)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:938)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:974)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:988)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:817)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:468)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:947)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:832)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:883)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:894)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:368)
  at java.lang.Thread.run(Thread.java:748)
@jakelandis jakelandis added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC >test-failure Triaged test failures from CI labels Jan 4, 2022
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Jan 4, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@tvernum tvernum self-assigned this Jan 5, 2022
@tvernum
Copy link
Contributor

tvernum commented Jan 5, 2022

Interestingly, this only seems to reproduce on 7.16 and not 7.17
It's almost certainly a result of #82180, but I wonder why it's only happening on that branch

tvernum added a commit to tvernum/elasticsearch that referenced this issue Jan 5, 2022
@tvernum
[TEST] Fix random RoleDescriptor compat with v6.7
812fc79 
allowRestrictedIndices was only added in ES6.7 (see elastic#37577).

For randomised testing we should not set that field if we are
generating a role descriptor that will be serialized into an older
version stream.

Resolves: elastic#82216
@tvernum tvernum mentioned this issue Jan 5, 2022
Merged
@nik9000
Copy link
Member

nik9000 commented Jan 6, 2022

I got a 7.17 failure:

REPRODUCE WITH: ./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authz.RoleDescriptorTests.testSerialization" -Dtests.seed=662EC1EF0EC74506 -Dtests.locale=bg -Dtests.timezone=Asia/Jerusalem -Druntime.java=8

@jdconrad
Copy link
Contributor

jdconrad commented Jan 6, 2022

Also 7.17

https://gradle-enterprise.elastic.co/s/eyofpt4v3zz7c

elasticsearchmachine pushed a commit that referenced this issue Jan 10, 2022
@tvernum
[TEST] Fix random RoleDescriptor compat with v6.7 (#82242)
0e14941 
allowRestrictedIndices was only added in ES6.7 (see #37577). For
randomised testing we should not set that field if we are generating a
role descriptor that will be serialized into an older version stream.
Resolves: #82216
tvernum added a commit to tvernum/elasticsearch that referenced this issue Jan 10, 2022
@tvernum
[TEST] Fix random RoleDescriptor compat with v6.7 (elastic#82242)
69d19a1 
allowRestrictedIndices was only added in ES6.7 (see elastic#37577). For
randomised testing we should not set that field if we are generating a
role descriptor that will be serialized into an older version stream.
Resolves: elastic#82216
elasticsearchmachine pushed a commit that referenced this issue Jan 10, 2022
@tvernum
[TEST] Fix random RoleDescriptor compat with v6.7 (#82242) (#82363)
1c96c3f 
allowRestrictedIndices was only added in ES6.7 (see #37577). For
randomised testing we should not set that field if we are generating a
role descriptor that will be serialized into an older version stream.
Resolves: #82216
@jkakavas
Copy link
Member

This was resolved in #82242

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvernum tvernum

Labels
:Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@nik9000 @jakelandis @jdconrad @tvernum @jkakavas @elasticmachine