SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException failure #39260

benwtrent · 2019-02-21T17:16:43Z

Failing Test:

https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+6.7+matrix-java-periodic/ES_BUILD_JAVA=java11,ES_RUNTIME_JAVA=java11,nodes=immutable&&linux&&docker/30/console

Reproduce line:

./gradlew :x-pack:plugin:core:unitTest -Dtests.seed=B5B34918851AEF00 -Dtests.class=org.elasticsearch.xpack.core.ssl.SSLConfigurationReloaderTests -Dtests.method="testReloadingPEMKeyConfigException" -Dtests.security.manager=true -Dtests.locale=cs-CZ -Dtests.timezone=America/Nipigon -Dcompiler.java=11 -Druntime.java=11

Unable to reproduce locally, it seems like the failure is intentional? I do not quiet understand how this test is written

07:08:40 ERROR   1.17s J5 | SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException <<< FAILURES!
07:08:40    > Throwable #1: com.carrotsearch.randomizedtesting.UncaughtExceptionError: Captured an uncaught exception in thread: Thread[id=45, name=elasticsearch[reload tests][scheduler][T#1], state=RUNNABLE, group=TGRP-SSLConfigurationReloaderTests]
07:08:40    > 	at __randomizedtesting.SeedInfo.seed([B5B34918851AEF00:8FB81818152DE195]:0)
07:08:40    > Caused by: java.lang.AssertionError: reload should not be called! [pem key reload exception]
07:08:40    > 	at __randomizedtesting.SeedInfo.seed([B5B34918851AEF00]:0)
07:08:40    > 	at org.elasticsearch.xpack.core.ssl.SSLConfigurationReloaderTests$2.reloadSSLContext(SSLConfigurationReloaderTests.java:362)
07:08:40    > 	at org.elasticsearch.xpack.core.ssl.SSLConfigurationReloader$ChangeListener.onFileChanged(SSLConfigurationReloader.java:118)
07:08:40    > 	at org.elasticsearch.watcher.FileWatcher$FileObserver.onFileChanged(FileWatcher.java:279)
07:08:40    > 	at org.elasticsearch.watcher.FileWatcher$FileObserver.checkAndNotify(FileWatcher.java:131)
07:08:40    > 	at org.elasticsearch.watcher.FileWatcher$FileObserver.updateChildren(FileWatcher.java:215)
07:08:40    > 	at org.elasticsearch.watcher.FileWatcher$FileObserver.checkAndNotify(FileWatcher.java:117)
07:08:40    > 	at org.elasticsearch.watcher.FileWatcher.doCheckAndNotify(FileWatcher.java:70)
07:08:40    > 	at org.elasticsearch.watcher.AbstractResourceWatcher.checkAndNotify(AbstractResourceWatcher.java:44)
07:08:40    > 	at org.elasticsearch.watcher.ResourceWatcherService$ResourceMonitor.run(ResourceWatcherService.java:193)
07:08:40    > 	at org.elasticsearch.threadpool.Scheduler$ReschedulingRunnable.doRun(Scheduler.java:246)
07:08:40    > 	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
07:08:40    > 	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
07:08:40    > 	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
07:08:40   2> úno 21, 2019 8:08:33 DOP. com.carrotsearch.randomizedtesting.RandomizedRunner$QueueUncaughtExceptionsHandler uncaughtException
07:08:40   2> WARNING: Uncaught exception in thread: Thread[elasticsearch[reload tests][scheduler][T#1],5,TGRP-SSLConfigurationReloaderTests]
07:08:40    > 	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
07:08:40    > 	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
07:08:40    > 	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
07:08:40    > 	at java.base/java.lang.Thread.run(Thread.java:834)

The truncate action should cause the failure, but the failure is not caught?

The text was updated successfully, but these errors were encountered:

elasticmachine · 2019-02-21T17:16:44Z

Pinging @elastic/es-security

jaymode · 2019-02-21T21:34:52Z

The truncate action should cause the failure, but the failure is not caught?

The truncate action should cause an issue with reloading the key configuration and because of this, the reloading of the ssl context should not be triggered. I'll dig.

This change fixes the tests that expect the reload of a SSLConfiguration to fail after changes made in elastic#30509. The tests relied on the behavior that an SSLConfiguration only had reload called on it after the key and trust managers had been created, but that is no longer the case. This change removes the fail call with a wrapped call to the original method and captures the exception and counts down a latch to make these tests consistently tested rather than relying on concurrency to catch a failure. Closes elastic#39260

This change fixes the tests that expect the reload of a SSLConfiguration to fail. The tests relied on an incorrect assumption that the reloader only called reload on for an SSLConfiguration if the key and trust managers were successfully reloaded, but that is not the case. This change removes the fail call with a wrapped call to the original method and captures the exception and counts down a latch to make these tests consistently tested. Closes #39260

benwtrent added >test-failure Triaged test failures from CI :Security/TLS SSL/TLS, Certificates v6.7.0 labels Feb 21, 2019

jaymode self-assigned this Feb 21, 2019

jaymode mentioned this issue Feb 26, 2019

Fix SSLConfigurationReloaderTests failure tests #39408

Merged

jaymode closed this as completed in #39408 Feb 27, 2019

jkakavas mentioned this issue Mar 4, 2019

SSLConfigurationReloaderTests#testTrustStoreReloadException is buggy #39627

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException failure #39260

SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException failure #39260

benwtrent commented Feb 21, 2019

elasticmachine commented Feb 21, 2019

jaymode commented Feb 21, 2019

SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException failure #39260

SSLConfigurationReloaderTests.testReloadingPEMKeyConfigException failure #39260

Comments

benwtrent commented Feb 21, 2019

elasticmachine commented Feb 21, 2019

jaymode commented Feb 21, 2019