Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] TokenServiceTests testTokenExpiry fails #30062

Closed
elasticmachine opened this issue Feb 9, 2018 · 3 comments
Closed

[CI] TokenServiceTests testTokenExpiry fails #30062

elasticmachine opened this issue Feb 9, 2018 · 3 comments
Assignees
@jkakavas
Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test-failure Triaged test failures from CI v6.2.5 v6.6.0

Comments

@elasticmachine
Copy link
Collaborator

Original comment by @cbuescher:

LINK REDACTED

Can reproduce locally with:

./gradlew :x-pack-elasticsearch:plugin:security:test   -Dtests.seed=BCB6BA314115498   -Dtests.class=org.elasticsearch.xpack.security.authc.TokenServiceTests   -Dtests.method="testTokenExpiry"   -Dtests.security.manager=true   -Dtests.locale=en-MU   -Dtests.timezone=Australia/Yancowinna

Failure:

TokenServiceTests.testTokenExpiry <<< FAILURES!
   > Throwable LINK REDACTED: java.util.concurrent.ExecutionException: ElasticsearchSecurityException[token expired]
   >    at __randomizedtesting.SeedInfo.seed([BCB6BA314115498:147E3969C3114D3E]:0)
   >    at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.getValue(BaseFuture.java:265)
   >    at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.get(BaseFuture.java:252)
   >    at org.elasticsearch.common.util.concurrent.BaseFuture.get(BaseFuture.java:94)
   >    at org.elasticsearch.xpack.security.authc.TokenServiceTests.testTokenExpiry(TokenServiceTests.java:484)
   >    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   >    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   >    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   >    at java.base/java.lang.reflect.Method.invoke(Method.java:564)
   >    at java.base/java.lang.Thread.run(Thread.java:844)
   > Caused by: ElasticsearchSecurityException[token expired]
   >    at org.elasticsearch.xpack.security.authc.TokenService.expiredTokenException(TokenService.java:1122)
   >    at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeAndValidateToken$4(TokenService.java:341)
   >    at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   >    at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$5(TokenService.java:403)
   >    at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   >    at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43)
   >    at org.elasticsearch.xpack.security.authc.TokenServiceTests.lambda$mockGetTokenFromId$10(TokenServiceTests.java:654)
   >    at org.mockito.internal.stubbing.StubbedInvocationMatcher.answer(StubbedInvocationMatcher.java:34)
   >    at org.mockito.internal.handler.MockHandlerImpl.handle(MockHandlerImpl.java:91)
   >    at org.mockito.internal.handler.NullResultGuardian.handle(NullResultGuardian.java:29)
   >    at org.mockito.internal.handler.InvocationNotifierHandler.handle(InvocationNotifierHandler.java:38)
   >    at org.mockito.internal.creation.MethodInterceptorFilter.intercept(MethodInterceptorFilter.java:51)
   >    at org.elasticsearch.client.Client$$EnhancerByMockitoWithCGLIB$$5daba283.get(<generated>)
   >    at org.elasticsearch.xpack.core.ClientHelper.executeAsyncWithOrigin(ClientHelper.java:73)
   >    at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$7(TokenService.java:389)
   >    at org.elasticsearch.xpack.security.authc.TokenServiceTests.lambda$setupClient$3(TokenServiceTests.java:152)
   >    at org.mockito.internal.stubbing.StubbedInvocationMatcher.answer(StubbedInvocationMatcher.java:34)
   >    at org.mockito.internal.handler.MockHandlerImpl.handle(MockHandlerImpl.java:91)
   >    at org.mockito.internal.handler.NullResultGuardian.handle(NullResultGuardian.java:29)
   >    at org.mockito.internal.handler.InvocationNotifierHandler.handle(InvocationNotifierHandler.java:38)
   >    at org.mockito.internal.creation.MethodInterceptorFilter.intercept(MethodInterceptorFilter.java:51)
   >    at org.elasticsearch.xpack.security.SecurityLifecycleService$$EnhancerByMockitoWithCGLIB$$91dbf54b.prepareIndexIfNeededThenExecute(<generated>)
   >    at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$8(TokenService.java:385)
   >    at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   >    at org.elasticsearch.xpack.security.authc.TokenService.decryptTokenId(TokenService.java:469)
   >    at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$9(TokenService.java:384)
   >    at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   >    at org.elasticsearch.xpack.security.authc.TokenService.getKeyAsync(TokenService.java:446)
   >    at org.elasticsearch.xpack.security.authc.TokenService.decodeToken(TokenService.java:378)
   >    at org.elasticsearch.xpack.security.authc.TokenService.decodeAndValidateToken(TokenService.java:336)
   >    at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:297)
   >    at org.elasticsearch.xpack.security.authc.TokenServiceTests.testTokenExpiry(TokenServiceTests.java:483)
@elasticmachine elasticmachine added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test Issues or PRs that are addressing/adding tests v6.2.5 labels Apr 25, 2018
@polyfractal polyfractal added >test-failure Triaged test failures from CI and removed >test Issues or PRs that are addressing/adding tests labels May 9, 2018
jkakavas added a commit to jkakavas/elasticsearch that referenced this issue May 17, 2018
@jkakavas
Adjust fast forward for token expiration test
b80709d 
Adjusts the maximum fast forward time for token expiration tests
to be 5 seconds before actual token expiration so that the test
won't fail even when upperlimit is randomly selected.

Resolves: elastic#30062
@jkakavas jkakavas mentioned this issue May 17, 2018
Merged
jkakavas added a commit that referenced this issue May 17, 2018
@jkakavas
Adjust fast forward for token expiration test (#30668)
35fa934 
Adjust fast forward for token expiration test

Adjusts the maximum fast forward time for token expiration tests
to be 5 seconds before actual token expiration so that the test
won't fail even when upperlimit is randomly selected.

Resolves: #30062
ywelsch pushed a commit to ywelsch/elasticsearch that referenced this issue May 23, 2018
@jkakavas @ywelsch
Adjust fast forward for token expiration test (elastic#30668)
3fba718 
Adjust fast forward for token expiration test

Adjusts the maximum fast forward time for token expiration tests
to be 5 seconds before actual token expiration so that the test
won't fail even when upperlimit is randomly selected.

Resolves: elastic#30062
@droberts195
Copy link
Contributor

Despite #30668 a failure of the same test with an identical stack trace occurred in https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+6.x+matrix-java-periodic/ES_BUILD_JAVA=java11,ES_RUNTIME_JAVA=java11,nodes=virtual&&linux/65/console:

ERROR   0.19s J3 | TokenServiceTests.testTokenExpiry <<< FAILURES!
   > Throwable #1: java.util.concurrent.ExecutionException: ElasticsearchSecurityException[token expired]
   > 	at __randomizedtesting.SeedInfo.seed([CEDED5FE2915C12D:D16B8734FE15D88B]:0)
   > 	at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.getValue(BaseFuture.java:265)
   > 	at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.get(BaseFuture.java:252)
   > 	at org.elasticsearch.common.util.concurrent.BaseFuture.get(BaseFuture.java:94)
   > 	at org.elasticsearch.xpack.security.authc.TokenServiceTests.testTokenExpiry(TokenServiceTests.java:534)
   > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   > 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   > 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
   > 	at java.base/java.lang.Thread.run(Thread.java:834)
   > Caused by: ElasticsearchSecurityException[token expired]
   > 	at org.elasticsearch.xpack.security.authc.TokenService.expiredTokenException(TokenService.java:1158)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeAndValidateToken$5(TokenService.java:339)
   > 	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$8(TokenService.java:407)
   > 	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   > 	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43)
   > 	at org.elasticsearch.xpack.security.authc.TokenServiceTests.lambda$mockGetTokenFromId$11(TokenServiceTests.java:713)
   > 	at org.mockito.internal.stubbing.StubbedInvocationMatcher.answer(StubbedInvocationMatcher.java:34)
   > 	at org.mockito.internal.handler.MockHandlerImpl.handle(MockHandlerImpl.java:91)
   > 	at org.mockito.internal.handler.NullResultGuardian.handle(NullResultGuardian.java:29)
   > 	at org.mockito.internal.handler.InvocationNotifierHandler.handle(InvocationNotifierHandler.java:38)
   > 	at org.mockito.internal.creation.MethodInterceptorFilter.intercept(MethodInterceptorFilter.java:51)
   > 	at org.elasticsearch.client.Client$$EnhancerByMockitoWithCGLIB$$fc152304.get(<generated>)
   > 	at org.elasticsearch.xpack.core.ClientHelper.executeAsyncWithOrigin(ClientHelper.java:75)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$10(TokenService.java:393)
   > 	at org.elasticsearch.xpack.security.authc.TokenServiceTests.lambda$setupClient$4(TokenServiceTests.java:153)
   > 	at org.mockito.internal.stubbing.StubbedInvocationMatcher.answer(StubbedInvocationMatcher.java:34)
   > 	at org.mockito.internal.handler.MockHandlerImpl.handle(MockHandlerImpl.java:91)
   > 	at org.mockito.internal.handler.NullResultGuardian.handle(NullResultGuardian.java:29)
   > 	at org.mockito.internal.handler.InvocationNotifierHandler.handle(InvocationNotifierHandler.java:38)
   > 	at org.mockito.internal.creation.MethodInterceptorFilter.intercept(MethodInterceptorFilter.java:51)
   > 	at org.elasticsearch.xpack.security.support.SecurityIndexManager$$EnhancerByMockitoWithCGLIB$$f2e1f23.checkIndexVersionThenExecute(<generated>)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$11(TokenService.java:387)
   > 	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.decryptTokenId(TokenService.java:474)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.lambda$decodeToken$12(TokenService.java:382)
   > 	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:60)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.getKeyAsync(TokenService.java:451)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.decodeToken(TokenService.java:376)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.decodeAndValidateToken(TokenService.java:334)
   > 	at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:295)
   > 	at org.elasticsearch.xpack.security.authc.TokenServiceTests.testTokenExpiry(TokenServiceTests.java:533)
   > 	... 36 more

This didn't reproduce using:

./gradlew :x-pack:plugin:security:test -Dtests.seed=CEDED5FE2915C12D -Dtests.class=org.elasticsearch.xpack.security.authc.TokenServiceTests -Dtests.method="testTokenExpiry" -Dtests.security.manager=true -Dtests.locale=fi-FI -Dtests.timezone=Asia/Sakhalin -Dcompiler.java=11 -Druntime.java=11

@droberts195 droberts195 reopened this Nov 19, 2018
@jkakavas
Copy link
Member

#30668 was sadly never backported to 6.x, my bad. I will fix this now

jkakavas added a commit that referenced this issue Nov 21, 2018
@jkakavas
Adjust fast forward for token expiration test (#30668)
e4ea8c5 
Adjust fast forward for token expiration test

Adjusts the maximum fast forward time for token expiration tests
to be 5 seconds before actual token expiration so that the test
won't fail even when upperlimit is randomly selected.

Resolves: #30062
@droberts195
Copy link
Contributor

Thanks @jkakavas, I assumed the fix was in 6.x because that PR was labelled with 6.3.0 and 6.4.0. I've changed the labels on the PR to show the earliest version it's in is now 6.6.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkakavas jkakavas

Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test-failure Triaged test failures from CI v6.2.5 v6.6.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@polyfractal @droberts195 @jkakavas @elasticmachine