Skip to content

[Test] Guard against "about-to-be-deleted" token document #91071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2022
Merged

[Test] Guard against "about-to-be-deleted" token document #91071

merged 1 commit into from
Oct 24, 2022

Conversation

@ywangd
Copy link
Member

@ywangd ywangd commented Oct 24, 2022

The PR introduces a waiting for token invalidation similar to the fix for #67347 and #64757. It targets access token instead of the refresh token. But the underlying cause is the same because invalidation of both token types are at least a 2-step process: (1) find the document and (2) delete the document. In the first step, a document can be found by either search or get when it is about to be deleted and this results to missingDocument exception in step 2. The intention of the particular test does not really care about this situation. Its main purpose is to ensure nothing gets invalidated when the requested token does not exist (deleted). Hence the PR just adds a wait to ensure temporary inconsistent condition eventually goes away.

Resolves: #90509

@ywangd
[Test] Guard against "about-to-be-deleted" token document
649ac67 
The PR introduces a waiting for token invalidation similar to the fix
for elastic#67347 and elastic#64757. It targets access token instead of the refresh
token. But the underlying cause is the same because invalidation of both
token types are at least a 2-step process: (1) find the document and (2)
delete the document. In the first step, a document can be found by
either search or get when it is about to be deleted and this results to
missingDocument exception in step 2. The intention of the particular
test does not really care about this situation. Its main purpose is to
ensure nothing gets invalidated when the requested token does not exist
(deleted). Hence the PR just adds a wait to ensure temporary
inconsistent condition eventually goes away.

Resolves: elastic#90509
@ywangd ywangd added >test Issues or PRs that are addressing/adding tests :Security/Security Security issues without another label v7.17.0 v8.6.0 labels Oct 24, 2022
@ywangd ywangd requested a review from n1v0lg October 24, 2022 04:11
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Oct 24, 2022
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Oct 24, 2022

Pinging @elastic/es-security (Team:Security)

n1v0lg
n1v0lg approved these changes Oct 24, 2022
View reviewed changes
Copy link
Contributor

@n1v0lg n1v0lg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ywangd ywangd merged commit 6e1e807 into elastic:main Oct 24, 2022
@ywangd ywangd mentioned this pull request Oct 25, 2022
Merged
ywangd added a commit to ywangd/elasticsearch that referenced this pull request Oct 25, 2022
@ywangd
[Test] Guard against "about-to-be-deleted" token document (elastic#91071
b9e2235 
)

The PR introduces a waiting for token invalidation similar to the fix
for elastic#67347 and elastic#64757. It targets access token instead of the refresh
token. But the underlying cause is the same because invalidation of both
token types are at least a 2-step process: (1) find the document and (2)
delete the document. In the first step, a document can be found by
either search or get when it is about to be deleted and this results to
missingDocument exception in step 2. The intention of the particular
test does not really care about this situation. Its main purpose is to
ensure nothing gets invalidated when the requested token does not exist
(deleted). Hence the PR just adds a wait to ensure temporary
inconsistent condition eventually goes away.

Resolves: elastic#90509
elasticsearchmachine pushed a commit that referenced this pull request Oct 25, 2022
@ywangd
[Test] Guard against "about-to-be-deleted" token document (#91071) (#…
ef4f3c6 
…91103)

The PR introduces a waiting for token invalidation similar to the fix
for #67347 and #64757. It targets access token instead of the refresh
token. But the underlying cause is the same because invalidation of both
token types are at least a 2-step process: (1) find the document and (2)
delete the document. In the first step, a document can be found by
either search or get when it is about to be deleted and this results to
missingDocument exception in step 2. The intention of the particular
test does not really care about this situation. Its main purpose is to
ensure nothing gets invalidated when the requested token does not exist
(deleted). Hence the PR just adds a wait to ensure temporary
inconsistent condition eventually goes away.

Resolves: #90509
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@n1v0lg n1v0lg n1v0lg approved these changes

Assignees

No one assigned

Labels

:Security/Security Security issues without another label Team:Security Meta label for security team >test Issues or PRs that are addressing/adding tests v7.17.0 v8.6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CI] TokenAuthIntegTests testExpiredTokensDeletedAfterExpiration failing

3 participants

@ywangd @elasticsearchmachine @n1v0lg