From 3e538005ecb4dd20fb05c6da4e20a20e846a2a3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20H=C3=B8ydahl?= <janhoy@apache.org>
Date: Mon, 8 Jun 2020 10:46:53 +0200
Subject: [PATCH] SOLR-9679: Harden
 BasicAuthOnSingleNodeTest#testDeleteSecurityJsonZnode

---
 .../solr/security/BasicAuthOnSingleNodeTest.java | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
index a904009f37f..766e0926804 100644
--- a/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
+++ b/solr/core/src/test/org/apache/solr/security/BasicAuthOnSingleNodeTest.java
@@ -80,7 +80,21 @@ public class BasicAuthOnSingleNodeTest extends SolrCloudAuthTestCase {
       // Deleting security.json will disable security - before SOLR-9679 it would instead cause an exception
       cluster.getZkClient().delete("/security.json", -1, false);
 
-      assertNotNull(new QueryRequest(params("q", "*:*")).process(client, COLLECTION));
+      int count = 0;
+      boolean done = false;
+      // Assert that security is turned off. This is async, so we retry up to 5s before failing the test
+      while (!done) {
+        try {
+          Thread.sleep(500);
+          count += 1;
+          new QueryRequest(params("q", "*:*")).process(client, COLLECTION);
+          done = true;
+        } catch (Exception e) {
+          if (count >= 10) {
+            fail("Failed 10 times to query without credentials after removing security.json");
+          }
+        }
+      }
     }
   }