From a7d9e92f25e4c2cc8c83ad1ab637f8db73f98c57 Mon Sep 17 00:00:00 2001 From: jaymode Date: Wed, 26 Apr 2017 15:40:56 -0400 Subject: [PATCH] Test: wait for all token expiration jobs to finish This adds a best effort wait for the token expiration jobs to finish to hopefully address the issues in tests with on going requests and locked shards. Relates elastic/x-pack-elasticsearch#1220 Original commit: elastic/x-pack-elasticsearch@ae789c1e58b7229b91f5300d076f2495052a780c --- .../xpack/security/authc/ExpiredTokenRemover.java | 4 ++++ .../elasticsearch/xpack/security/authc/TokenService.java | 4 ++++ .../xpack/security/authc/TokenAuthIntegTests.java | 8 +++++++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java index 0be739f28c5..2906e36a211 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java @@ -68,6 +68,10 @@ final class ExpiredTokenRemover extends AbstractRunnable { } } + boolean isExpirationInProgress() { + return inProgress.get(); + } + @Override public void onFailure(Exception e) { logger.error("failed to delete expired tokens", e); diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java index 5b784295982..b09b07761cd 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java @@ -467,6 +467,10 @@ public final class TokenService extends AbstractComponent { return headers != null && headers.stream().anyMatch(EXPIRED_TOKEN_WWW_AUTH_VALUE::equals); } + boolean isExpirationInProgress() { + return expiredTokenRemover.isExpirationInProgress(); + } + private class KeyComputingRunnable extends AbstractRunnable { private final StreamInput in; diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java index 05c287cb445..bf283a7bc7e 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java @@ -99,7 +99,13 @@ public class TokenAuthIntegTests extends SecurityIntegTestCase { } @After - public void wipeSecurityIndex() { + public void wipeSecurityIndex() throws InterruptedException { + // get the token service and wait until token expiration is not in progress! + for (TokenService tokenService : internalCluster().getInstances(TokenService.class)) { + final boolean done = awaitBusy(() -> tokenService.isExpirationInProgress() == false); + assertTrue(done); + } + try { // this is a hack to clean up the .security index since only superusers can delete it and the default test user is not a // superuser since the role used there is a file based role since we cannot guarantee the superuser role is always available