[
https://issues.apache.org/jira/browse/SOLR-13747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hoss Man updated SOLR-13747:
Attachment: SOLR-13747.patch
Status: Open (was: Open)
Some background...
In SOLR-12988, during the dicsussion of re-enabling SSL testing under java11
knowing that some java 11 versions were broken, I made the following comments...
{quote}
(on the Junit tests side, having assumes around JVM version is fine – because
even then it's not a "silent" behavior change, it's an explicitly "test ignored
because XYZ")
{quote}
{quote}
if devs are running tests with a broken JVM, then the tests can & should fail
... that's the job of the tests. it's a bad idea to make the tests "hide" the
failure by "faking" that things work using a degraded cipher, or skipping SSL
completely (yes, i also think mark's changes to SSLTestConfig in December as
part of his commit on this issue was a terrible idea as well) ... the *ONLY*
thing we should _consider_ allowing tests to change about their behavior if
they see a JVM is "broken" is to SKIP ie:
assume(SomethingThatIsFalseForTheBrokenJVM)
{quote}
Ultimately, adding an {{SSLTestConfig.assumeSslIsSafeToTest()}} method seemed
better then doing a hard {{fail(..)}} in any test that wanted to use SSL --
particularly once we realized that (at that time) every available version of
Java 13 was affected by SSL bugs. {{SKIP}} ing tests (instead of failing
outright) ment we could still have jenkins jobs running the latest jdk13-ea
available looking for _other_ bugs, w/o getting noise due to known SSL bugs.
But the fact that SOLR-13746 slipped through the cracks has caused me to
seriously regret that decision -- and lead me to wonder:
* Do we have committers who are _still_ running {{ant test}} with "bad" JDKs
that don't realize thousands of tests are getting skipped?
* What if down the road a jenkins node gets rebuilt/reverted to use an older
jdk11 version, would anyone notice?
The attached patch adds a new
{{TestSSLTestConfig.testFailIfUserRunsTestsWithJVMThatHasKnownSSLBugs}} to the
{{solr/test-framework}} module that does what i's name implies (with an
informative message) when it detects that
{{SSLTestConfig.assumeSslIsSafeToTest()}} throws an assumption in the the
current JVM.
I considered just replacing {{SSLTestConfig.assumeSslIsSafeToTest()}} with a
{{SSLTestConfig.failTheBuildUnlesseSslIsSafeToTest()}} but realized that the
potential deluge of thousands of test failures that might occur for an aspiring
contributor who attempts to run Solr tests w/no idea their JDK is broken could
be overwhelming and scare people off before they even begin. A single clear
cut error (in addition to thousands of tests being {{SKIP}} ed) seemed more
inviting.
I should note: It's possible that down the road we will again find ourselves in
this situation...
bq. ...particularly once we realized that (at that time) every available
version of Java 13 was affected by SSL bugs...
...with some future "Java XX", whose every available 'ea' build we recognize as
being completely broken for SSL -- but we want still want to let jenkins try to
look for _other_ bugs w/o the "noise" of this test failing every build. If
that day comes, we can update {{SSLTestConfig.assumeSslIsSafeToTest()}} to
{{SKIP}} SSL on those JVM builds, and "whitelist" them in
{{TestSSLTestConfig.testFailIfUserRunsTestsWithJVMThatHasKnownSSLBugs}}.
> 'ant test' should fail on JVM's w/known SSL bugs
>
>
> Key: SOLR-13747
> URL: https://issues.apache.org/jira/browse/SOLR-13747
> Project: Solr
> Issue Type: Test
> Security Level: Public(Default Security Level. Issues are Public)
>Reporter: Hoss Man
>Priority: Major
> Attachments: SOLR-13747.patch
>
>
> If {{ant test}} (or the future gradle equivalent) is run w/a JVM that has
> known SSL bugs, there should be an obvious {{BUILD FAILED}} because of this
> -- so the user knows they should upgrade their JVM (rather then relying on
> the user to notice that SSL tests were {{SKIP}} ed)
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org