fix(tests): stabilize AuthzITs and some other cleanups#3103
Merged
tombentley merged 6 commits intokroxylicious:mainfrom Jan 8, 2026
Merged
fix(tests): stabilize AuthzITs and some other cleanups#3103tombentley merged 6 commits intokroxylicious:mainfrom
tombentley merged 6 commits intokroxylicious:mainfrom
Conversation
piotrpdev
reviewed
Jan 7, 2026
| apiKeys, | ||
| prettyJsonString(responseConverter.writer().apply(response, apiVersion)), | ||
| cluster.name()); | ||
| LOG.atDebug().setMessage("{} {} response: {} << {}") |
Member
There was a problem hiding this comment.
Why change to debug here instead of using .atInfo() to match the previous behavior?
Member
Author
There was a problem hiding this comment.
In my opinion, these tests were writing too much output. I just want to see the names of test classes which is quick to eyeball when the tests run cleanly. When the test fails, I want the test to produce a good assertion message. I can then turn up logging if I need to to investigate the failure.
If tests spew war-and-peace on the happy path, that's disruptive for me.
Member
kill some unused code. Signed-off-by: Keith Wall <kwall@apache.org>
…ually consistent nature of kafka Signed-off-by: Keith Wall <kwall@apache.org>
…sponse to ease reasoning about the differences Signed-off-by: Keith Wall <kwall@apache.org>
Member
Author
No problem. I'd been talking about the issue for a couple of days on Slack, so I'd assumed that everyone might have noticed. But we have too many channels for everyone to monitor everything! |
… to the broker before commencing the test Signed-off-by: Keith Wall <kwall@apache.org>
Signed-off-by: Keith Wall <kwall@apache.org>
k-wall
commented
Jan 8, 2026
| return scenario.clobberResponse(cl, node); | ||
| }); | ||
| assertThat(mapValues(proxiedResponsesByUser, | ||
| assertThatJson(mapValues(proxiedResponsesByUser, |
Member
Author
There was a problem hiding this comment.
This gives a much more human readable diff when the assertion fails.
k-wall
commented
Jan 8, 2026
| if (!scenario.needsRetry(r)) { | ||
| break; | ||
| } | ||
| try { |
Member
Author
There was a problem hiding this comment.
The sleep didn't seem to be achieving anything.
tombentley
approved these changes
Jan 8, 2026
| <!-- </module>--> | ||
| <module name="IllegalImport"> | ||
| <!-- we shouldn't be relying on class shaded into TC for dependencies --> | ||
| <property name="illegalPkgs" value="org.testcontainers.shaded"/> |
...-integration-tests/src/test/java/io/kroxylicious/proxy/filter/authorization/KafkaDriver.java
Outdated
Show resolved
Hide resolved
…roxy/filter/authorization/KafkaDriver.java Signed-off-by: Tom Bentley <tombentley@users.noreply.github.com>
|
k-wall
added a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 4, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
k-wall
added a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 4, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
k-wall
added a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 4, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
k-wall
added a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 4, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
9 tasks
k-wall
added a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 4, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
robobario
pushed a commit
to k-wall/kroxylicious
that referenced
this pull request
Feb 8, 2026
why: in kroxylicious#3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
robobario
pushed a commit
that referenced
this pull request
Feb 9, 2026
why: in #3103 666c64d we changed the AuthzIT tests to ensure that the topics were in a consistent state before the starting the tests. The AbstractAuthzEquivalenceIT tests have their own cluster prep code, so didn't benefit from this change meaning those tests could still fail owning to lack of consistency. This change pulls out a common base class and refactors both AuthzIT and AbstractAuthzEquivalenceIT to use it. Signed-off-by: Keith Wall <kwall@apache.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Select the type of your PR
Description
The AuthzITs are unstable for me on my main work machine. We are also seeing the same failures in CI.
I am running this command:
The issues I'm seeing:
Side-effect assertion sporadically failing
The side effect assertions are failing. For instance, in
DeleteTopicsAuthzITI see failures like so:I think this is down the the eventually consistent nature of Kafka. Just because you've say, just created a topic, doesn't give you the guarantee that an admin observation will observe it.
Proxied/reference response mismatches
I'm seeing some fails like this:
This again is an eventually consistency issue. The test harness creates the topic (alice-topic etc), and then the test proceeds to perform an operation on the topic
Additional Context
Why are you making this pull request?
Checklist
Please go through this checklist and make sure all applicable tasks have been done