[CI] OpenIdConnectAuthIT testAuthenticateWithCodeFlowAndClientJwtPost failing #109871

DaveCTurner · 2024-06-18T14:41:41Z

The history suggests a low (but nonzero) rate of occasional failures.

Build scan:
https://gradle-enterprise.elastic.co/s/m3qqwd5v3q6re/tests/:x-pack:qa:oidc-op-tests:javaRestTest/org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthIT/testAuthenticateWithCodeFlowAndClientJwtPost

Reproduction line:

./gradlew ':x-pack:qa:oidc-op-tests:javaRestTest' --tests "org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthIT.testAuthenticateWithCodeFlowAndClientJwtPost" -Dtests.seed=E665E73CC8DFFD18 -Dtests.locale=de-DE -Dtests.timezone=Australia/Brisbane -Druntime.java=22

Applicable branches:
main

Reproduces locally?:
Didn't try

Failure history:
Failure dashboard for org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthIT#testAuthenticateWithCodeFlowAndClientJwtPost

Failure excerpt:

org.elasticsearch.client.ResponseException: method [POST], host [https://[::1]:35911], URI [/_security/oidc/authenticate], status line [HTTP/1.1 401 Unauthorized]
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [<OIDC Token>] for action [cluster:admin/xpack/security/oidc/authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [<OIDC Token>] for action [cluster:admin/xpack/security/oidc/authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}

  at __randomizedtesting.SeedInfo.seed([E665E73CC8DFFD18:EE52F3476ADA11B0]:0)
  at org.elasticsearch.client.RestClient.convertResponse(RestClient.java:351)
  at org.elasticsearch.client.RestClient.performRequest(RestClient.java:317)
  at org.elasticsearch.client.RestClient.performRequest(RestClient.java:292)
  at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthIT.completeAuthentication(OpenIdConnectAuthIT.java:227)
  at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthIT.testAuthenticateWithCodeFlowAndClientJwtPost(OpenIdConnectAuthIT.java:127)
  at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
  at java.lang.reflect.Method.invoke(Method.java:580)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at org.apache.lucene.tests.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:48)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at org.apache.lucene.tests.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:45)
  at org.apache.lucene.tests.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:60)
  at org.apache.lucene.tests.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:44)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:843)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:490)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
  at org.elasticsearch.test.cluster.local.DefaultLocalElasticsearchCluster$1.evaluate(DefaultLocalElasticsearchCluster.java:47)
  at org.testcontainers.containers.FailureDetectingExternalResource$1.evaluate(FailureDetectingExternalResource.java:29)
  at org.testcontainers.containers.FailureDetectingExternalResource$1.evaluate(FailureDetectingExternalResource.java:29)
  at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:54)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.tests.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:38)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.tests.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at org.apache.lucene.tests.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:44)
  at org.apache.lucene.tests.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:60)
  at org.apache.lucene.tests.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:47)
  at org.junit.rules.RunRules.evaluate(RunRules.java:20)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:850)
  at java.lang.Thread.run(Thread.java:1570)

The text was updated successfully, but these errors were encountered:

elasticsearchmachine · 2024-06-18T14:42:04Z

Pinging @elastic/es-security (Team:Security)

jfreden · 2024-07-09T08:46:02Z

I'm setting this to medium-risk since this looks like a race condition that could potentially be happening outside tests.

Can't reproduce it locally.

DaveCTurner added :Security/Security Security issues without another label >test-failure Triaged test failures from CI labels Jun 18, 2024

elasticsearchmachine added Team:Security Meta label for security team needs:risk Requires assignment of a risk label (low, medium, blocker) labels Jun 18, 2024

DaveCTurner added a commit that referenced this issue Jun 18, 2024

AwaitsFix for #109871

eaac13c

jfreden added medium-risk An open issue or test failure that is a medium risk to future releases and removed needs:risk Requires assignment of a risk label (low, medium, blocker) labels Jul 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CI] OpenIdConnectAuthIT testAuthenticateWithCodeFlowAndClientJwtPost failing #109871

[CI] OpenIdConnectAuthIT testAuthenticateWithCodeFlowAndClientJwtPost failing #109871

DaveCTurner commented Jun 18, 2024

elasticsearchmachine commented Jun 18, 2024

jfreden commented Jul 9, 2024

[CI] OpenIdConnectAuthIT testAuthenticateWithCodeFlowAndClientJwtPost failing #109871

[CI] OpenIdConnectAuthIT testAuthenticateWithCodeFlowAndClientJwtPost failing #109871

Comments

DaveCTurner commented Jun 18, 2024

elasticsearchmachine commented Jun 18, 2024

jfreden commented Jul 9, 2024