Skip to content

fix(http): send default User-Agent; harden flaky 06 http/ssrf e2e#270

Merged
pinodeca merged 1 commit into
mainfrom
fix/flaky-06-http-phase1
Jun 25, 2026
Merged

fix(http): send default User-Agent; harden flaky 06 http/ssrf e2e#270
pinodeca merged 1 commit into
mainfrom
fix/flaky-06-http-phase1

Conversation

@pinodeca

Copy link
Copy Markdown
Contributor

Summary

Removes the dominant CI flake in 06_http_and_ssrf and fixes a related product gap plus a repeat-run harness bug.

Product fix

  • build_client() now sends a default User-Agent: pg_durable/<version>. Previously the durable HTTP client (reqwest) sent none, and some hosts reject anonymous requests — httpbingo.org (fly.io) returns HTTP 402 to any request without a User-Agent. That made the redirect test assert 3xx but receive 402, and silently let other httpbingo tests "pass" on a 402 instead of a real success. Nodes may still override the header explicitly.

Test hardening (tests/e2e/sql/06_http_and_ssrf.sql)

  • Move the redirect test (Test 8) off httpbin.org (frequently unavailable — the dominant flake) onto httpbingo.org/status/302.
  • Remove the residual-PUBLIC-grant permission test: it only exercised stock PostgreSQL grant semantics (a PUBLIC grant survives an additive per-role grant) and asserted nothing pg_durable-specific. Renumber the superuser-bypass test accordingly.

Harness fix (scripts/test-e2e-local.sh)

  • The repeat-run re-grant path (grant_e2e_df_usage) used the default include_http => false. On runs ≥2 — after the extension is dropped and recreated — df_e2e_user lost HTTP access and 06 failed at the first df.http() call. Now passes include_http => true to mirror 00_setup_playground, fixing ./scripts/test-e2e-local.sh 06_http_and_ssrf N.

Verification

  • 06_http_and_ssrf passes 3/3 in repeat mode against a reused database.
  • cargo fmt -p pg_durable -- --check and cargo clippy --features http-allow-test-domains clean.

Out of scope

A separate, pre-existing BGW cold-start "pending" timeout flake on the first instance remains (tracked for a future retry harness).

The durable HTTP client (reqwest) previously sent no User-Agent header.
Some hosts reject anonymous requests: httpbingo.org (fly.io) returns HTTP
402 to any request without a User-Agent, which made the redirect test
assert 3xx but receive 402, and silently let the other httpbingo tests
"pass" on a 402 instead of a real success response.

Product fix:
- build_client() now sets a default User-Agent of "pg_durable/<version>".
  Nodes may still override it via an explicit User-Agent header.

Test hardening (06_http_and_ssrf.sql):
- Move the redirect test (Test 8) off httpbin.org (frequently unavailable;
  the dominant CI flake) onto httpbingo.org/status/302, inheriting the
  default 30s timeout.
- Remove the residual-PUBLIC-grant permission test: it only exercised stock
  PostgreSQL grant semantics (a PUBLIC grant survives an additive per-role
  grant) and asserted nothing pg_durable-specific. Renumber the superuser
  bypass test accordingly.

Harness fix (scripts/test-e2e-local.sh):
- The repeat-run re-grant path (grant_e2e_df_usage) used the default
  include_http => false, so on runs >= 2 (after the extension is dropped
  and recreated) df_e2e_user lost HTTP access and 06 failed at the first
  df.http() call. Pass include_http => true to mirror 00_setup_playground,
  fixing `./scripts/test-e2e-local.sh 06_http_and_ssrf N`.

Verified: 06_http_and_ssrf now passes 3/3 in repeat mode against a reused
database. A separate, pre-existing BGW cold-start "pending" timeout flake
on the first instance remains out of scope (tracked for a retry harness).
@pinodeca pinodeca force-pushed the fix/flaky-06-http-phase1 branch from 41def49 to 9aa2cf8 Compare June 25, 2026 21:07
@pinodeca pinodeca merged commit 846ebce into main Jun 25, 2026
5 checks passed
@pinodeca pinodeca deleted the fix/flaky-06-http-phase1 branch June 25, 2026 21:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant