[BUG] 2 failing integration tests in jwt_auth.test.ts in 2.x #1555
Labels
bug
Something isn't working
Comments
|
@scrawfor99 @RyanL1997 @peternied I filed an issue to capture the errors we are seeing in the integration tests for 2.x |
cwperks
changed the title
3 tasks
stephen-crawford
pushed a commit
to opensearch-project/security
that referenced
this issue
Aug 16, 2023
…#3189) ### Description After the upgrade of JJWT from #3092, the JWT Integration Tests in security-dashboards-plugin started failing. See details on: opensearch-project/security-dashboards-plugin#1555 The output from the tests in Github actions was not very revealing, but @RyanL1997 pointed out that when running the test locally after creating a local distro of core + security plugin with 2.x it would output a permissions error: ``` Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?] at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2060) ~[?:?] at java.lang.Thread.getContextClassLoader(Thread.java:1493) ~[?:?] at io.jsonwebtoken.impl.lang.Services$1.getClassLoader(Services.java:37) ~[jjwt-impl-0.11.5.jar:0.11.5] at io.jsonwebtoken.impl.lang.Services.loadFirst(Services.java:100) ~[jjwt-impl-0.11.5.jar:0.11.5] at io.jsonwebtoken.impl.DefaultJwtParserBuilder.build(DefaultJwtParserBuilder.java:191) ~[jjwt-impl-0.11.5.jar:0.11.5] at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:135) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT] ... ``` This PR surrounds the call to build the parser with `AccessController.doPrivileged(...)` to ensure the call has the privileges needed to create the parser. This change should also be applied to main. For some reason, the tests are not failing when running on the main branch but are on 2.x. * Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation) Bug fix ### Issues Resolved opensearch-project/security-dashboards-plugin#1555 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Craig Perkins <[email protected]>
|
Full error: |
|
[Triage] Thank you for filing this issue @cwperks. Leaving this without the triaged label since this requires further action to determine what the desired outcome should be. |
|
Closing this issue as it is now solved. The fix was targeted to 2.x and not necessary in main because all HTTP Authenticators are instantiated in a privileged block in main. See details here: opensearch-project/security#3213 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following tests are failing in 2.x:
Specifically the tests are failing in these 2 locations:
In each instance it appears that OpenSearch-Dashboards w/ the security-dashboards-plugin is installed, but not ready or that it is taking a long time for the dashboard to be brought up. I have not been able to reproduce the error locally or using act to run the workflow locally.
The tests started failing between these 2 commits in 2.x:
These can be run locally using:
yarn test:jest_server -- jwt_auth.test.tsThese failures are blocking PRs like #1550 from being merged to 2.x
The text was updated successfully, but these errors were encountered: