test/alternator: fix running against installation blocking CQL

One of the design goals of the Alternator test suite (test/alternator) is that developers should be able to run the tests against some already running installation by running `cd test/alternator; pytest [--url ...]`. Some of our presentations and documents recommend running Alternator via docker as: docker run --name scylla -d -p 8000:8000 scylladb/scylla:latest --alternator-port=8000 --alternator-write-isolation=always This only makes port 8000 available to the host - the CQL port is blocked. We had a bug in conftest.py's get_valid_alternator_role() which caused it to fail (and fail every single test) when CQL is not available. What we really want is that when CQL is not available and we can't figure out a correct secret key to connect to Alternator, we just try a connect with a fake key - and hope that the option alternator-enforce-authorization is turned off. In fact, this is what the code comments claim was already happening - but we failed to handle the case that CQL is not available at all. After this patch, one can run Alternator with the above docker command, and then run tests against it. By the way, this provides another way for running any old release of Scylla and running Alternator tests against it. We already supported a similar feature via test/alternator/run's "--release" option, but its implementation doesn't use docker. Fixes #22591 Signed-off-by: Nadav Har'El <nyh@scylladb.com> Closes scylladb/scylladb#22592
2025-01-30 18:43:25 +02:00
parent 7ce932ce01
commit bfdd805f15
1 changed files with 26 additions and 19 deletions
--- a/test/alternator/conftest.py
+++ b/test/alternator/conftest.py
@@ -67,30 +67,37 @@ def pytest_collection_modifyitems(config, items):
 # is that role's password's salted hash. We can read a valid role/hash
 # from the appropriate system table, but can't do it with Alternator (because
 # we don't know yet the secret key!), so we need to do it with CQL.
+# If this function can't connect to CQL, it will return an arbitrary
+# user/secret pair, and hope it would work if alternator-enforce-authorization
+# is off.
@cache
 def get_valid_alternator_role(url, role='cassandra'):
-    from cassandra.cluster import Cluster
+    from cassandra.cluster import Cluster, NoHostAvailable
    from cassandra.auth import PlainTextAuthProvider
    auth_provider = PlainTextAuthProvider(
        username='cassandra', password='cassandra')
-    with (
-        Cluster([urlparse(url).hostname], auth_provider=auth_provider,
-            connect_timeout = 60, control_connection_timeout = 60) as cluster,
-        cluster.connect() as session
-    ):
-        # Newer Scylla places the "roles" table in the "system" keyspace, but
-        # older versions used "system_auth_v2" or "system_auth"
-        for ks in ['system', 'system_auth_v2', 'system_auth']:
-            try:
-                # We could have looked for any role/salted_hash pair, but we
-                # already know a role "cassandra" exists (we just used it to
-                # connect to CQL!), so let's just use that role.
-                salted_hash = list(session.execute(f"SELECT salted_hash FROM {ks}.roles WHERE role = '{role}'"))[0].salted_hash
-                if salted_hash is None:
-                    break
-                return (role, salted_hash)
-            except:
-                pass
+    try:
+        with (
+            Cluster([urlparse(url).hostname], auth_provider=auth_provider,
+                connect_timeout = 60, control_connection_timeout = 60) as cluster,
+            cluster.connect() as session
+        ):
+            # Newer Scylla places the "roles" table in the "system" keyspace, but
+            # older versions used "system_auth_v2" or "system_auth"
+            for ks in ['system', 'system_auth_v2', 'system_auth']:
+                try:
+                    # We could have looked for any role/salted_hash pair, but we
+                    # already know a role "cassandra" exists (we just used it to
+                    # connect to CQL!), so let's just use that role.
+                    salted_hash = list(session.execute(f"SELECT salted_hash FROM {ks}.roles WHERE role = '{role}'"))[0].salted_hash
+                    if salted_hash is None:
+                        break
+                    return (role, salted_hash)
+                except:
+                    pass
+    except NoHostAvailable:
+        # CQL is not available, so we can't find a valid role.
+        pass
    # If we couldn't find a valid role, let's hope that
    # alternator-enforce-authorization is not enabled so anything will work
    return ('unknown_user', 'unknown_secret')