Skip to content

Fix flaky BindOperationTestCase subtree auth-info tests#727

Open
vharseko wants to merge 1 commit into
OpenIdentityPlatform:masterfrom
vharseko:fix/bindop-authinfo-test-race
Open

Fix flaky BindOperationTestCase subtree auth-info tests#727
vharseko wants to merge 1 commit into
OpenIdentityPlatform:masterfrom
vharseko:fix/bindop-authinfo-test-race

Conversation

@vharseko

Copy link
Copy Markdown
Member

Problem

BindOperationTestCase.testSubtreeDeleteClearsAuthInfo and
testSubtreeModifyUpdatesAuthInfo fail intermittently on CI, with rising
frequency — 2 of 5 ubuntu legs on each of the two most recent runs (PR #714,
PR #725), always one of:

testSubtreeDeleteClearsAuthInfo:1530 expected [null]
    but found [[LDAP client connection from 127.0.0.1:44030 to 127.0.0.1:65535]]
testSubtreeModifyUpdatesAuthInfo:1595 expected object to not be null

Root cause

Both tests assert the DirectoryServer.getAuthenticatedUsers() registry state
immediately after the LDAPDelete / LDAPModify tool returns success. The
registry is maintained by AuthenticatedUsers, an
InternalDirectoryServerPlugin registered at the POST_RESPONSE
modify/modifyDN/delete plugin points — by definition it runs after the
response has been sent to the client. On a loaded CI machine the assertion can
therefore observe the registry before the plugin has run: the subtree-delete
variant still sees the stale connection mapping
(userMap.removeSubtree() not yet executed), the modDN variant does not yet
see the re-keyed DN.

The sibling testRebindClearsAuthInfo in the same file already guards against
operation asynchronicity explicitly (TestCaseUtils.quiesceServer()); the two
subtree tests had no such guard.

Fix

Poll the post-operation assertions with TestTimer (10 s max, 100 ms steps) —
the same pattern used for similar post-response/asynchronous races elsewhere
in the suite (e.g. TasksTestCase, the #686 series). Bounded polling asserts
exactly the intended contract ("the registry converges shortly after the
response") without depending on work-queue idle semantics, and on a real
regression still fails with the original assertion error.

Test-only change; no product code touched.

Tests

mvn -P precommit -pl opendj-server-legacy verify for
testSubtreeDeleteClearsAuthInfo, testSubtreeModifyUpdatesAuthInfo,
testRebindClearsAuthInfo (reruns disabled): 3/3, 0 failures.

testSubtreeDeleteClearsAuthInfo and testSubtreeModifyUpdatesAuthInfo asserted
the AuthenticatedUsers registry state immediately after the LDAPDelete /
LDAPModify tool returned. The registry is updated by a POST_RESPONSE plugin,
i.e. after the client already received the operation response, so on a loaded
machine the assertion can run before the plugin: the delete variant still saw
the stale connection mapping, the modDN variant did not yet see the re-keyed
DN. Failed on 2 of 5 ubuntu legs in recent CI runs (PR OpenIdentityPlatform#714, OpenIdentityPlatform#725).

Poll the assertions with TestTimer (10s max, 100ms steps) instead, following
the same pattern used for similar post-response races elsewhere in the suite.
@vharseko vharseko added tests Test suites: fixing, enabling, un-disabling java Pull requests that update java code labels Jul 10, 2026
@vharseko vharseko requested a review from maximthomas July 10, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

java Pull requests that update java code tests Test suites: fixing, enabling, un-disabling

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants