Merge pull request #5627 from BenPope/redpanda-mtls-upgrade-test

auth: Redpanda enable_sasl upgrade test
redpanda-data · Jul 28, 2022 · 257bd34 · 257bd34
2 parents 23d3572 + d742315
commit 257bd34
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/tests/rptest/tests/acls_test.py b/tests/rptest/tests/acls_test.py
@@ -15,6 +15,7 @@
 from rptest.services.admin import Admin
 from rptest.clients.rpk import RpkTool, ClusterAuthorizationError
 from rptest.services.redpanda import SecurityConfig, TLSProvider
+from rptest.services.redpanda_installer import RedpandaInstaller, wait_for_num_versions
 from rptest.services import tls
 
 
@@ -280,3 +281,42 @@ def test_mtls_principal(self, rules=None, fail=False):
                 assert not fail, "list acls should have failed"
             except ClusterAuthorizationError:
                 assert fail, "list acls should have succeeded"
+
+
+class AccessControlListTestUpgrade(AccessControlListTest):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.installer = self.redpanda._installer
+
+    def check_permissions(self):
+        # run a few times for good health
+        for _ in range(5):
+            try:
+                self.get_client("base").acl_list()
+                assert False, "list acls should have failed"
+            except ClusterAuthorizationError:
+                pass
+
+            self.get_client("cluster_describe").acl_list()
+            self.get_super_client().acl_list()
+
+    # Test that a cluster configured with enable_sasl can be upgraded
+    # from v22.1.x, and still have sasl enabled. See PR 5292.
+    @cluster(num_nodes=3)
+    def test_upgrade_sasl(self):
+
+        self.installer.install(self.redpanda.nodes, (22, 1, 3))
+        self.prepare_cluster(use_tls=True,
+                             use_sasl=True,
+                             enable_authz=None,
+                             authn_method=None,
+                             principal_mapping_rules=None)
+
+        self.check_permissions()
+
+        self.installer.install(self.redpanda.nodes, RedpandaInstaller.HEAD)
+        self.redpanda.restart_nodes(self.redpanda.nodes)
+        unique_versions = wait_for_num_versions(self.redpanda, 1)
+        assert "v22.1.3" not in unique_versions
+
+        self.check_permissions()