Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: tacacs/test_authorization.py::test_authorization_tacacs_only_then_server_down_after_login fails with Failed: Not found aaa config update log: sudo config aaa authorization tacacs+ #16709

Open
arista-nwolfe opened this issue Jan 29, 2025 · 0 comments · May be fixed by #16723
Open

[Bug]: tacacs/test_authorization.py::test_authorization_tacacs_only_then_server_down_after_login fails with Failed: Not found aaa config update log: sudo config aaa authorization tacacs+ #16709

arista-nwolfe opened this issue Jan 29, 2025 · 0 comments · May be fixed by #16723
Assignees
@arista-nwolfe
Labels
chassis Triaged

Comments

@arista-nwolfe
Copy link
Contributor

Issue Description

    def change_and_wait_aaa_config_update(duthost, command, last_timestamp=None, timeout=10):
        if not last_timestamp:
            last_timestamp = get_auditd_config_reload_timestamp(duthost)

        duthost.shell(command)

        # After AAA config update, hostcfgd will modify config file and notify auditd reload config
        # Wait auditd reload config finish
        def log_exist(duthost):
            latest_timestamp = get_auditd_config_reload_timestamp(duthost)
            return latest_timestamp != last_timestamp

        exist = wait_until(timeout, 1, 0, log_exist, duthost)
>       pytest_assert(exist, "Not found aaa config update log: {}".format(command))
E       Failed: Not found aaa config update log: sudo config aaa authorization tacacs+

The test grabs the last instance of the log returned by sudo journalctl -u auditd --boot --no-pager | grep 'audisp-tacplus re-initializing configuration'

Then enables sudo config aaa authorization tacacs+

And confirms there is a newer instance of the audisp-tacplus re-initializing configuration log.

However, the issue is it checks for this newer instance based on the timestamp, but the timestamp is at a per-second granularity.
So if the new log is within the same second the test will fail.

E.G. from our output:

29/01/2025 00:26:55 base._run                                L0071 DEBUG  | /data/tests/common/devices/multi_asic.py::_run_on_asics#136: [cmp227-4] AnsibleModule::shell, args=["sudo journalctl -u auditd --boot --no-pager | grep 'audisp-tacplus re-initializing configuration'"], kwargs={}
29/01/2025 00:26:56 base._run                                L0108 DEBUG  | /data/tests/common/devices/multi_asic.py::_run_on_asics#136: [cmp227-4] AnsibleModule::shell Result => {"changed": true, "stdout":
   "Jan 28 10:02:12 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration\n
   ...
   "Jan 29 00:26:54 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration",
   "Jan 29 00:26:55 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration",
   "Jan 29 00:26:56 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration"]

29/01/2025 00:26:56 base._run                                L0071 DEBUG  | /data/tests/common/devices/multi_asic.py::_run_on_asics#136: [cmp227-4] AnsibleModule::shell, args=["sudo config aaa authorization tacacs+"], kwargs={}

29/01/2025 00:26:56 base._run                                L0071 DEBUG  | /data/tests/common/devices/multi_asic.py::_run_on_asics#136: [cmp227-4] AnsibleModule::shell, args=["sudo journalctl -u auditd --boot --no-pager | grep 'audisp-tacplus re-initializing configuration'"], kwargs={}
29/01/2025 00:26:57 base._run                                L0108 DEBUG  | /data/tests/common/devices/multi_asic.py::_run_on_asics#136: [cmp227-4] AnsibleModule::shell Result => {"changed": true, "stdout":
   "Jan 28 10:02:12 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration\n
   ...
   "Jan 29 00:26:54 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration",
   "Jan 29 00:26:55 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration",
   "Jan 29 00:26:56 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration",
   "Jan 29 00:26:56 cmp227-4 audisp-tacplus[773]: audisp-tacplus re-initializing configuration"]

Note that there is a new entry but because it has the same timestamp Jan 29 00:26:56 as the previous entry the test will hit a string match and cause the test to fail:

def log_exist(duthost):
    latest_timestamp = get_auditd_config_reload_timestamp(duthost)
    return latest_timestamp != last_timestamp

Results you see

Test failing when back to back logs are within the same second.

Results you expected to see

Test should pass if it sees a new log, we shouldn't rely on the timestamp.

Is it platform specific

generic

Relevant log output



Output of show version




Attach files (if any)


No response

      		
    

      
  





        



            

              
            

        

      


      
    








      


  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

      

        

  
      @arista-nwolfe
  
    arista-nwolfe
    

      








      


  


  

    Labels
  



    

      

    chassis

  

    Triaged









      

  

    

        

    Projects
  


        




        
  

    

      
          
        SONiC Chassis
        
    

    

      

            
    Status: No status

              
      

    

    

  







  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  



      

    

  
      

  

    

      2 participants
    

    

        
          @yxieca 
        
          @arista-nwolfe