From 2c15277d0252094f67f4facf079557c0ecdfc5b3 Mon Sep 17 00:00:00 2001 From: Andrzej Jackowski Date: Tue, 21 Apr 2026 11:21:43 +0200 Subject: [PATCH] test: audit: restart server when any non-live config key changes _check_restart_needed only compared NON_LIVE_AUDIT_KEYS against the running server config, so extra keys like enable_user_defined_functions were silently ignored and never applied. Generalize the check to restart whenever any key outside LIVE_AUDIT_KEYS differs. --- test/cluster/test_audit.py | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/test/cluster/test_audit.py b/test/cluster/test_audit.py index 1bc8d9752e..536b4ee06f 100644 --- a/test/cluster/test_audit.py +++ b/test/cluster/test_audit.py @@ -51,8 +51,6 @@ logger = logging.getLogger(__name__) # Stable socket path for syslog backends, shared across tests to enable server reuse. syslog_socket_path = tempfile.mktemp(prefix="/tmp/scylla-audit-", suffix=".socket") -# Keys that require server restart (not live-updatable). -NON_LIVE_AUDIT_KEYS = {"audit", "audit_unix_socket_path"} # Keys that can be updated via SIGHUP (live-updatable). LIVE_AUDIT_KEYS = {"audit_categories", "audit_keyspaces", "audit_tables", "audit_rules"} # Auth config applied when user/password are requested. @@ -71,6 +69,7 @@ class AuditTester: def __init__(self, manager: ManagerClient): self.manager = manager + self._prev_config_keys: set[str] = set() def _build_server_config(self, target_config: dict[str, str], enable_compact_storage: bool, @@ -88,13 +87,21 @@ class AuditTester: user: str | None) -> bool: """Decide whether a running server must be restarted. - A restart is needed when non-live audit keys or auth config changed. + A restart is needed when any config key outside live-updatable + audit config changed, or when auth config changed. """ - # Non-live audit keys changed or need to be removed. - restart = any( - str(current.get(k, "")) != str(target_config.get(k, "")) - for k in NON_LIVE_AUDIT_KEYS if k in target_config - ) or any(k in current for k in NON_LIVE_AUDIT_KEYS & absent_keys) + # Any config key that isn't live-updatable audit config must match; otherwise restart. + restart = False + for k, v in target_config.items(): + if k in LIVE_AUDIT_KEYS: + continue + if str(current.get(k, "")) != str(v): + restart = True + break + + # A previously set key outside live-updatable audit config must be removed when absent. + if not restart: + restart = any(k in current for k in absent_keys - LIVE_AUDIT_KEYS) # Auth config changes also require a restart. has_auth = any(k in current for k in AUTH_CONFIG) @@ -217,7 +224,7 @@ class AuditTester: List of server IP addresses. """ target_config = helper.update_audit_settings(audit_settings) - absent_keys = (NON_LIVE_AUDIT_KEYS | LIVE_AUDIT_KEYS) - target_config.keys() + absent_keys = self._prev_config_keys - target_config.keys() auth_provider = PlainTextAuthProvider(username=user, password=password or "") if user else None expected_servers = len(property_file) if property_file else rf @@ -237,6 +244,8 @@ class AuditTester: target_config, enable_compact_storage, rf, user, auth_provider, property_file=property_file, cmdline=cmdline) + self._prev_config_keys = set(target_config.keys()) + cql = self.manager.get_cql() cql.get_execution_profile(EXEC_PROFILE_DEFAULT).consistency_level = ConsistencyLevel.ONE audit_mode = target_config.get("audit") or ""