Remove temporary PR tracking file

Co-authored-by: mykaul <4655593+mykaul@users.noreply.github.com>

.github/scripts/auto-backport.py

@@ -62,7 +62,7 @@ def create_pull_request(repo, new_branch_name, base_branch_name, pr, backport_pr
         if is_draft:
             labels_to_add.append("conflicts")
             pr_comment = f"@{pr.user.login} - This PR was marked as draft because it has conflicts\n"
-            pr_comment += "Please resolve them and remove the 'conflicts' label. The PR will be made ready for review automatically."
+            pr_comment += "Please resolve them and remove the 'conflicts' label so this PR will be ready for review"
             backport_pr.create_issue_comment(pr_comment)
         
         # Apply all labels at once if we have any

alternator/server.cc

@@ -979,8 +979,9 @@ client_data server::ongoing_request::make_client_data() const {
     // and keep "driver_version" unset.
     cd.driver_name = _user_agent;
     // Leave "protocol_version" unset, it has no meaning in Alternator.
-    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset for Alternator.
-    // Note: CQL sets ssl_protocol and ssl_cipher_suite via generic_server::connection base class.
+    // Leave "hostname", "ssl_protocol" and "ssl_cipher_suite" unset.
+    // As reported in issue #9216, we never set these fields in CQL
+    // either (see cql_server::connection::make_client_data()).
     return cd;
 }
 

test/cqlpy/nodetool.py

@@ -67,11 +67,11 @@ nodetool_cmd.conf = False
 
 # Run the external "nodetool" executable (can be overridden by the NODETOOL
 # environment variable). Only call this if the REST API doesn't work.
-def run_nodetool(cql, *args, **subprocess_kwargs):
+def run_nodetool(cql, *args):
     # TODO: We may need to change this function or its callers to add proper
     # support for testing on multi-node clusters.
     host = cql.cluster.contact_points[0]
-    return subprocess.run([nodetool_cmd(), '-h', host, *args], **subprocess_kwargs)
+    subprocess.run([nodetool_cmd(), '-h', host, *args])
 
 def flush(cql, table):
     ks, cf = table.split('.')
@@ -159,28 +159,6 @@ def disablebinary(cql):
     else:
         run_nodetool(cql, "disablebinary")
 
-def getlogginglevel(cql, logger):
-    if has_rest_api(cql):
-        resp = requests.get(f'{rest_api_url(cql)}/system/logger/{logger}')
-        if resp.ok:
-            return resp.text.strip()
-        raise RuntimeError(f"failed to fetch logging level for {logger}: {resp.status_code} {resp.text}")
-
-    result = run_nodetool(
-        cql,
-        "getlogginglevels",
-        capture_output=True,
-        text=True,
-        check=True,
-    )
-    for line in result.stdout.splitlines():
-        stripped = line.strip()
-        parts = stripped.split()
-        if len(parts) >= 2 and parts[0] == logger:
-            return parts[-1]
-
-    raise RuntimeError(f"logger {logger} not found in getlogginglevels output")
-
 def setlogginglevel(cql, logger, level):
     if has_rest_api(cql):
         requests.post(f'{rest_api_url(cql)}/system/logger/{logger}', params={'level': level})

test/cqlpy/test_protocol_exceptions.py

@@ -10,7 +10,6 @@ import re
 import requests
 import socket
 import struct
-from test.cqlpy import nodetool
 from test.cqlpy.util import cql_session
 
 def get_protocol_error_metrics(host) -> int:
@@ -59,50 +58,11 @@ def try_connect(host, port, creds, protocol_version):
     with cql_with_protocol(host, port, creds, protocol_version) as session:
         return 1 if session else 0
 
-@pytest.fixture
-def debug_exceptions_logging(request, cql):
-    def _read_level() -> str | None:
-        try:
-            level = nodetool.getlogginglevel(cql, "exception")
-            if level:
-                level = level.strip().strip('"').lower()
-            return level
-        except Exception as exc:
-            print(f"Failed to read exception logger level: {exc}")
-            return None
-
-    def _set_and_verify(level: str) -> bool:
-        try:
-            nodetool.setlogginglevel(cql, "exception", level)
-        except Exception as exc:
-            print(f"Failed to set exception logger level to '{level}': {exc}")
-            return False
-
-        observed = _read_level()
-        if observed == level:
-            return True
-
-        print(f"Exception logger level observed as '{observed}' while expecting '{level}'")
-        return False
-
-    def _restore_logging():
-        if not enabled and previous_level is None:
-            return
-
-        target_level = previous_level or "info"
-        _set_and_verify(target_level)
-
-    previous_level = _read_level()
-    enabled = _set_and_verify("debug")
-
-    yield
-    _restore_logging()
-
 # If there is a protocol version mismatch, the server should
 # raise a protocol error, which is counted in the metrics.
-def test_protocol_version_mismatch(scylla_only, debug_exceptions_logging, request, host):
-    run_count = 200
-    cpp_exception_threshold = 20
+def test_protocol_version_mismatch(scylla_only, request, host):
+    run_count = 100
+    cpp_exception_threshold = 10
 
     cpp_exception_metrics_before = get_cpp_exceptions_metrics(host)
     protocol_exception_metrics_before = get_protocol_error_metrics(host)
@@ -284,8 +244,8 @@ def _protocol_error_impl(
         s.close()
 
 def _test_impl(host, flag):
-    run_count = 200
-    cpp_exception_threshold = 20
+    run_count = 100
+    cpp_exception_threshold = 10
 
     cpp_exception_metrics_before = get_cpp_exceptions_metrics(host)
     protocol_exception_metrics_before = get_protocol_error_metrics(host)
@@ -307,47 +267,47 @@ def no_ssl(request):
     yield
 
 # Malformed BATCH with an invalid kind triggers a protocol error.
-def test_invalid_kind_in_batch_message(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_invalid_kind_in_batch_message(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_bad_batch")
 
 # Send OPTIONS during AUTHENTICATE to trigger auth-state error.
-def test_unexpected_message_during_auth(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_unexpected_message_during_auth(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_unexpected_auth")
 
 # STARTUP with an invalid/missing string-map entry should produce a protocol error.
-def test_process_startup_invalid_string_map(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_startup_invalid_string_map(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_startup_invalid_string_map")
 
 # STARTUP with unknown COMPRESSION option should produce a protocol error.
-def test_unknown_compression_algorithm(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_unknown_compression_algorithm(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_unknown_compression")
 
 # QUERY long-string truncation: declared length > provided bytes triggers protocol error.
-def test_process_query_internal_malformed_query(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_query_internal_malformed_query(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_query_internal_malformed_query")
 
 # QUERY options malformed: PAGE_SIZE flag set but page_size truncated triggers protocol error.
-def test_process_query_internal_fail_read_options(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_query_internal_fail_read_options(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_query_internal_fail_read_options")
 
 # PREPARE long-string truncation: declared length > provided bytes triggers protocol error.
-def test_process_prepare_malformed_query(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_prepare_malformed_query(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_prepare_malformed_query")
 
 # EXECUTE cache-key malformed: short-bytes length > provided bytes triggers protocol error.
-def test_process_execute_internal_malformed_cache_key(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_execute_internal_malformed_cache_key(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_execute_internal_malformed_cache_key")
 
 # REGISTER malformed string list: declared string length > provided bytes triggers protocol error.
-def test_process_register_malformed_string_list(scylla_only, no_ssl, debug_exceptions_logging, host):
+def test_process_register_malformed_string_list(scylla_only, no_ssl, host):
     _test_impl(host, "trigger_process_register_malformed_string_list")
 
 # Test if the protocol exceptions do not decrease after running the test happy path.
 # This is to ensure that the protocol exceptions are not cleared or reset
 # during the test execution.
-def test_no_protocol_exceptions(scylla_only, no_ssl, debug_exceptions_logging, host):
-    run_count = 200
-    cpp_exception_threshold = 20
+def test_no_protocol_exceptions(scylla_only, no_ssl, host):
+    run_count = 100
+    cpp_exception_threshold = 10
 
     cpp_exception_metrics_before = get_cpp_exceptions_metrics(host)
     protocol_exception_metrics_before = get_protocol_error_metrics(host)

test/cqlpy/test_ssl.py

@@ -14,7 +14,6 @@ import cassandra.cluster
 from contextlib import contextmanager
 import re
 import ssl
-import time
 
 
 # This function normalizes the SSL cipher suite name (a string),
@@ -67,12 +66,13 @@ def test_tls_versions(cql):
 # a regression test for #9216
 def test_system_clients_stores_tls_info(cql):
     if not cql.cluster.ssl_context:
-        table_result = cql.execute(f"SELECT * FROM system.clients")
-        for row in table_result:
-            assert not row.ssl_enabled
-            assert row.ssl_protocol is None
-            assert row.ssl_cipher_suite is None
-    else:
+            table_result = cql.execute(f"SELECT * FROM system.clients")
+            for row in table_result:
+                assert not row.ssl_enabled
+                assert row.ssl_protocol is None
+                assert row.ssl_cipher_suite is None
+
+    if cql.cluster.ssl_context:
         # TLS v1.2 must be supported, because this is the default version that
         # "cqlsh --ssl" uses. If this fact changes in the future, we may need
         # to reconsider this test.
@@ -82,8 +82,7 @@ def test_system_clients_stores_tls_info(cql):
             # so we need to retry until all connections are initialized and have their TLS info recorded in system.clients,
             # otherwise we'd end up with some connections e.g. having their ssl_enabled=True but other fields still None.
             expected_ciphers = [normalize_cipher(cipher['name']) for cipher in ssl.create_default_context().get_ciphers()]
-            deadline = time.time() + 10  # 10 seconds timeout
-            while time.time() < deadline:
+            for _ in range(1000):  # try for up to 1000 * 0.01s = 10s seconds
                 rows = session.execute(f"SELECT * FROM system.clients")
                 if rows and all(
                     row.ssl_enabled
@@ -93,7 +92,7 @@ def test_system_clients_stores_tls_info(cql):
                 ):
                     return
                 time.sleep(0.01)
-            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10 seconds")
+            pytest.fail(f"Not all connections have TLS data set correctly in system.clients after 10s seconds")
 
 
 @contextmanager

transport/generic_server.cc

@@ -414,8 +414,9 @@ future<> server::do_accepts(int which, bool keepalive, socket_address server_add
                                     conn->_ssl_cipher_suite = cipher_suite;
                                     return make_ready_future<bool>(true);
                                 });
-                        }).handle_exception([conn](std::exception_ptr ep) {
-                            return seastar::make_exception_future<bool>(std::runtime_error(fmt::format("Inspecting TLS connection failed: {}", ep)));
+                        }).handle_exception([this, conn](std::exception_ptr ep) {
+                            _logger.warn("Inspecting TLS connection failed: {}", ep);
+                            return make_ready_future<bool>(false);
                         })
                     : make_ready_future<bool>(true)
                 ).then([conn] (bool ok){

transport/generic_server.hh

@@ -63,7 +63,7 @@ protected:
 
     bool _ssl_enabled = false;
     std::optional<sstring> _ssl_cipher_suite = std::nullopt;
-    std::optional<sstring> _ssl_protocol = std::nullopt;
+    std::optional<sstring> _ssl_protocol = std::nullopt;;
 
 private:
     future<> process_until_tenant_switch();