mirror of
https://github.com/scylladb/scylladb.git
synced 2026-05-20 23:02:25 +00:00
9be759828f
The cert-auth path in process_startup (introduced in20e9619bb1) was missing _ready = true, _authenticating = false, update_scheduling_group() and on_connection_ready(). The result is that connections authenticated via certificate show connection_stage = AUTHENTICATING in system.clients forever, run under the wrong service-level scheduling group, and hold the uninitialized-connections semaphore slot for the lifetime of the connection. Add a parametrized cluster test that verifies all three process_startup branches result in connection_stage = READY: - allow_all: AllowAllAuthenticator (no-auth path) - password: PasswordAuthenticator (SASL/process_auth_response path) - cert_bypass: CertificateAuthenticator with transport_early_auth_bypass error injection (cert-auth path -- the buggy one) The injection is added to certificate_authenticator::authenticate() so tests can bypass actual TLS certificate parsing while still exercising the cert-auth code path in process_startup. The cert_bypass case is marked xfail until the bug is fixed. Signed-off-by: Pavel Emelyanov <xemul@scylladb.com> Co-authored-by: Marcin Maliszkiewicz <marcinmal@scylladb.com> (cherry picked from commitda6fe14035)