Skip to content

Commit f9f7ad6

Browse files
prashantkumar1982bolekk
prashantkumar1982
authored and
bolekk
committed
vault e2e: fix flaky batch response ordering assumption (#21801)
The Vault DON processes batch requests through OCR consensus, which does not guarantee the response array order matches the request array order. The create, update, and delete test assertions were using positional indexing (Responses[i] == namespaces[i]), causing intermittent failures when the DON returned responses in a different order. Replace positional checks with map-based lookups keyed by namespace, so the assertions are order-independent. Made-with: Cursor
1 parent 3c520bc commit f9f7ad6

1 file changed

Lines changed: 37 additions & 17 deletions

File tree

system-tests/tests/smoke/cre/v2_vault_don_test.go

Lines changed: 37 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -174,12 +174,16 @@ func executeVaultSecretsCreateTest(t *testing.T, encryptedSecret, secretID, owne
174174
framework.L.Info().Msgf("CreateSecretsResponse decoded as: %s", createSecretsResponse.String())
175175

176176
require.Len(t, createSecretsResponse.Responses, len(namespaces), "Expected one item in the response per namespace")
177-
for i, namespace := range namespaces {
178-
result := createSecretsResponse.GetResponses()[i]
177+
respByNs := make(map[string]*vault_helpers.CreateSecretResponse, len(namespaces))
178+
for _, r := range createSecretsResponse.GetResponses() {
179+
respByNs[r.GetId().GetNamespace()] = r
180+
}
181+
for _, namespace := range namespaces {
182+
result, ok := respByNs[namespace]
183+
require.True(t, ok, "missing response for namespace %s", namespace)
179184
require.Empty(t, result.GetError())
180185
require.Equal(t, secretID, result.GetId().Key)
181186
require.Equal(t, owner, result.GetId().Owner)
182-
require.Equal(t, namespace, result.GetId().Namespace)
183187
}
184188

185189
framework.L.Info().Msgf("Secrets created successfully (namespaces=%v)", namespaces)
@@ -297,17 +301,25 @@ func executeVaultSecretsUpdateTest(t *testing.T, encryptedSecret, secretID, owne
297301
framework.L.Info().Msgf("UpdateSecretsResponse decoded as: %s", updateSecretsResponse.String())
298302

299303
require.Len(t, updateSecretsResponse.Responses, len(namespaces)+1, "Expected one updated item per namespace plus one invalid item")
300-
for i, namespace := range namespaces {
301-
result := updateSecretsResponse.GetResponses()[i]
304+
var foundInvalid bool
305+
updateRespByNs := make(map[string]*vault_helpers.UpdateSecretResponse, len(namespaces))
306+
for _, r := range updateSecretsResponse.GetResponses() {
307+
if r.GetId().GetKey() == "invalid" {
308+
require.Contains(t, r.Error, "key does not exist")
309+
foundInvalid = true
310+
continue
311+
}
312+
updateRespByNs[r.GetId().GetNamespace()] = r
313+
}
314+
require.True(t, foundInvalid, "expected an error response for the 'invalid' key")
315+
for _, namespace := range namespaces {
316+
result, ok := updateRespByNs[namespace]
317+
require.True(t, ok, "missing update response for namespace %s", namespace)
302318
require.Empty(t, result.GetError())
303319
require.Equal(t, secretID, result.GetId().Key)
304320
require.Equal(t, owner, result.GetId().Owner)
305-
require.Equal(t, namespace, result.GetId().Namespace)
306321
}
307322

308-
resultInvalid := updateSecretsResponse.GetResponses()[len(namespaces)]
309-
require.Contains(t, resultInvalid.Error, "key does not exist")
310-
311323
framework.L.Info().Msgf("Secrets updated successfully (namespaces=%v)", namespaces)
312324
}
313325

@@ -468,17 +480,25 @@ func executeVaultSecretsDeleteTest(t *testing.T, secretID, owner, gatewayURL str
468480
framework.L.Info().Msgf("DeleteSecretResponse decoded as: %s", deleteSecretsResponse.String())
469481

470482
require.Len(t, deleteSecretsResponse.Responses, len(namespaces)+1, "Expected one deleted item per namespace plus one invalid item")
471-
for i, namespace := range namespaces {
472-
result := deleteSecretsResponse.GetResponses()[i]
483+
var foundDeleteInvalid bool
484+
deleteRespByNs := make(map[string]*vault_helpers.DeleteSecretResponse, len(namespaces))
485+
for _, r := range deleteSecretsResponse.GetResponses() {
486+
if r.GetId().GetKey() == "invalid" {
487+
require.Contains(t, r.Error, "key does not exist")
488+
foundDeleteInvalid = true
489+
continue
490+
}
491+
deleteRespByNs[r.GetId().GetNamespace()] = r
492+
}
493+
require.True(t, foundDeleteInvalid, "expected an error response for the 'invalid' key")
494+
for _, namespace := range namespaces {
495+
result, ok := deleteRespByNs[namespace]
496+
require.True(t, ok, "missing delete response for namespace %s", namespace)
473497
require.True(t, result.Success, result.Error)
474-
require.Equal(t, result.Id.Owner, owner)
475-
require.Equal(t, result.Id.Key, secretID)
476-
require.Equal(t, result.Id.Namespace, namespace)
498+
require.Equal(t, owner, result.Id.Owner)
499+
require.Equal(t, secretID, result.Id.Key)
477500
}
478501

479-
resultInvalid := deleteSecretsResponse.GetResponses()[len(namespaces)]
480-
require.Contains(t, resultInvalid.Error, "key does not exist")
481-
482502
framework.L.Info().Msgf("Secrets deleted successfully (namespaces=%v)", namespaces)
483503
}
484504

0 commit comments

Comments
 (0)