ClickHouse/tests/integration/test_kerberos_auth/test.py

import pytest
from helpers.cluster import ClickHouseCluster

cluster = ClickHouseCluster(__file__)
instance1 = cluster.add_instance(
    "instance1",
    main_configs=["configs/kerberos_with_keytab.xml"],
    user_configs=["configs/users.xml"],
    with_kerberos_kdc=True,
)
instance2 = cluster.add_instance(
    "instance2",
    main_configs=["configs/kerberos_without_keytab.xml"],
    user_configs=["configs/users.xml"],
    with_kerberos_kdc=True,
)
instance3 = cluster.add_instance(
    "instance3",
    main_configs=["configs/kerberos_bad_path_to_keytab.xml"],
    user_configs=["configs/users.xml"],
    with_kerberos_kdc=True,
)


# Fixtures


@pytest.fixture(scope="module")
def kerberos_cluster():
    try:
        cluster.start()
        yield cluster
    finally:
        cluster.shutdown()


# Tests


def make_auth(instance):
    instance.exec_in_container(
        ["bash", "-c", "kinit -k -t /tmp/keytab/kuser.keytab kuser"]
    )
    return instance.exec_in_container(
        [
            "bash",
            "-c",
            "echo 'select currentUser()' | curl -vvv --negotiate -u : http://{}:8123/ --data-binary @-".format(
                instance.hostname
            ),
        ]
    )


def test_kerberos_auth_with_keytab(kerberos_cluster):
    assert make_auth(instance1) == "kuser\n"


def test_kerberos_auth_without_keytab(kerberos_cluster):
    assert (
        "DB::Exception: : Authentication failed: password is incorrect or there is no user with such name."
        in make_auth(instance2)
    )


def test_bad_path_to_keytab(kerberos_cluster):

    assert (
        "DB::Exception: : Authentication failed: password is incorrect or there is no user with such name."
        in make_auth(instance3)
    )
    assert instance3.contains_in_log("Keytab file not found")


if __name__ == "__main__":
    cluster.start()
    input("Cluster created, press any key to destroy...")
    cluster.shutdown()
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00			`import pytest`
			`from helpers.cluster import ClickHouseCluster`

			`cluster = ClickHouseCluster(__file__)`
Add second test for the case when there is no keytab 2022-12-16 08:20:01 +00:00			`instance1 = cluster.add_instance(`
			`"instance1",`
			`main_configs=["configs/kerberos_with_keytab.xml"],`
			`user_configs=["configs/users.xml"],`
			`with_kerberos_kdc=True,`
			`)`
			`instance2 = cluster.add_instance(`
			`"instance2",`
			`main_configs=["configs/kerberos_without_keytab.xml"],`
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00			`user_configs=["configs/users.xml"],`
			`with_kerberos_kdc=True,`
			`)`
Add test_bad_path_to_keytab test 2022-12-22 08:07:16 +00:00			`instance3 = cluster.add_instance(`
			`"instance3",`
			`main_configs=["configs/kerberos_bad_path_to_keytab.xml"],`
			`user_configs=["configs/users.xml"],`
			`with_kerberos_kdc=True,`
			`)`
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00

			`# Fixtures`


			`@pytest.fixture(scope="module")`
			`def kerberos_cluster():`
			`try:`
			`cluster.start()`
			`yield cluster`
			`finally:`
			`cluster.shutdown()`


			`# Tests`

Refactor test_kerberos_auth test 2022-12-19 11:28:49 +00:00
Refactor test.py 2022-12-19 11:39:30 +00:00			`def make_auth(instance):`
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00			`instance.exec_in_container(`
Refactor test_kerberos_auth test 2022-12-19 11:28:49 +00:00			`["bash", "-c", "kinit -k -t /tmp/keytab/kuser.keytab kuser"]`
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00			`)`
Refactor test.py 2022-12-19 11:39:30 +00:00			`return instance.exec_in_container(`
			`[`
			`"bash",`
			`"-c",`
			`"echo 'select currentUser()' \| curl -vvv --negotiate -u : http://{}:8123/ --data-binary @-".format(`
			`instance.hostname`
			`),`
			`]`
			`)`
Refactor test_kerberos_auth test 2022-12-19 11:28:49 +00:00

			`def test_kerberos_auth_with_keytab(kerberos_cluster):`
Refactor test.py 2022-12-19 11:39:30 +00:00			`assert make_auth(instance1) == "kuser\n"`
Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00

Add second test for the case when there is no keytab 2022-12-16 08:20:01 +00:00			`def test_kerberos_auth_without_keytab(kerberos_cluster):`
Refactor test_kerberos_auth test 2022-12-19 11:28:49 +00:00			`assert (`
			`"DB::Exception: : Authentication failed: password is incorrect or there is no user with such name."`
Refactor test.py 2022-12-19 11:39:30 +00:00			`in make_auth(instance2)`
Refactor test_kerberos_auth test 2022-12-19 11:28:49 +00:00			`)`
Add second test for the case when there is no keytab 2022-12-16 08:20:01 +00:00

Add test_bad_path_to_keytab test 2022-12-22 08:07:16 +00:00			`def test_bad_path_to_keytab(kerberos_cluster):`

			`assert (`
			`"DB::Exception: : Authentication failed: password is incorrect or there is no user with such name."`
			`in make_auth(instance3)`
			`)`
			`assert instance3.contains_in_log("Keytab file not found")`


Add integration test test_kerberos_auth 2022-12-14 13:39:23 +00:00			`if __name__ == "__main__":`
			`cluster.start()`
			`input("Cluster created, press any key to destroy...")`
			`cluster.shutdown()`