2022-12-14 13:39:23 +00:00
|
|
|
import pytest
|
2024-03-20 09:46:07 +00:00
|
|
|
from helpers.cluster import ClickHouseCluster, is_arm
|
2022-12-14 13:39:23 +00:00
|
|
|
|
2024-03-20 17:23:08 +00:00
|
|
|
if is_arm():
|
|
|
|
|
pytestmark = pytest.mark.skip
|
|
|
|
|
|
|
|
|
|
|
2022-12-14 13:39:23 +00:00
|
|
|
cluster = ClickHouseCluster(__file__)
|
2022-12-16 08:20:01 +00:00
|
|
|
instance1 = cluster.add_instance(
|
|
|
|
|
"instance1",
|
|
|
|
|
main_configs=["configs/kerberos_with_keytab.xml"],
|
|
|
|
|
user_configs=["configs/users.xml"],
|
|
|
|
|
with_kerberos_kdc=True,
|
|
|
|
|
)
|
|
|
|
|
instance2 = cluster.add_instance(
|
|
|
|
|
"instance2",
|
|
|
|
|
main_configs=["configs/kerberos_without_keytab.xml"],
|
2022-12-14 13:39:23 +00:00
|
|
|
user_configs=["configs/users.xml"],
|
|
|
|
|
with_kerberos_kdc=True,
|
|
|
|
|
)
|
2022-12-22 08:07:16 +00:00
|
|
|
instance3 = cluster.add_instance(
|
|
|
|
|
"instance3",
|
|
|
|
|
main_configs=["configs/kerberos_bad_path_to_keytab.xml"],
|
|
|
|
|
user_configs=["configs/users.xml"],
|
|
|
|
|
with_kerberos_kdc=True,
|
|
|
|
|
)
|
2022-12-26 11:56:45 +00:00
|
|
|
client = cluster.add_instance(
|
|
|
|
|
"client",
|
|
|
|
|
main_configs=["configs/kerberos_without_keytab.xml"],
|
|
|
|
|
user_configs=["configs/users.xml"],
|
|
|
|
|
with_kerberos_kdc=True,
|
|
|
|
|
)
|
2022-12-14 13:39:23 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# Fixtures
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope="module")
|
|
|
|
|
def kerberos_cluster():
|
|
|
|
|
try:
|
|
|
|
|
cluster.start()
|
|
|
|
|
yield cluster
|
|
|
|
|
finally:
|
|
|
|
|
cluster.shutdown()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Tests
|
|
|
|
|
|
2022-12-19 11:28:49 +00:00
|
|
|
|
2022-12-19 11:39:30 +00:00
|
|
|
def make_auth(instance):
|
2022-12-26 11:56:45 +00:00
|
|
|
instance_ip = cluster.get_instance_ip(instance.name)
|
|
|
|
|
|
|
|
|
|
client.exec_in_container(
|
2023-06-23 11:47:37 +00:00
|
|
|
["bash", "-c", f"echo '{instance_ip} {instance.hostname}' >> /etc/hosts"]
|
2022-12-26 11:56:45 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
client.exec_in_container(
|
2022-12-19 11:28:49 +00:00
|
|
|
["bash", "-c", "kinit -k -t /tmp/keytab/kuser.keytab kuser"]
|
2022-12-14 13:39:23 +00:00
|
|
|
)
|
2022-12-26 11:56:45 +00:00
|
|
|
return client.exec_in_container(
|
2022-12-19 11:39:30 +00:00
|
|
|
[
|
|
|
|
|
"bash",
|
|
|
|
|
"-c",
|
2022-12-26 11:59:37 +00:00
|
|
|
f"echo 'select currentUser()' | curl --negotiate -u : http://{instance.hostname}:8123/ --data-binary @-",
|
2022-12-19 11:39:30 +00:00
|
|
|
]
|
|
|
|
|
)
|
2022-12-19 11:28:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_kerberos_auth_with_keytab(kerberos_cluster):
|
2022-12-19 11:39:30 +00:00
|
|
|
assert make_auth(instance1) == "kuser\n"
|
2022-12-14 13:39:23 +00:00
|
|
|
|
|
|
|
|
|
2022-12-16 08:20:01 +00:00
|
|
|
def test_kerberos_auth_without_keytab(kerberos_cluster):
|
2022-12-19 11:28:49 +00:00
|
|
|
assert (
|
2022-12-26 13:17:22 +00:00
|
|
|
"DB::Exception: : Authentication failed: password is incorrect, or there is no user with such name."
|
2022-12-19 11:39:30 +00:00
|
|
|
in make_auth(instance2)
|
2022-12-19 11:28:49 +00:00
|
|
|
)
|
2022-12-16 08:20:01 +00:00
|
|
|
|
|
|
|
|
|
2022-12-22 08:07:16 +00:00
|
|
|
def test_bad_path_to_keytab(kerberos_cluster):
|
|
|
|
|
assert (
|
2022-12-26 13:17:22 +00:00
|
|
|
"DB::Exception: : Authentication failed: password is incorrect, or there is no user with such name."
|
2022-12-22 08:07:16 +00:00
|
|
|
in make_auth(instance3)
|
|
|
|
|
)
|
|
|
|
|
assert instance3.contains_in_log("Keytab file not found")
|
|
|
|
|
|
|
|
|
|
|
2022-12-14 13:39:23 +00:00
|
|
|
if __name__ == "__main__":
|
|
|
|
|
cluster.start()
|
|
|
|
|
input("Cluster created, press any key to destroy...")
|
|
|
|
|
cluster.shutdown()
|
