Fixed + simple ping test

tests/testflows/kerberos/configs/kerberos/etc/krb5.conf

@@ -4,10 +4,6 @@
 [libdefaults]
 	default_realm = EXAMPLE.COM
 	ticket_lifetime  = 24000
-	dns_lookup_realm = false
-    	dns_lookup_kdc = false
-    	dns_fallback = false
-	rdns = false
 
 [realms]
 	EXAMPLE.COM = {

tests/testflows/kerberos/requirements/requirements.md

@@ -9,38 +9,41 @@
 * 4 [Requirements](#requirements)
   * 4.1 [Generic](#generic)
     * 4.1.1 [RQ.SRS-016.Kerberos](#rqsrs-016kerberos)
-  * 4.2 [Configuration](#configuration)
-    * 4.2.1 [RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods](#rqsrs-016kerberosconfigurationmultipleauthmethods)
-    * 4.2.2 [RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled](#rqsrs-016kerberosconfigurationkerberosnotenabled)
-    * 4.2.3 [RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections](#rqsrs-016kerberosconfigurationmultiplekerberossections)
-    * 4.2.4 [RQ.SRS-016.Kerberos.Configuration.WrongUserRealm](#rqsrs-016kerberosconfigurationwronguserrealm)
-    * 4.2.5 [RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified](#rqsrs-016kerberosconfigurationprincipalandrealmspecified)
-    * 4.2.6 [RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections](#rqsrs-016kerberosconfigurationmultipleprincipalsections)
-    * 4.2.7 [RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections](#rqsrs-016kerberosconfigurationmultiplerealmsections)
-  * 4.3 [Valid User](#valid-user)
-    * 4.3.1 [RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser](#rqsrs-016kerberosvaliduserxmlconfigureduser)
-    * 4.3.2 [RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser](#rqsrs-016kerberosvaliduserrbacconfigureduser)
-    * 4.3.3 [RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured](#rqsrs-016kerberosvaliduserkerberosnotconfigured)
-  * 4.4 [Invalid User](#invalid-user)
-    * 4.4.1 [RQ.SRS-016.Kerberos.InvalidUser](#rqsrs-016kerberosinvaliduser)
-    * 4.4.2 [RQ.SRS-016.Kerberos.InvalidUser.UserDeleted](#rqsrs-016kerberosinvaliduseruserdeleted)
-  * 4.5 [Kerberos Not Available](#kerberos-not-available)
-    * 4.5.1 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket](#rqsrs-016kerberoskerberosnotavailableinvalidserverticket)
-    * 4.5.2 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket](#rqsrs-016kerberoskerberosnotavailableinvalidclientticket)
-    * 4.5.3 [RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets](#rqsrs-016kerberoskerberosnotavailablevalidtickets)
-  * 4.6 [Kerberos Restarted](#kerberos-restarted)
-    * 4.6.1 [RQ.SRS-016.Kerberos.KerberosServerRestarted](#rqsrs-016kerberoskerberosserverrestarted)
-  * 4.7 [Performance](#performance)
-    * 4.7.1 [RQ.SRS-016.Kerberos.Performance](#rqsrs-016kerberosperformance)
-  * 4.8 [Parallel Requests processing](#parallel-requests-processing)
-    * 4.8.1 [RQ.SRS-016.Kerberos.Parallel](#rqsrs-016kerberosparallel)
-    * 4.8.2 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos](#rqsrs-016kerberosparallelvalidrequestskerberosandnonkerberos)
-    * 4.8.3 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials](#rqsrs-016kerberosparallelvalidrequestssamecredentials)
-    * 4.8.4 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials](#rqsrs-016kerberosparallelvalidrequestsdifferentcredentials)
-    * 4.8.5 [RQ.SRS-016.Kerberos.Parallel.ValidInvalid](#rqsrs-016kerberosparallelvalidinvalid)
-    * 4.8.6 [RQ.SRS-016.Kerberos.Parallel.Deletion](#rqsrs-016kerberosparalleldeletion)
+  * 4.2 [Ping](#ping)
+    * 4.2.1 [RQ.SRS-016.Kerberos.Ping](#rqsrs-016kerberosping)
+  * 4.3 [Configuration](#configuration)
+    * 4.3.1 [RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods](#rqsrs-016kerberosconfigurationmultipleauthmethods)
+    * 4.3.2 [RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled](#rqsrs-016kerberosconfigurationkerberosnotenabled)
+    * 4.3.3 [RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections](#rqsrs-016kerberosconfigurationmultiplekerberossections)
+    * 4.3.4 [RQ.SRS-016.Kerberos.Configuration.WrongUserRealm](#rqsrs-016kerberosconfigurationwronguserrealm)
+    * 4.3.5 [RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified](#rqsrs-016kerberosconfigurationprincipalandrealmspecified)
+    * 4.3.6 [RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections](#rqsrs-016kerberosconfigurationmultipleprincipalsections)
+    * 4.3.7 [RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections](#rqsrs-016kerberosconfigurationmultiplerealmsections)
+  * 4.4 [Valid User](#valid-user)
+    * 4.4.1 [RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser](#rqsrs-016kerberosvaliduserxmlconfigureduser)
+    * 4.4.2 [RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser](#rqsrs-016kerberosvaliduserrbacconfigureduser)
+    * 4.4.3 [RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured](#rqsrs-016kerberosvaliduserkerberosnotconfigured)
+  * 4.5 [Invalid User](#invalid-user)
+    * 4.5.1 [RQ.SRS-016.Kerberos.InvalidUser](#rqsrs-016kerberosinvaliduser)
+    * 4.5.2 [RQ.SRS-016.Kerberos.InvalidUser.UserDeleted](#rqsrs-016kerberosinvaliduseruserdeleted)
+  * 4.6 [Kerberos Not Available](#kerberos-not-available)
+    * 4.6.1 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket](#rqsrs-016kerberoskerberosnotavailableinvalidserverticket)
+    * 4.6.2 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket](#rqsrs-016kerberoskerberosnotavailableinvalidclientticket)
+    * 4.6.3 [RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets](#rqsrs-016kerberoskerberosnotavailablevalidtickets)
+  * 4.7 [Kerberos Restarted](#kerberos-restarted)
+    * 4.7.1 [RQ.SRS-016.Kerberos.KerberosServerRestarted](#rqsrs-016kerberoskerberosserverrestarted)
+  * 4.8 [Performance](#performance)
+    * 4.8.1 [RQ.SRS-016.Kerberos.Performance](#rqsrs-016kerberosperformance)
+  * 4.9 [Parallel Requests processing](#parallel-requests-processing)
+    * 4.9.1 [RQ.SRS-016.Kerberos.Parallel](#rqsrs-016kerberosparallel)
+    * 4.9.2 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos](#rqsrs-016kerberosparallelvalidrequestskerberosandnonkerberos)
+    * 4.9.3 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials](#rqsrs-016kerberosparallelvalidrequestssamecredentials)
+    * 4.9.4 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials](#rqsrs-016kerberosparallelvalidrequestsdifferentcredentials)
+    * 4.9.5 [RQ.SRS-016.Kerberos.Parallel.ValidInvalid](#rqsrs-016kerberosparallelvalidinvalid)
+    * 4.9.6 [RQ.SRS-016.Kerberos.Parallel.Deletion](#rqsrs-016kerberosparalleldeletion)
 * 5 [References](#references)
 
+
 ## Revision History
 
 This document is stored in an electronic form using [Git] source control management software
@@ -85,6 +88,13 @@ version: 1.0
 
 [ClickHouse] SHALL support user authentication using [Kerberos] server.
 
+### Ping
+
+#### RQ.SRS-016.Kerberos.Ping
+version: 1.0
+
+Docker containers SHALL be able to ping each other.
+
 ### Configuration
 
 #### RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods
@@ -278,4 +288,3 @@ version: 1.0
 [Revision History]: https://github.com/ClickHouse/ClickHouse/commits/master/tests/testflows/kerberos/requirements/requirements.md
 [Git]: https://git-scm.com/
 [Kerberos terminology]: https://web.mit.edu/kerberos/kfw-4.1/kfw-4.1/kfw-4.1-help/html/kerberos_terminology.htm
-

tests/testflows/kerberos/requirements/requirements.py

@@ -1,6 +1,6 @@
 # These requirements were auto generated
 # from software requirements specification (SRS)
-# document by TestFlows v1.6.201216.1172002.
+# document by TestFlows v1.6.210312.1172513.
 # Do not edit by hand but re-generate instead
 # using 'tfs requirements generate' command.
 from testflows.core import Specification
@@ -23,6 +23,21 @@ RQ_SRS_016_Kerberos = Requirement(
     level=3,
     num='4.1.1')
 
+RQ_SRS_016_Kerberos_Ping = Requirement(
+    name='RQ.SRS-016.Kerberos.Ping',
+    version='1.0',
+    priority=None,
+    group=None,
+    type=None,
+    uid=None,
+    description=(
+        'Docker containers SHALL be able to ping each other.\n'
+        '\n'
+        ),
+    link=None,
+    level=3,
+    num='4.2.1')
+
 RQ_SRS_016_Kerberos_Configuration_MultipleAuthMethods = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods',
     version='1.0',
@@ -36,7 +51,7 @@ RQ_SRS_016_Kerberos_Configuration_MultipleAuthMethods = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.1')
+    num='4.3.1')
 
 RQ_SRS_016_Kerberos_Configuration_KerberosNotEnabled = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled',
@@ -74,7 +89,7 @@ RQ_SRS_016_Kerberos_Configuration_KerberosNotEnabled = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.2')
+    num='4.3.2')
 
 RQ_SRS_016_Kerberos_Configuration_MultipleKerberosSections = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections',
@@ -89,7 +104,7 @@ RQ_SRS_016_Kerberos_Configuration_MultipleKerberosSections = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.3')
+    num='4.3.3')
 
 RQ_SRS_016_Kerberos_Configuration_WrongUserRealm = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.WrongUserRealm',
@@ -104,7 +119,7 @@ RQ_SRS_016_Kerberos_Configuration_WrongUserRealm = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.4')
+    num='4.3.4')
 
 RQ_SRS_016_Kerberos_Configuration_PrincipalAndRealmSpecified = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified',
@@ -119,7 +134,7 @@ RQ_SRS_016_Kerberos_Configuration_PrincipalAndRealmSpecified = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.5')
+    num='4.3.5')
 
 RQ_SRS_016_Kerberos_Configuration_MultiplePrincipalSections = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections',
@@ -134,7 +149,7 @@ RQ_SRS_016_Kerberos_Configuration_MultiplePrincipalSections = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.6')
+    num='4.3.6')
 
 RQ_SRS_016_Kerberos_Configuration_MultipleRealmSections = Requirement(
     name='RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections',
@@ -149,7 +164,7 @@ RQ_SRS_016_Kerberos_Configuration_MultipleRealmSections = Requirement(
         ),
     link=None,
     level=3,
-    num='4.2.7')
+    num='4.3.7')
 
 RQ_SRS_016_Kerberos_ValidUser_XMLConfiguredUser = Requirement(
     name='RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser',
@@ -179,7 +194,7 @@ RQ_SRS_016_Kerberos_ValidUser_XMLConfiguredUser = Requirement(
         ),
     link=None,
     level=3,
-    num='4.3.1')
+    num='4.4.1')
 
 RQ_SRS_016_Kerberos_ValidUser_RBACConfiguredUser = Requirement(
     name='RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser',
@@ -204,7 +219,7 @@ RQ_SRS_016_Kerberos_ValidUser_RBACConfiguredUser = Requirement(
         ),
     link=None,
     level=3,
-    num='4.3.2')
+    num='4.4.2')
 
 RQ_SRS_016_Kerberos_ValidUser_KerberosNotConfigured = Requirement(
     name='RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured',
@@ -219,7 +234,7 @@ RQ_SRS_016_Kerberos_ValidUser_KerberosNotConfigured = Requirement(
         ),
     link=None,
     level=3,
-    num='4.3.3')
+    num='4.4.3')
 
 RQ_SRS_016_Kerberos_InvalidUser = Requirement(
     name='RQ.SRS-016.Kerberos.InvalidUser',
@@ -234,7 +249,7 @@ RQ_SRS_016_Kerberos_InvalidUser = Requirement(
         ),
     link=None,
     level=3,
-    num='4.4.1')
+    num='4.5.1')
 
 RQ_SRS_016_Kerberos_InvalidUser_UserDeleted = Requirement(
     name='RQ.SRS-016.Kerberos.InvalidUser.UserDeleted',
@@ -249,7 +264,7 @@ RQ_SRS_016_Kerberos_InvalidUser_UserDeleted = Requirement(
         ),
     link=None,
     level=3,
-    num='4.4.2')
+    num='4.5.2')
 
 RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidServerTicket = Requirement(
     name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket',
@@ -264,7 +279,7 @@ RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidServerTicket = Requirement(
         ),
     link=None,
     level=3,
-    num='4.5.1')
+    num='4.6.1')
 
 RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidClientTicket = Requirement(
     name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket',
@@ -279,7 +294,7 @@ RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidClientTicket = Requirement(
         ),
     link=None,
     level=3,
-    num='4.5.2')
+    num='4.6.2')
 
 RQ_SRS_016_Kerberos_KerberosNotAvailable_ValidTickets = Requirement(
     name='RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets',
@@ -294,7 +309,7 @@ RQ_SRS_016_Kerberos_KerberosNotAvailable_ValidTickets = Requirement(
         ),
     link=None,
     level=3,
-    num='4.5.3')
+    num='4.6.3')
 
 RQ_SRS_016_Kerberos_KerberosServerRestarted = Requirement(
     name='RQ.SRS-016.Kerberos.KerberosServerRestarted',
@@ -309,7 +324,7 @@ RQ_SRS_016_Kerberos_KerberosServerRestarted = Requirement(
         ),
     link=None,
     level=3,
-    num='4.6.1')
+    num='4.7.1')
 
 RQ_SRS_016_Kerberos_Performance = Requirement(
     name='RQ.SRS-016.Kerberos.Performance',
@@ -324,7 +339,7 @@ RQ_SRS_016_Kerberos_Performance = Requirement(
         ),
     link=None,
     level=3,
-    num='4.7.1')
+    num='4.8.1')
 
 RQ_SRS_016_Kerberos_Parallel = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel',
@@ -339,7 +354,7 @@ RQ_SRS_016_Kerberos_Parallel = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.1')
+    num='4.9.1')
 
 RQ_SRS_016_Kerberos_Parallel_ValidRequests_KerberosAndNonKerberos = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos',
@@ -354,7 +369,7 @@ RQ_SRS_016_Kerberos_Parallel_ValidRequests_KerberosAndNonKerberos = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.2')
+    num='4.9.2')
 
 RQ_SRS_016_Kerberos_Parallel_ValidRequests_SameCredentials = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials',
@@ -369,7 +384,7 @@ RQ_SRS_016_Kerberos_Parallel_ValidRequests_SameCredentials = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.3')
+    num='4.9.3')
 
 RQ_SRS_016_Kerberos_Parallel_ValidRequests_DifferentCredentials = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials',
@@ -384,7 +399,7 @@ RQ_SRS_016_Kerberos_Parallel_ValidRequests_DifferentCredentials = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.4')
+    num='4.9.4')
 
 RQ_SRS_016_Kerberos_Parallel_ValidInvalid = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel.ValidInvalid',
@@ -399,7 +414,7 @@ RQ_SRS_016_Kerberos_Parallel_ValidInvalid = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.5')
+    num='4.9.5')
 
 RQ_SRS_016_Kerberos_Parallel_Deletion = Requirement(
     name='RQ.SRS-016.Kerberos.Parallel.Deletion',
@@ -414,17 +429,17 @@ RQ_SRS_016_Kerberos_Parallel_Deletion = Requirement(
         ),
     link=None,
     level=3,
-    num='4.8.6')
+    num='4.9.6')
 
 QA_SRS016_ClickHouse_Kerberos_Authentication = Specification(
     name='QA-SRS016 ClickHouse Kerberos Authentication', 
     description=None,
-    author='Andrey Zvonov',
-    date='December 14, 2020', 
-    status='-', 
-    approved_by='-',
-    approved_date='-',
-    approved_version='-',
+    author=None,
+    date=None, 
+    status=None, 
+    approved_by=None,
+    approved_date=None,
+    approved_version=None,
     version=None,
     group=None,
     type=None,
@@ -439,40 +454,43 @@ QA_SRS016_ClickHouse_Kerberos_Authentication = Specification(
         Heading(name='Requirements', level=1, num='4'),
         Heading(name='Generic', level=2, num='4.1'),
         Heading(name='RQ.SRS-016.Kerberos', level=3, num='4.1.1'),
-        Heading(name='Configuration', level=2, num='4.2'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods', level=3, num='4.2.1'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled', level=3, num='4.2.2'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections', level=3, num='4.2.3'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.WrongUserRealm', level=3, num='4.2.4'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified', level=3, num='4.2.5'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections', level=3, num='4.2.6'),
-        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections', level=3, num='4.2.7'),
-        Heading(name='Valid User', level=2, num='4.3'),
-        Heading(name='RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser', level=3, num='4.3.1'),
-        Heading(name='RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser', level=3, num='4.3.2'),
-        Heading(name='RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured', level=3, num='4.3.3'),
-        Heading(name='Invalid User', level=2, num='4.4'),
-        Heading(name='RQ.SRS-016.Kerberos.InvalidUser', level=3, num='4.4.1'),
-        Heading(name='RQ.SRS-016.Kerberos.InvalidUser.UserDeleted', level=3, num='4.4.2'),
-        Heading(name='Kerberos Not Available', level=2, num='4.5'),
-        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket', level=3, num='4.5.1'),
-        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket', level=3, num='4.5.2'),
-        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets', level=3, num='4.5.3'),
-        Heading(name='Kerberos Restarted', level=2, num='4.6'),
-        Heading(name='RQ.SRS-016.Kerberos.KerberosServerRestarted', level=3, num='4.6.1'),
-        Heading(name='Performance', level=2, num='4.7'),
-        Heading(name='RQ.SRS-016.Kerberos.Performance', level=3, num='4.7.1'),
-        Heading(name='Parallel Requests processing', level=2, num='4.8'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel', level=3, num='4.8.1'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos', level=3, num='4.8.2'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials', level=3, num='4.8.3'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials', level=3, num='4.8.4'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidInvalid', level=3, num='4.8.5'),
-        Heading(name='RQ.SRS-016.Kerberos.Parallel.Deletion', level=3, num='4.8.6'),
+        Heading(name='Ping', level=2, num='4.2'),
+        Heading(name='RQ.SRS-016.Kerberos.Ping', level=3, num='4.2.1'),
+        Heading(name='Configuration', level=2, num='4.3'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods', level=3, num='4.3.1'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled', level=3, num='4.3.2'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections', level=3, num='4.3.3'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.WrongUserRealm', level=3, num='4.3.4'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified', level=3, num='4.3.5'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections', level=3, num='4.3.6'),
+        Heading(name='RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections', level=3, num='4.3.7'),
+        Heading(name='Valid User', level=2, num='4.4'),
+        Heading(name='RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser', level=3, num='4.4.1'),
+        Heading(name='RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser', level=3, num='4.4.2'),
+        Heading(name='RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured', level=3, num='4.4.3'),
+        Heading(name='Invalid User', level=2, num='4.5'),
+        Heading(name='RQ.SRS-016.Kerberos.InvalidUser', level=3, num='4.5.1'),
+        Heading(name='RQ.SRS-016.Kerberos.InvalidUser.UserDeleted', level=3, num='4.5.2'),
+        Heading(name='Kerberos Not Available', level=2, num='4.6'),
+        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket', level=3, num='4.6.1'),
+        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket', level=3, num='4.6.2'),
+        Heading(name='RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets', level=3, num='4.6.3'),
+        Heading(name='Kerberos Restarted', level=2, num='4.7'),
+        Heading(name='RQ.SRS-016.Kerberos.KerberosServerRestarted', level=3, num='4.7.1'),
+        Heading(name='Performance', level=2, num='4.8'),
+        Heading(name='RQ.SRS-016.Kerberos.Performance', level=3, num='4.8.1'),
+        Heading(name='Parallel Requests processing', level=2, num='4.9'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel', level=3, num='4.9.1'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos', level=3, num='4.9.2'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials', level=3, num='4.9.3'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials', level=3, num='4.9.4'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel.ValidInvalid', level=3, num='4.9.5'),
+        Heading(name='RQ.SRS-016.Kerberos.Parallel.Deletion', level=3, num='4.9.6'),
         Heading(name='References', level=1, num='5'),
         ),
     requirements=(
         RQ_SRS_016_Kerberos,
+        RQ_SRS_016_Kerberos_Ping,
         RQ_SRS_016_Kerberos_Configuration_MultipleAuthMethods,
         RQ_SRS_016_Kerberos_Configuration_KerberosNotEnabled,
         RQ_SRS_016_Kerberos_Configuration_MultipleKerberosSections,
@@ -501,25 +519,6 @@ QA_SRS016_ClickHouse_Kerberos_Authentication = Specification(
 # QA-SRS016 ClickHouse Kerberos Authentication
 # Software Requirements Specification
 
-(c) 2020 Altinity LTD. All Rights Reserved.
-
-**Document status:** Confidential
-
-**Author:** Andrey Zvonov
-
-**Date:** December 14, 2020
-
-## Approval
-
-**Status:** -
-
-**Version:** -
-
-**Approved by:** -
-
-**Date:** -
-
-
 ## Table of Contents
 
 * 1 [Revision History](#revision-history)
@@ -528,47 +527,50 @@ QA_SRS016_ClickHouse_Kerberos_Authentication = Specification(
 * 4 [Requirements](#requirements)
   * 4.1 [Generic](#generic)
     * 4.1.1 [RQ.SRS-016.Kerberos](#rqsrs-016kerberos)
-  * 4.2 [Configuration](#configuration)
-    * 4.2.1 [RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods](#rqsrs-016kerberosconfigurationmultipleauthmethods)
-    * 4.2.2 [RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled](#rqsrs-016kerberosconfigurationkerberosnotenabled)
-    * 4.2.3 [RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections](#rqsrs-016kerberosconfigurationmultiplekerberossections)
-    * 4.2.4 [RQ.SRS-016.Kerberos.Configuration.WrongUserRealm](#rqsrs-016kerberosconfigurationwronguserrealm)
-    * 4.2.5 [RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified](#rqsrs-016kerberosconfigurationprincipalandrealmspecified)
-    * 4.2.6 [RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections](#rqsrs-016kerberosconfigurationmultipleprincipalsections)
-    * 4.2.7 [RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections](#rqsrs-016kerberosconfigurationmultiplerealmsections)
-  * 4.3 [Valid User](#valid-user)
-    * 4.3.1 [RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser](#rqsrs-016kerberosvaliduserxmlconfigureduser)
-    * 4.3.2 [RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser](#rqsrs-016kerberosvaliduserrbacconfigureduser)
-    * 4.3.3 [RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured](#rqsrs-016kerberosvaliduserkerberosnotconfigured)
-  * 4.4 [Invalid User](#invalid-user)
-    * 4.4.1 [RQ.SRS-016.Kerberos.InvalidUser](#rqsrs-016kerberosinvaliduser)
-    * 4.4.2 [RQ.SRS-016.Kerberos.InvalidUser.UserDeleted](#rqsrs-016kerberosinvaliduseruserdeleted)
-  * 4.5 [Kerberos Not Available](#kerberos-not-available)
-    * 4.5.1 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket](#rqsrs-016kerberoskerberosnotavailableinvalidserverticket)
-    * 4.5.2 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket](#rqsrs-016kerberoskerberosnotavailableinvalidclientticket)
-    * 4.5.3 [RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets](#rqsrs-016kerberoskerberosnotavailablevalidtickets)
-  * 4.6 [Kerberos Restarted](#kerberos-restarted)
-    * 4.6.1 [RQ.SRS-016.Kerberos.KerberosServerRestarted](#rqsrs-016kerberoskerberosserverrestarted)
-  * 4.7 [Performance](#performance)
-    * 4.7.1 [RQ.SRS-016.Kerberos.Performance](#rqsrs-016kerberosperformance)
-  * 4.8 [Parallel Requests processing](#parallel-requests-processing)
-    * 4.8.1 [RQ.SRS-016.Kerberos.Parallel](#rqsrs-016kerberosparallel)
-    * 4.8.2 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos](#rqsrs-016kerberosparallelvalidrequestskerberosandnonkerberos)
-    * 4.8.3 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials](#rqsrs-016kerberosparallelvalidrequestssamecredentials)
-    * 4.8.4 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials](#rqsrs-016kerberosparallelvalidrequestsdifferentcredentials)
-    * 4.8.5 [RQ.SRS-016.Kerberos.Parallel.ValidInvalid](#rqsrs-016kerberosparallelvalidinvalid)
-    * 4.8.6 [RQ.SRS-016.Kerberos.Parallel.Deletion](#rqsrs-016kerberosparalleldeletion)
+  * 4.2 [Ping](#ping)
+    * 4.2.1 [RQ.SRS-016.Kerberos.Ping](#rqsrs-016kerberosping)
+  * 4.3 [Configuration](#configuration)
+    * 4.3.1 [RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods](#rqsrs-016kerberosconfigurationmultipleauthmethods)
+    * 4.3.2 [RQ.SRS-016.Kerberos.Configuration.KerberosNotEnabled](#rqsrs-016kerberosconfigurationkerberosnotenabled)
+    * 4.3.3 [RQ.SRS-016.Kerberos.Configuration.MultipleKerberosSections](#rqsrs-016kerberosconfigurationmultiplekerberossections)
+    * 4.3.4 [RQ.SRS-016.Kerberos.Configuration.WrongUserRealm](#rqsrs-016kerberosconfigurationwronguserrealm)
+    * 4.3.5 [RQ.SRS-016.Kerberos.Configuration.PrincipalAndRealmSpecified](#rqsrs-016kerberosconfigurationprincipalandrealmspecified)
+    * 4.3.6 [RQ.SRS-016.Kerberos.Configuration.MultiplePrincipalSections](#rqsrs-016kerberosconfigurationmultipleprincipalsections)
+    * 4.3.7 [RQ.SRS-016.Kerberos.Configuration.MultipleRealmSections](#rqsrs-016kerberosconfigurationmultiplerealmsections)
+  * 4.4 [Valid User](#valid-user)
+    * 4.4.1 [RQ.SRS-016.Kerberos.ValidUser.XMLConfiguredUser](#rqsrs-016kerberosvaliduserxmlconfigureduser)
+    * 4.4.2 [RQ.SRS-016.Kerberos.ValidUser.RBACConfiguredUser](#rqsrs-016kerberosvaliduserrbacconfigureduser)
+    * 4.4.3 [RQ.SRS-016.Kerberos.ValidUser.KerberosNotConfigured](#rqsrs-016kerberosvaliduserkerberosnotconfigured)
+  * 4.5 [Invalid User](#invalid-user)
+    * 4.5.1 [RQ.SRS-016.Kerberos.InvalidUser](#rqsrs-016kerberosinvaliduser)
+    * 4.5.2 [RQ.SRS-016.Kerberos.InvalidUser.UserDeleted](#rqsrs-016kerberosinvaliduseruserdeleted)
+  * 4.6 [Kerberos Not Available](#kerberos-not-available)
+    * 4.6.1 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidServerTicket](#rqsrs-016kerberoskerberosnotavailableinvalidserverticket)
+    * 4.6.2 [RQ.SRS-016.Kerberos.KerberosNotAvailable.InvalidClientTicket](#rqsrs-016kerberoskerberosnotavailableinvalidclientticket)
+    * 4.6.3 [RQ.SRS-016.Kerberos.KerberosNotAvailable.ValidTickets](#rqsrs-016kerberoskerberosnotavailablevalidtickets)
+  * 4.7 [Kerberos Restarted](#kerberos-restarted)
+    * 4.7.1 [RQ.SRS-016.Kerberos.KerberosServerRestarted](#rqsrs-016kerberoskerberosserverrestarted)
+  * 4.8 [Performance](#performance)
+    * 4.8.1 [RQ.SRS-016.Kerberos.Performance](#rqsrs-016kerberosperformance)
+  * 4.9 [Parallel Requests processing](#parallel-requests-processing)
+    * 4.9.1 [RQ.SRS-016.Kerberos.Parallel](#rqsrs-016kerberosparallel)
+    * 4.9.2 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.KerberosAndNonKerberos](#rqsrs-016kerberosparallelvalidrequestskerberosandnonkerberos)
+    * 4.9.3 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.SameCredentials](#rqsrs-016kerberosparallelvalidrequestssamecredentials)
+    * 4.9.4 [RQ.SRS-016.Kerberos.Parallel.ValidRequests.DifferentCredentials](#rqsrs-016kerberosparallelvalidrequestsdifferentcredentials)
+    * 4.9.5 [RQ.SRS-016.Kerberos.Parallel.ValidInvalid](#rqsrs-016kerberosparallelvalidinvalid)
+    * 4.9.6 [RQ.SRS-016.Kerberos.Parallel.Deletion](#rqsrs-016kerberosparalleldeletion)
 * 5 [References](#references)
 
+
 ## Revision History
 
 This document is stored in an electronic form using [Git] source control management software
-hosted in a [GitLab Repository].  
+hosted in a [GitHub Repository].  
 All the updates are tracked using the [Git]'s [Revision History].
 
 ## Introduction
 
-This document specifies the behavior for authenticating existing users using [Kerberos] authentication protocol.
+This document specifies the behavior for authenticating existing users via [Kerberos] authentication protocol.
 Existing [ClickHouse] users, that are properly configured, have an ability to authenticate using [Kerberos]. Kerberos authentication is only supported for HTTP requests, and users configured to authenticate via Kerberos cannot be authenticated by any other means of authentication.
 
 In order to use Kerberos authentication, Kerberos needs to be properly configured in the environment: Kerberos server must be present and user's and server's credentials must be set up. Configuring the Kerberos environment is outside the scope of this document.
@@ -604,6 +606,13 @@ version: 1.0
 
 [ClickHouse] SHALL support user authentication using [Kerberos] server.
 
+### Ping
+
+#### RQ.SRS-016.Kerberos.Ping
+version: 1.0
+
+Docker containers SHALL be able to ping each other.
+
 ### Configuration
 
 #### RQ.SRS-016.Kerberos.Configuration.MultipleAuthMethods
@@ -784,17 +793,17 @@ version: 1.0
 ## References
 
 * **ClickHouse:** https://clickhouse.tech
-* **Gitlab Repository:** https://gitlab.com/altinity-qa/documents/qa-srs016-clickhouse-kerberos-authentication/-/blob/master/QA_SRS016_ClickHouse_Kerberos_Authentication.md
-* **Revision History:** https://gitlab.com/altinity-qa/documents/qa-srs016-clickhouse-kerberos-authentication/-/commits/master/QA_SRS016_ClickHouse_Kerberos_Authentication.md
+* **GitHub Repository:** https://github.com/ClickHouse/ClickHouse/blob/master/tests/testflows/kerberos/requirements/requirements.md
+* **Revision History:** https://github.com/ClickHouse/ClickHouse/commits/master/tests/testflows/kerberos/requirements/requirements.md
 * **Git:** https://git-scm.com/
 * **Kerberos terminology:** https://web.mit.edu/kerberos/kfw-4.1/kfw-4.1/kfw-4.1-help/html/kerberos_terminology.htm
 
 [Kerberos]: https://en.wikipedia.org/wiki/Kerberos_(protocol)
 [SPNEGO]: https://en.wikipedia.org/wiki/SPNEGO
 [ClickHouse]: https://clickhouse.tech
-[GitLab]: https://gitlab.com
-[GitLab Repository]: https://gitlab.com/altinity-qa/documents/qa-srs016-clickhouse-kerberos-authentication/-/blob/master/QA_SRS016_ClickHouse_Kerberos_Authentication.md
-[Revision History]: https://gitlab.com/altinity-qa/documents/qa-srs016-clickhouse-kerberos-authentication/-/commits/master/QA_SRS016_ClickHouse_Kerberos_Authentication.md
+[GitHub]: https://gitlab.com
+[GitHub Repository]: https://github.com/ClickHouse/ClickHouse/blob/master/tests/testflows/kerberos/requirements/requirements.md
+[Revision History]: https://github.com/ClickHouse/ClickHouse/commits/master/tests/testflows/kerberos/requirements/requirements.md
 [Git]: https://git-scm.com/
 [Kerberos terminology]: https://web.mit.edu/kerberos/kfw-4.1/kfw-4.1/kfw-4.1-help/html/kerberos_terminology.htm
 ''')

tests/testflows/kerberos/tests/common.py

@@ -223,3 +223,72 @@ def check_wrong_config(self, node, client, config_path, modify_file, log_error="
             assert exitcode == 0, error()
 
 
+@TestStep(Given)
+def instrument_clickhouse_server_log(self, node=None, clickhouse_server_log="/var/log/clickhouse-server/clickhouse-server.log"):
+    """Instrument clickhouse-server.log for the current test
+    by adding start and end messages that include
+    current test name to the clickhouse-server.log of the specified node and
+    if the test fails then dump the messages from
+    the clickhouse-server.log for this test.
+    """
+    if node is None:
+        node = self.context.node
+
+    with By("getting current log size"):
+        cmd =  node.command(f"stat --format=%s {clickhouse_server_log}")
+        logsize = cmd.output.split(" ")[0].strip()
+
+    try:
+        with And("adding test name start message to the clickhouse-server.log"):
+            node.command(f"echo -e \"\\n-- start: {current().name} --\\n\" >> {clickhouse_server_log}")
+        with And("dump memory info"):
+            node.command(f"echo -e \"\\n-- {current().name} -- top --\\n\" && top -bn1")
+            node.command(f"echo -e \"\\n-- {current().name} -- df --\\n\" && df -h")
+            node.command(f"echo -e \"\\n-- {current().name} -- free --\\n\" && free -mh")
+        yield
+
+    finally:
+        if self.context.cluster.terminating is True:
+            return
+
+        with Finally("adding test name end message to the clickhouse-server.log", flags=TE):
+           node.command(f"echo -e \"\\n-- end: {current().name} --\\n\" >> {clickhouse_server_log}")
+
+        with And("checking if test has failing result"):
+            if not self.parent.result:
+                with Then("dumping clickhouse-server.log for this test"):
+                    node.command(f"tail -c +{logsize} {clickhouse_server_log}")
+
+
+@TestStep(Given)
+def current_hw_state(self, node=None, clickhouse_server_log="/var/log/clickhouse-server/clickhouse-server.log"):
+    """Instrument clickhouse-server.log for the current test
+    by adding start and end messages that include
+    current test name to the clickhouse-server.log of the specified node and
+    if the test fails then dump the messages from
+    the clickhouse-server.log for this test.
+    """
+    if node is None:
+        node = self.context.node
+
+    with By("getting current log size"):
+        cmd =  node.command(f"stat --format=%s {clickhouse_server_log}")
+        logsize = cmd.output.split(" ")[0].strip()
+
+    try:
+        with And("adding test name start message to the clickhouse-server.log"):
+            node.command(f"echo -e \"\\n-- start: {current().name} --\\n\" >> {clickhouse_server_log}")
+        with And("dump memory info"):
+            node.command(f"echo -e \"\\n-- {current().name} -- top --\\n\" && top -bn1")
+            node.command(f"echo -e \"\\n-- {current().name} -- df --\\n\" && df -h")
+            node.command(f"echo -e \"\\n-- {current().name} -- free --\\n\" && free -mh")
+        yield
+
+    finally:
+        if self.context.cluster.terminating is True:
+            return
+
+        with Finally("adding test name end message to the clickhouse-server.log", flags=TE):
+           node.command(f"echo -e \"\\n-- end: {current().name} --\\n\" >> {clickhouse_server_log}")
+
+        node.command(f"tail -c +{logsize} {clickhouse_server_log}")

tests/testflows/kerberos/tests/generic.py

@@ -5,6 +5,24 @@ from kerberos.requirements.requirements import *
 import time
 
 
+@TestScenario
+@Requirements(
+    RQ_SRS_016_Kerberos_Ping("1.0")
+)
+def ping(self):
+    """Containers should be reachable
+    """
+    ch_nodes = self.context.ch_nodes
+
+    for i in range(3):
+        with When(f"curl ch_{i} kerberos"):
+            r = ch_nodes[i].command(f"curl docker-compose_kerberos_1 -c 1")
+        with Then(f"return code should be 0"):
+            assert r.exitcode == 7, error()
+
+
+
+
 @TestScenario
 @Requirements(
     RQ_SRS_016_Kerberos_ValidUser_XMLConfiguredUser("1.0")
@@ -81,6 +99,7 @@ def invalid_server_ticket(self):
         self.context.krb_server.start()
         ch_nodes[2].cmd("kdestroy")
         while True:
+            time.sleep(1)
             kinit_no_keytab(node=ch_nodes[2])
             if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
                 break
@@ -122,6 +141,7 @@ def invalid_client_ticket(self):
         self.context.krb_server.start()
         ch_nodes[2].cmd("kdestroy")
         while True:
+            time.sleep(1)
             kinit_no_keytab(node=ch_nodes[2])
             if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
                 break