mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-22 07:31:57 +00:00
enabling tests
This commit is contained in:
parent
c0264de45a
commit
aa64385944
@ -7,10 +7,10 @@
|
|||||||
dns_lookup_kdc = false
|
dns_lookup_kdc = false
|
||||||
|
|
||||||
[realms]
|
[realms]
|
||||||
EXAMPLE.COM = {
|
EXAMPLE.COM = {
|
||||||
kdc = kerberos
|
kdc = kerberos_env_kerberos_1.krbnet
|
||||||
admin_server = kerberos
|
admin_server = kerberos_env_kerberos_1.krbnet
|
||||||
}
|
}
|
||||||
OTHER.COM = {
|
OTHER.COM = {
|
||||||
kdc = kerberos
|
kdc = kerberos
|
||||||
admin_server = kerberos
|
admin_server = kerberos
|
||||||
|
@ -1,40 +0,0 @@
|
|||||||
[kdc]
|
|
||||||
require-preauth = false
|
|
||||||
|
|
||||||
[libdefaults]
|
|
||||||
default_realm = EXAMPLE.COM
|
|
||||||
ticket_lifetime = 36000
|
|
||||||
dns_lookup_kdc = false
|
|
||||||
udp_preference_limit = 0
|
|
||||||
|
|
||||||
[realms]
|
|
||||||
EXAMPLE.COM = {
|
|
||||||
kdc = kerberos_env_kerberos_1.krbnet
|
|
||||||
admin_server = kerberos_env_kerberos_1.krbnet
|
|
||||||
}
|
|
||||||
OTHER.COM = {
|
|
||||||
kdc = kerberos
|
|
||||||
admin_server = kerberos
|
|
||||||
}
|
|
||||||
|
|
||||||
[domain_realm]
|
|
||||||
docker-compose_default = EXAMPLE.COM
|
|
||||||
.docker-compose_default = EXAMPLE.COM
|
|
||||||
krbnet = EXAMPLE.COM
|
|
||||||
.krbnet = EXAMPLE.COM
|
|
||||||
kerberos_env_default = EXAMPLE.COM
|
|
||||||
.kerberos_env_default = EXAMPLE.COM
|
|
||||||
|
|
||||||
[appdefaults]
|
|
||||||
validate = false
|
|
||||||
pam = {
|
|
||||||
debug = false
|
|
||||||
ticket_lifetime = 36000
|
|
||||||
renew_lifetime = 36000
|
|
||||||
forwardable = true
|
|
||||||
krb4_convert = false
|
|
||||||
}
|
|
||||||
|
|
||||||
[logging]
|
|
||||||
kdc = FILE:/var/log/krb5kdc.log
|
|
||||||
admin_server = FILE:/var/log/kadmin.log
|
|
@ -39,8 +39,8 @@ def regression(self, local, clickhouse_binary_path, stress=None, parallel=None):
|
|||||||
self.context.cluster = cluster
|
self.context.cluster = cluster
|
||||||
|
|
||||||
Feature(run=load("kerberos.tests.generic", "generic"), flags=TE)
|
Feature(run=load("kerberos.tests.generic", "generic"), flags=TE)
|
||||||
# Feature(run=load("kerberos.tests.config", "config"), flags=TE)
|
Feature(run=load("kerberos.tests.config", "config"), flags=TE)
|
||||||
# Feature(run=load("kerberos.tests.parallel", "parallel"), flags=TE)
|
Feature(run=load("kerberos.tests.parallel", "parallel"), flags=TE)
|
||||||
|
|
||||||
|
|
||||||
if main():
|
if main():
|
||||||
|
@ -145,11 +145,6 @@ def multiple_principal(self):
|
|||||||
log_error="Multiple principal sections are not allowed")
|
log_error="Multiple principal sections are not allowed")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@TestFeature
|
@TestFeature
|
||||||
def config(self):
|
def config(self):
|
||||||
"""Perform ClickHouse Kerberos authentication testing for incorrect configuration files
|
"""Perform ClickHouse Kerberos authentication testing for incorrect configuration files
|
||||||
|
@ -21,8 +21,6 @@ def ping(self):
|
|||||||
assert r.exitcode == 7, error()
|
assert r.exitcode == 7, error()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@TestScenario
|
@TestScenario
|
||||||
@Requirements(
|
@Requirements(
|
||||||
RQ_SRS_016_Kerberos_ValidUser_XMLConfiguredUser("1.0")
|
RQ_SRS_016_Kerberos_ValidUser_XMLConfiguredUser("1.0")
|
||||||
@ -110,81 +108,81 @@ def invalid_server_ticket(self):
|
|||||||
assert r.output == "default", error()
|
assert r.output == "default", error()
|
||||||
|
|
||||||
|
|
||||||
# @TestScenario
|
@TestScenario
|
||||||
# @Requirements(
|
@Requirements(
|
||||||
# RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidClientTicket("1.0")
|
RQ_SRS_016_Kerberos_KerberosNotAvailable_InvalidClientTicket("1.0")
|
||||||
# )
|
)
|
||||||
# def invalid_client_ticket(self):
|
def invalid_client_ticket(self):
|
||||||
# """ClickHouse SHALL reject Kerberos authentication in case client has
|
"""ClickHouse SHALL reject Kerberos authentication in case client has
|
||||||
# no valid ticket (or the existing ticket is outdated).
|
no valid ticket (or the existing ticket is outdated).
|
||||||
# """
|
"""
|
||||||
# ch_nodes = self.context.ch_nodes
|
ch_nodes = self.context.ch_nodes
|
||||||
#
|
|
||||||
# with Given("kinit for client"):
|
with Given("kinit for client"):
|
||||||
# kinit_no_keytab(node=ch_nodes[2], lifetime_option="-l 00:00:05")
|
kinit_no_keytab(node=ch_nodes[2], lifetime_option="-l 00:00:05")
|
||||||
#
|
|
||||||
# with And("setting up server principal"):
|
with And("setting up server principal"):
|
||||||
# create_server_principal(node=ch_nodes[0])
|
create_server_principal(node=ch_nodes[0])
|
||||||
#
|
|
||||||
# # with And("I kill kerberos-server"):
|
# with And("I kill kerberos-server"):
|
||||||
# # self.context.krb_server.stop()
|
# self.context.krb_server.stop()
|
||||||
#
|
|
||||||
# with And("I wait until client ticket is expired"):
|
with And("I wait until client ticket is expired"):
|
||||||
# time.sleep(10)
|
time.sleep(10)
|
||||||
#
|
|
||||||
# with When("I attempt to authenticate as kerberos_user"):
|
with When("I attempt to authenticate as kerberos_user"):
|
||||||
# r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
||||||
#
|
|
||||||
# with Then("I expect the user to be default"):
|
with Then("I expect the user to be default"):
|
||||||
# assert r.output == "default", error()
|
assert r.output == "default", error()
|
||||||
#
|
|
||||||
# with Finally(""):
|
with Finally(""):
|
||||||
# # self.context.krb_server.start()
|
# self.context.krb_server.start()
|
||||||
# time.sleep(1)
|
time.sleep(1)
|
||||||
# ch_nodes[2].cmd(f"echo pwd | kinit -l 10:00 kerberos_user")
|
ch_nodes[2].cmd(f"echo pwd | kinit -l 10:00 kerberos_user")
|
||||||
# while True:
|
while True:
|
||||||
# time.sleep(1)
|
time.sleep(1)
|
||||||
# if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
||||||
# break
|
break
|
||||||
# ch_nodes[2].cmd("kdestroy")
|
ch_nodes[2].cmd("kdestroy")
|
||||||
|
|
||||||
|
|
||||||
# @TestCase
|
@TestCase
|
||||||
# @Requirements(
|
@Requirements(
|
||||||
# RQ_SRS_016_Kerberos_KerberosNotAvailable_ValidTickets("1.0")
|
RQ_SRS_016_Kerberos_KerberosNotAvailable_ValidTickets("1.0")
|
||||||
# )
|
)
|
||||||
# def kerberos_unreachable_valid_tickets(self):
|
def kerberos_unreachable_valid_tickets(self):
|
||||||
# """ClickHouse SHALL accept Kerberos authentication if no Kerberos server is reachable
|
"""ClickHouse SHALL accept Kerberos authentication if no Kerberos server is reachable
|
||||||
# but both CH-server and client have valid tickets.
|
but both CH-server and client have valid tickets.
|
||||||
# """
|
"""
|
||||||
# ch_nodes = self.context.ch_nodes
|
ch_nodes = self.context.ch_nodes
|
||||||
#
|
|
||||||
# with Given("kinit for client"):
|
with Given("kinit for client"):
|
||||||
# kinit_no_keytab(node=ch_nodes[2])
|
kinit_no_keytab(node=ch_nodes[2])
|
||||||
#
|
|
||||||
# with And("setting up server principal"):
|
with And("setting up server principal"):
|
||||||
# create_server_principal(node=ch_nodes[0])
|
create_server_principal(node=ch_nodes[0])
|
||||||
#
|
|
||||||
# with And("make sure server obtained ticket"):
|
with And("make sure server obtained ticket"):
|
||||||
# ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
||||||
#
|
|
||||||
# with And("I kill kerberos-server"):
|
with And("I kill kerberos-server"):
|
||||||
# self.context.krb_server.stop()
|
self.context.krb_server.stop()
|
||||||
#
|
|
||||||
# with When("I attempt to authenticate as kerberos_user"):
|
with When("I attempt to authenticate as kerberos_user"):
|
||||||
# r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
||||||
#
|
|
||||||
# with Then("I expect the user to be default"):
|
with Then("I expect the user to be default"):
|
||||||
# assert r.output == "kerberos_user", error()
|
assert r.output == "kerberos_user", error()
|
||||||
#
|
|
||||||
# with Finally("I start kerberos server again"):
|
with Finally("I start kerberos server again"):
|
||||||
# self.context.krb_server.start()
|
self.context.krb_server.start()
|
||||||
# ch_nodes[2].cmd("kdestroy")
|
ch_nodes[2].cmd("kdestroy")
|
||||||
# while True:
|
while True:
|
||||||
# kinit_no_keytab(node=ch_nodes[2])
|
kinit_no_keytab(node=ch_nodes[2])
|
||||||
# if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
||||||
# break
|
break
|
||||||
# ch_nodes[2].cmd("kdestroy")
|
ch_nodes[2].cmd("kdestroy")
|
||||||
|
|
||||||
|
|
||||||
@TestScenario
|
@TestScenario
|
||||||
@ -215,39 +213,39 @@ def kerberos_not_configured(self):
|
|||||||
ch_nodes[0].query("DROP USER unkerberized")
|
ch_nodes[0].query("DROP USER unkerberized")
|
||||||
|
|
||||||
|
|
||||||
# @TestScenario
|
@TestScenario
|
||||||
# @Requirements(
|
@Requirements(
|
||||||
# RQ_SRS_016_Kerberos_KerberosServerRestarted("1.0")
|
RQ_SRS_016_Kerberos_KerberosServerRestarted("1.0")
|
||||||
# )
|
)
|
||||||
# def kerberos_server_restarted(self):
|
def kerberos_server_restarted(self):
|
||||||
# """ClickHouse SHALL accept Kerberos authentication if Kerberos server was restarted.
|
"""ClickHouse SHALL accept Kerberos authentication if Kerberos server was restarted.
|
||||||
# """
|
"""
|
||||||
# ch_nodes = self.context.ch_nodes
|
ch_nodes = self.context.ch_nodes
|
||||||
# krb_server = self.context.krb_server
|
krb_server = self.context.krb_server
|
||||||
#
|
|
||||||
# with Given("I obtain keytab for user"):
|
with Given("I obtain keytab for user"):
|
||||||
# kinit_no_keytab(node=ch_nodes[2])
|
kinit_no_keytab(node=ch_nodes[2])
|
||||||
# with And("I create server principal"):
|
with And("I create server principal"):
|
||||||
# create_server_principal(node=ch_nodes[0])
|
create_server_principal(node=ch_nodes[0])
|
||||||
# with And("I obtain server ticket"):
|
with And("I obtain server ticket"):
|
||||||
# ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]), no_checks=True)
|
ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]), no_checks=True)
|
||||||
# with By("I dump, restart and restore kerberos server"):
|
with By("I dump, restart and restore kerberos server"):
|
||||||
# krb_server.cmd("kdb5_util dump dump.dmp", shell_command="/bin/sh")
|
krb_server.cmd("kdb5_util dump dump.dmp", shell_command="/bin/sh")
|
||||||
# krb_server.restart()
|
krb_server.restart()
|
||||||
# krb_server.cmd("kdb5_util load dump.dmp", shell_command="/bin/sh")
|
krb_server.cmd("kdb5_util load dump.dmp", shell_command="/bin/sh")
|
||||||
#
|
|
||||||
# with When("I attempt to authenticate"):
|
with When("I attempt to authenticate"):
|
||||||
# r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
r = ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
||||||
#
|
|
||||||
# with And("I wait for kerberos to be healthy"):
|
with And("I wait for kerberos to be healthy"):
|
||||||
# ch_nodes[2].cmd("kdestroy")
|
ch_nodes[2].cmd("kdestroy")
|
||||||
# while True:
|
while True:
|
||||||
# kinit_no_keytab(node=ch_nodes[2])
|
kinit_no_keytab(node=ch_nodes[2])
|
||||||
# if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
if ch_nodes[2].cmd(test_select_query(node=ch_nodes[0])).output == "kerberos_user":
|
||||||
# break
|
break
|
||||||
#
|
|
||||||
# with Then(f"I expect kerberos_user"):
|
with Then(f"I expect kerberos_user"):
|
||||||
# assert r.output == "kerberos_user", error()
|
assert r.output == "kerberos_user", error()
|
||||||
|
|
||||||
|
|
||||||
@TestScenario
|
@TestScenario
|
||||||
@ -298,44 +296,41 @@ def user_deleted(self):
|
|||||||
assert "Authentication failed: password is incorrect or there is no user with such name" in r.output, error()
|
assert "Authentication failed: password is incorrect or there is no user with such name" in r.output, error()
|
||||||
|
|
||||||
|
|
||||||
# @TestScenario
|
@TestScenario
|
||||||
# @Requirements(
|
@Requirements(
|
||||||
# RQ_SRS_016_Kerberos_Performance("1.0")
|
RQ_SRS_016_Kerberos_Performance("1.0")
|
||||||
# )
|
)
|
||||||
# def authentication_performance(self):
|
def authentication_performance(self):
|
||||||
# """ClickHouse's performance for Kerberos authentication SHALL shall be comparable to regular authentication.
|
"""ClickHouse's performance for Kerberos authentication SHALL shall be comparable to regular authentication.
|
||||||
# """
|
"""
|
||||||
# ch_nodes = self.context.ch_nodes
|
ch_nodes = self.context.ch_nodes
|
||||||
#
|
|
||||||
# with Given("I obtain keytab for a user"):
|
|
||||||
# kinit_no_keytab(node=ch_nodes[2])
|
|
||||||
#
|
|
||||||
# with And("I create server principal"):
|
|
||||||
# create_server_principal(node=ch_nodes[0])
|
|
||||||
#
|
|
||||||
# with And("I create a password-identified user"):
|
|
||||||
# ch_nodes[0].query("CREATE USER pwd_user IDENTIFIED WITH plaintext_password BY 'pwd'")
|
|
||||||
#
|
|
||||||
# with When("I measure kerberos auth time"):
|
|
||||||
# start_time_krb = time.time()
|
|
||||||
# for i in range(100):
|
|
||||||
# ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
|
||||||
# krb_time = (time.time() - start_time_krb) / 100
|
|
||||||
#
|
|
||||||
# with And("I measure password auth time"):
|
|
||||||
# start_time_usual = time.time()
|
|
||||||
# for i in range(100):
|
|
||||||
# ch_nodes[2].cmd(f"echo 'SELECT 1' | curl 'http://pwd_user:pwd@clickhouse1:8123/' -d @-")
|
|
||||||
# usual_time = (time.time() - start_time_usual) / 100
|
|
||||||
#
|
|
||||||
# with Then("measuring the performance compared to password auth"):
|
|
||||||
# metric("percentage_improvement", units="%", value=100*(krb_time - usual_time)/usual_time)
|
|
||||||
#
|
|
||||||
# with Finally("I drop pwd_user"):
|
|
||||||
# ch_nodes[0].query("DROP USER pwd_user")
|
|
||||||
|
|
||||||
|
with Given("I obtain keytab for a user"):
|
||||||
|
kinit_no_keytab(node=ch_nodes[2])
|
||||||
|
|
||||||
|
with And("I create server principal"):
|
||||||
|
create_server_principal(node=ch_nodes[0])
|
||||||
|
|
||||||
|
with And("I create a password-identified user"):
|
||||||
|
ch_nodes[0].query("CREATE USER pwd_user IDENTIFIED WITH plaintext_password BY 'pwd'")
|
||||||
|
|
||||||
|
with When("I measure kerberos auth time"):
|
||||||
|
start_time_krb = time.time()
|
||||||
|
for i in range(100):
|
||||||
|
ch_nodes[2].cmd(test_select_query(node=ch_nodes[0]))
|
||||||
|
krb_time = (time.time() - start_time_krb) / 100
|
||||||
|
|
||||||
|
with And("I measure password auth time"):
|
||||||
|
start_time_usual = time.time()
|
||||||
|
for i in range(100):
|
||||||
|
ch_nodes[2].cmd(f"echo 'SELECT 1' | curl 'http://pwd_user:pwd@clickhouse1:8123/' -d @-")
|
||||||
|
usual_time = (time.time() - start_time_usual) / 100
|
||||||
|
|
||||||
|
with Then("measuring the performance compared to password auth"):
|
||||||
|
metric("percentage_improvement", units="%", value=100*(krb_time - usual_time)/usual_time)
|
||||||
|
|
||||||
|
with Finally("I drop pwd_user"):
|
||||||
|
ch_nodes[0].query("DROP USER pwd_user")
|
||||||
|
|
||||||
|
|
||||||
@TestFeature
|
@TestFeature
|
||||||
|
@ -22,15 +22,15 @@ def regression(self, local, clickhouse_binary_path, stress=None, parallel=None):
|
|||||||
tasks = []
|
tasks = []
|
||||||
with Pool(8) as pool:
|
with Pool(8) as pool:
|
||||||
try:
|
try:
|
||||||
#run_scenario(pool, tasks, Feature(test=load("example.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("example.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("ldap.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("ldap.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("rbac.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("rbac.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("aes_encryption.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("aes_encryption.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("map_type.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("map_type.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("window_functions.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("window_functions.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("datetime64_extended_range.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("datetime64_extended_range.regression", "regression")), args)
|
||||||
run_scenario(pool, tasks, Feature(test=load("kerberos.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("kerberos.regression", "regression")), args)
|
||||||
#run_scenario(pool, tasks, Feature(test=load("extended_precision_data_types.regression", "regression")), args)
|
run_scenario(pool, tasks, Feature(test=load("extended_precision_data_types.regression", "regression")), args)
|
||||||
finally:
|
finally:
|
||||||
join(tasks)
|
join(tasks)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user