mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-30 19:42:00 +00:00
188 lines
5.2 KiB
Python
188 lines
5.2 KiB
Python
import pytest
|
|
|
|
from helpers.cluster import ClickHouseCluster
|
|
|
|
cluster = ClickHouseCluster(__file__)
|
|
|
|
node_ipv4 = cluster.add_instance(
|
|
"node_ipv4",
|
|
main_configs=[],
|
|
user_configs=["configs/users_ipv4.xml"],
|
|
ipv4_address="10.5.172.77", # Never copy-paste this line
|
|
)
|
|
client_ipv4_ok = cluster.add_instance(
|
|
"client_ipv4_ok",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv4_address="10.5.172.10", # Never copy-paste this line
|
|
)
|
|
client_ipv4_ok_direct = cluster.add_instance(
|
|
"client_ipv4_ok_direct",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv4_address="10.5.173.1", # Never copy-paste this line
|
|
)
|
|
client_ipv4_ok_full_mask = cluster.add_instance(
|
|
"client_ipv4_ok_full_mask",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv4_address="10.5.175.77", # Never copy-paste this line
|
|
)
|
|
client_ipv4_bad = cluster.add_instance(
|
|
"client_ipv4_bad",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv4_address="10.5.173.10", # Never copy-paste this line
|
|
)
|
|
|
|
node_ipv6 = cluster.add_instance(
|
|
"node_ipv6",
|
|
main_configs=["configs/config_ipv6.xml"],
|
|
user_configs=["configs/users_ipv6.xml"],
|
|
ipv6_address="2001:3984:3989::1:1000", # Never copy-paste this line
|
|
)
|
|
client_ipv6_ok = cluster.add_instance(
|
|
"client_ipv6_ok",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv6_address="2001:3984:3989::5555", # Never copy-paste this line
|
|
)
|
|
client_ipv6_ok_direct = cluster.add_instance(
|
|
"client_ipv6_ok_direct",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv6_address="2001:3984:3989::1:1111", # Never copy-paste this line
|
|
)
|
|
client_ipv6_bad = cluster.add_instance(
|
|
"client_ipv6_bad",
|
|
main_configs=[],
|
|
user_configs=[],
|
|
ipv6_address="2001:3984:3989::1:1112", # Never copy-paste this line
|
|
)
|
|
|
|
|
|
@pytest.fixture(scope="module")
|
|
def setup_cluster():
|
|
try:
|
|
cluster.start()
|
|
yield cluster
|
|
|
|
finally:
|
|
cluster.shutdown()
|
|
|
|
|
|
def test_ipv4(setup_cluster):
|
|
try:
|
|
client_ipv4_ok.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 10.5.172.77 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
except Exception as ex:
|
|
assert (
|
|
False
|
|
), "allowed client with 10.5.172.10 cannot connect to server with allowed mask '10.5.172.0/24'"
|
|
|
|
try:
|
|
client_ipv4_ok_direct.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 10.5.172.77 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
except Exception as ex:
|
|
assert (
|
|
False
|
|
), "allowed client with 10.5.173.1 cannot connect to server with allowed ip '10.5.173.1'"
|
|
|
|
try:
|
|
client_ipv4_ok_full_mask.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 10.5.172.77 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
except Exception as ex:
|
|
assert (
|
|
False
|
|
), "allowed client with 10.5.175.77 cannot connect to server with allowed ip '10.5.175.0/255.255.255.0'"
|
|
|
|
try:
|
|
client_ipv4_bad.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 10.5.172.77 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
assert (
|
|
False
|
|
), "restricted client with 10.5.173.10 can connect to server with allowed mask '10.5.172.0/24'"
|
|
except AssertionError:
|
|
raise
|
|
except Exception as ex:
|
|
print(ex)
|
|
|
|
|
|
def test_ipv6(setup_cluster):
|
|
try:
|
|
client_ipv6_ok.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 2001:3984:3989::1:1000 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
except Exception as ex:
|
|
print(ex)
|
|
assert (
|
|
False
|
|
), "allowed client with 2001:3984:3989:0:0:0:1:1111 cannot connect to server with allowed mask '2001:3984:3989:0:0:0:0:0/112'"
|
|
|
|
try:
|
|
client_ipv6_ok_direct.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 2001:3984:3989:0:0:0:1:1000 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
except Exception as ex:
|
|
assert (
|
|
False
|
|
), "allowed client with 2001:3984:3989:0:0:0:1:1111 cannot connect to server with allowed ip '2001:3984:3989:0:0:0:1:1111'"
|
|
|
|
try:
|
|
client_ipv6_bad.exec_in_container(
|
|
[
|
|
"bash",
|
|
"-c",
|
|
"/usr/bin/clickhouse client --host 2001:3984:3989:0:0:0:1:1000 --query 'select 1'",
|
|
],
|
|
privileged=True,
|
|
user="root",
|
|
)
|
|
assert (
|
|
False
|
|
), "restricted client with 2001:3984:3989:0:0:0:1:1112 can connect to server with allowed mask '2001:3984:3989:0:0:0:0:0/112'"
|
|
except AssertionError:
|
|
raise
|
|
except Exception as ex:
|
|
print(ex)
|