def test_custom_service_tld(): task_count = 1 custom_tld = sdk_hosts.get_crypto_id_domain() sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, task_count, additional_options={ "service": { "custom_service_tld": custom_tld, "yaml": "custom_tld" } }, ) # Verify the endpoint entry is correct assert set(["test"]) == set( sdk_networks.get_endpoint_names(config.PACKAGE_NAME, config.SERVICE_NAME)) test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME, config.SERVICE_NAME, "test") assert set(["address", "dns"]) == set(test_endpoint.keys()) assert len(test_endpoint["address"]) == task_count # Expect ip:port: for entry in test_endpoint["address"]: assert len(entry.split(":")) == 2 assert len(test_endpoint["dns"]) == task_count # Expect custom tld: for entry in test_endpoint["dns"]: assert custom_tld in entry
def test_custom_domain(): task_count = 3 custom_domain = sdk_hosts.get_crypto_id_domain() sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, task_count, additional_options={ "service": { "security": { "custom_domain": custom_domain } } }) # Verify the endpoint entry is correct assert set(["native-client"]) == set( sdk_networks.get_endpoint_names(config.PACKAGE_NAME, config.SERVICE_NAME)) test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME, config.SERVICE_NAME, "native-client") assert set(["address", "dns"]) == set(test_endpoint.keys()) assert len(test_endpoint["address"]) == task_count # Expect ip:port: for entry in test_endpoint["address"]: assert len(entry.split(":")) == 2 assert len(test_endpoint["dns"]) == task_count # Expect custom domain: for entry in test_endpoint["dns"]: assert custom_domain in entry
def test_verify_https_ports(hdfs_client, node_type, port): """ Verify that HTTPS port is open name, journal and data node types. """ task_id = "{}-0-node".format(node_type) host = sdk_hosts.custom_host( config.SERVICE_NAME, task_id, sdk_hosts.get_crypto_id_domain(), port ) ca_bundle = transport_encryption.fetch_dcos_ca_bundle(hdfs_client["id"]) config.verify_https_ports(ca_bundle, host, task_id)
def kerberos(configure_security): try: kerberos_env = sdk_auth.KerberosEnvironment() principals = auth.get_service_principals( config.SERVICE_NAME, kerberos_env.get_realm(), sdk_hosts.get_crypto_id_domain()) kerberos_env.add_principals(principals) kerberos_env.finalize() yield kerberos_env finally: kerberos_env.cleanup()
def kafka_server(kerberos, service_account): """ A pytest fixture that installs a Kerberized kafka service. On teardown, the service is uninstalled. """ service_kerberos_options = { "service": { "name": config.SERVICE_NAME, "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "custom_domain": sdk_hosts.get_crypto_id_domain(), "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), }, "transport_encryption": { "enabled": True, "ciphers": "TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", }, }, } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60, ) yield { **service_kerberos_options, **{ "package_name": config.PACKAGE_NAME } } finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kerberos(configure_security): try: kerberos_env = sdk_auth.KerberosEnvironment() principals = auth.get_service_principals(config.SERVICE_NAME, kerberos_env.get_realm(), sdk_hosts.get_crypto_id_domain()) kerberos_env.add_principals(principals) kerberos_env.finalize() yield kerberos_env finally: kerberos_env.cleanup()
def test_custom_service_tld(): custom_tld = sdk_hosts.get_crypto_id_domain() sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options={ "service": { "custom_service_tld": custom_tld, "yaml": "custom_tld", } }) # Verify the endpoints are correct endpoints = sdk_networks.get_and_test_endpoints(config.PACKAGE_NAME, config.SERVICE_NAME, "test", 2) for entry in endpoints["dns"]: assert custom_tld in entry
def test_custom_service_tld(): custom_tld = sdk_hosts.get_crypto_id_domain() sdk_install.install(config.PACKAGE_NAME, config.SERVICE_NAME, 1, additional_options={ "service": { "custom_service_tld": custom_tld, "yaml": "custom_tld", } }) # Verify the endpoints are correct endpoints = sdk_networks.get_and_test_endpoints(config.PACKAGE_NAME, config.SERVICE_NAME, "test", 2) for entry in endpoints["dns"]: assert custom_tld in entry
def kafka_server(kerberos, service_account, kafka_client: client.KafkaClient): """ A pytest fixture that installs a Kerberized kafka service. On teardown, the service is uninstalled. """ service_kerberos_options = { "service": { "name": config.SERVICE_NAME, "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "custom_domain": sdk_hosts.get_crypto_id_domain(), "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), }, "transport_encryption": { "enabled": True }, }, } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60, ) kafka_client.connect(config.DEFAULT_BROKER_COUNT) yield finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(kerberos, service_account): """ A pytest fixture that installs a Kerberized kafka service. On teardown, the service is uninstalled. """ service_kerberos_options = { "service": { "name": config.SERVICE_NAME, "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "custom_domain": sdk_hosts.get_crypto_id_domain(), "kerberos": { "enabled": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": sdk_auth.REALM, "keytab_secret": kerberos.get_keytab_path(), }, "transport_encryption": { "enabled": True } } } } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_BROKER_COUNT, additional_options=service_kerberos_options, timeout_seconds=30 * 60) yield {**service_kerberos_options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def hdfs_server(kerberos, service_account): """ A pytest fixture that installs a Kerberized HDFS service. On teardown, the service is uninstalled. """ service_options = { "service": { "name": config.SERVICE_NAME, "service_account": service_account["name"], "service_account_secret": service_account["secret"], "security": { "custom_domain": sdk_hosts.get_crypto_id_domain(), "kerberos": { "enabled": True, "kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())}, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), }, "transport_encryption": {"enabled": True}, }, }, "hdfs": {"security_auth_to_local": auth.get_principal_to_user_mapping()}, } sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME) try: sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, config.DEFAULT_TASK_COUNT, additional_options=service_options, timeout_seconds=30 * 60, ) yield {**service_options, **{"package_name": config.PACKAGE_NAME}} finally: sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_custom_service_tld(): task_count = 1 custom_tld = sdk_hosts.get_crypto_id_domain() sdk_install.install( config.PACKAGE_NAME, config.SERVICE_NAME, task_count, additional_options={"service": {"custom_service_tld": custom_tld, "yaml": "custom_tld"}}, ) # Verify the endpoint entry is correct assert set(["test"]) == set(sdk_networks.get_endpoint_names(config.PACKAGE_NAME, config.SERVICE_NAME)) test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME, config.SERVICE_NAME, "test") assert set(["address", "dns"]) == set(test_endpoint.keys()) assert len(test_endpoint["address"]) == task_count # Expect ip:port: for entry in test_endpoint["address"]: assert len(entry.split(":")) == 2 assert len(test_endpoint["dns"]) == task_count # Expect custom tld: for entry in test_endpoint["dns"]: assert custom_tld in entry