def _validate_positive_cases(self, vector, ca_cert=""): shell_options = ["--ssl", "-q", "select 1 + 2"] result = run_impala_shell_cmd(vector, shell_options, wait_until_connected=False) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr for warning in [ self.DEPRECATED_POSITIONAL_WARNING, self.DEPRECATED_VALIDATE_WARNING ]: assert warning not in result.stderr if ca_cert != "": shell_options = shell_options + ["--ca_cert=%s" % ca_cert] result = run_impala_shell_cmd(vector, shell_options, wait_until_connected=False) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr for warning in [ self.DEPRECATED_POSITIONAL_WARNING, self.DEPRECATED_VALIDATE_WARNING ]: assert warning not in result.stderr
def test_saml2_browser_profile_no_group_filter(self, vector): # Iterate over test vector within test function to avoid restarting cluster. for vector in\ [ImpalaTestVector([value]) for value in create_client_protocol_dimension()]: protocol = vector.get_value("protocol") if protocol != "hs2-http": # SAML2 should not affect non http protocols. args = ["--protocol=%s" % protocol, "-q", "select 1 + 2"] run_impala_shell_cmd(vector, args, expect_success=True) continue # hs2-http connections without further arguments should be rejected. args = ["--protocol=hs2-http", "-q", "select 1 + 2"] run_impala_shell_cmd(vector, args, expect_success=False) # test the SAML worflow with different attributes self._test_saml2_browser_workflow("", True) attributes_xml = TestClientSaml.ATTRIBUTE_STATEMENT.format( group_name="group1") self._test_saml2_browser_workflow(attributes_xml, True) attributes_xml = TestClientSaml.ATTRIBUTE_STATEMENT.format( group_name="bad_group") self._test_saml2_browser_workflow(attributes_xml, True)
def _verify_negative_cases(self): # Expect the shell to not start successfully if we point --ca_cert to an incorrect # certificate. args = "--ssl -q 'select 1 + 2' --ca_cert=%s/incorrect-commonname-cert.pem" \ % self.CERT_DIR run_impala_shell_cmd(args, expect_success=False) # Expect the shell to not start successfully if we don't specify the --ssl option args = "-q 'select 1 + 2'" run_impala_shell_cmd(args, expect_success=False)
def _verify_negative_cases(self): # Expect the shell to not start successfully if we point --ca_cert to an incorrect # certificate. args = "--ssl -q 'select 1 + 2' --ca_cert=%s/incorrect-commonname-cert.pem" \ % self.CERT_DIR run_impala_shell_cmd(args, expect_success=False) # Expect the shell to not start successfully if we don't specify the --ssl option args = "-q 'select 1 + 2'" run_impala_shell_cmd(args, expect_success=False)
def _verify_negative_cases(self, vector): # Expect the shell to not start successfully if we point --ca_cert to an incorrect # certificate. args = ["--ssl", "-q", "select 1 + 2", "--ca_cert=%s/incorrect-commonname-cert.pem" % self.CERT_DIR] run_impala_shell_cmd(vector, args, expect_success=False) # Expect the shell to not start successfully if we don't specify the --ssl option args = ["-q", "select 1 + 2"] run_impala_shell_cmd(vector, args, expect_success=False)
def _validate_positive_cases(self, ca_cert=""): shell_options = "--ssl -q 'select 1 + 2'" result = run_impala_shell_cmd(shell_options) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr if ca_cert != "": shell_options = shell_options + (" --ca_cert=%s" % ca_cert) result = run_impala_shell_cmd(shell_options) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr
def _validate_positive_cases(self, ca_cert=""): shell_options = "--ssl -q 'select 1 + 2'" result = run_impala_shell_cmd(shell_options) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr if ca_cert != "": shell_options = shell_options + (" --ca_cert=%s" % ca_cert) result = run_impala_shell_cmd(shell_options) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr
def test_webserver_url_not_exposed(self, vector): if vector.get_value('table_format').file_format != 'text': pytest.skip('runs only for text table_format') # If webserver url is not exposed, debug web urls shouldn't be printed out. shell_messages = ["Query submitted at: ", "(Coordinator: ", "Query progress can be monitored at: "] query_shell_arg = '--query=select * from functional.alltypes' # hs2 results = run_impala_shell_cmd(vector, [query_shell_arg]) self._validate_shell_messages(results.stderr, shell_messages, should_exist=False) # beeswax results = run_impala_shell_cmd(vector, ['--protocol=beeswax', query_shell_arg]) self._validate_shell_messages(results.stderr, shell_messages, should_exist=False) # Even though webserver url is not exposed, it is still accessible. page = requests.get('http://localhost:25000') assert page.status_code == requests.codes.ok
def test_ssl(self, vector): # TODO: This is really two different tests, but the custom cluster takes too long to # start. Make it so that custom clusters can be specified across test suites. result = run_impala_shell_cmd("--ssl --ca_cert=%s/server-cert.pem -q 'select 1 + 2'" % self.CERT_DIR) for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr # No certificate checking: will accept any cert. result = run_impala_shell_cmd("--ssl -q 'select 1 + 2'") for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]: assert msg in result.stderr # Test cancelling a query impalad = ImpaladService(socket.getfqdn()) impalad.wait_for_num_in_flight_queries(0) p = ImpalaShell(args="--ssl") p.send_cmd("SET DEBUG_ACTION=0:OPEN:WAIT") p.send_cmd("select count(*) from functional.alltypes") impalad.wait_for_num_in_flight_queries(1) LOG = logging.getLogger('test_client_ssl') LOG.info("Cancelling query") num_tries = 0 # In practice, sending SIGINT to the shell process doesn't always seem to get caught # (and a search shows up some bugs in Python where SIGINT might be ignored). So retry # for 30s until one signal takes. while impalad.get_num_in_flight_queries() == 1: time.sleep(1) LOG.info("Sending signal...") os.kill(p.pid(), signal.SIGINT) num_tries += 1 assert num_tries < 30, "SIGINT was not caught by shell within 30s" p.send_cmd("profile") result = p.get_result() print result.stderr assert result.rc == 0 assert "Query Status: Cancelled" in result.stdout assert impalad.wait_for_num_in_flight_queries(0)