def test_local_tls(loop, temporary):
if temporary:
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = True
else:
security = tls_only_security()
with LocalCluster(
n_workers=0,
scheduler_port=8786,
silence_logs=False,
security=security,
dashboard_address=":0",
host="tls://0.0.0.0",
loop=loop,
) as c:
sync(
loop,
assert_can_connect_from_everywhere_4,
c.scheduler.port,
protocol="tls",
timeout=3,
**c.security.get_connection_args("client"),
)
# If we connect to a TLS localculster without ssl information we should fail
sync(
loop,
assert_cannot_connect,
addr="tcp://127.0.0.1:%d" % c.scheduler.port,
exception_class=RuntimeError,
**c.security.get_connection_args("client"),
)
def test_extra_conn_args_in_temporary_credentials():
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
sec = Security.temporary(
extra_conn_args={"headers": {
"X-Request-ID": "abcd"
}})
assert sec.extra_conn_args == {"headers": {"X-Request-ID": "abcd"}}
async def test_client_constructor_with_temporary_security():
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
async with Client(security=True,
silence_logs=False,
dashboard_address=":0",
asynchronous=True) as c:
assert c.cluster.scheduler_address.startswith("tls")
assert c.security == c.cluster.security
def test_temporary_credentials():
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
sec = Security.temporary()
sec_repr = repr(sec)
fields = ["tls_ca_file"]
fields.extend(f"tls_{role}_{kind}"
for role in ["client", "scheduler", "worker"]
for kind in ["key", "cert"])
for f in fields:
val = getattr(sec, f)
assert "\n" in val
assert val not in sec_repr
async def test_wss_roundtrip():
np = pytest.importorskip("numpy")
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = Security.temporary()
async with Scheduler(
protocol="wss://", security=security, dashboard_address=":0"
) as s:
async with Worker(s.address, security=security) as w:
async with Client(s.address, security=security, asynchronous=True) as c:
x = np.arange(100)
future = await c.scatter(x)
y = await future
assert (x == y).all()
async def test_http_and_comm_server(cleanup, dashboard, protocol, security, port):
if security:
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = Security.temporary()
async with Scheduler(
protocol=protocol, dashboard=dashboard, port=port, security=security
) as s:
if port == 8787:
assert s.http_server is s.listener.server
else:
assert s.http_server is not s.listener.server
async with Worker(s.address, protocol=protocol, security=security) as w:
async with Client(s.address, asynchronous=True, security=security) as c:
result = await c.submit(lambda x: x + 1, 10)
assert result == 11
async def test_capture_security(cleanup, temporary):
if temporary:
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = True
else:
security = tls_only_security()
async with LocalCluster(
n_workers=0,
silence_logs=False,
security=security,
asynchronous=True,
dashboard_address=":0",
host="tls://0.0.0.0",
) as cluster:
async with Client(cluster, asynchronous=True) as client:
assert client.security == cluster.security
async def test_expect_scheduler_ssl_when_sharing_server(tmpdir):
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = Security.temporary()
key_path = os.path.join(str(tmpdir), "dask.pem")
cert_path = os.path.join(str(tmpdir), "dask.crt")
with open(key_path, "w") as f:
f.write(security.tls_scheduler_key)
with open(cert_path, "w") as f:
f.write(security.tls_scheduler_cert)
c = {
"distributed.scheduler.dashboard.tls.key": key_path,
"distributed.scheduler.dashboard.tls.cert": cert_path,
}
with dask.config.set(c):
with pytest.raises(RuntimeError):
async with Scheduler(protocol="ws://", dashboard=True, port=8787):
pass
async def test_connection_made_with_extra_conn_args(cleanup, protocol):
if protocol == "ws://":
security = Security(
extra_conn_args={"headers": {"Authorization": "Token abcd"}}
)
else:
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
security = Security.temporary(
extra_conn_args={"headers": {"Authorization": "Token abcd"}}
)
async with Scheduler(
protocol=protocol, security=security, dashboard_address=":0"
) as s:
connection_args = security.get_connection_args("worker")
comm = await connect(s.address, **connection_args)
assert comm.sock.request.headers.get("Authorization") == "Token abcd"
await comm.close()
async def test_tls_temporary_credentials_functional():
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
async def handle_comm(comm):
peer_addr = comm.peer_address
assert peer_addr.startswith("tls://")
await comm.write("hello")
await comm.close()
sec = Security.temporary()
async with listen("tls://", handle_comm,
**sec.get_listen_args("scheduler")) as listener:
comm = await connect(listener.contact_address,
**sec.get_connection_args("worker"))
msg = await comm.read()
assert msg == "hello"
comm.abort()
def test_repr_temp_keys():
xfail_ssl_issue5601()
pytest.importorskip("cryptography")
sec = Security.temporary()
representation = repr(sec)
assert "Temporary (In-memory)" in representation
