Python create_tls_artifacts Exemples

Exemple #1

Fichier : test_toggle_security.py Projet : keithchambers/dcos-commons

def kafka_client(kerberos):
    """
    A pytest fixture to install a Kafka client as a Marathon application.
    This client is capable of both Kerberos and TLS communication.

    On teardown, the client is uninstalled.
    """
    try:
        client_id = "kafka-client"
        client = {
            "id": client_id,
            "mem": 512,
            "container": {
                "type": "MESOS",
                "docker": {
                    "image": "elezar/kafka-client:latest",
                    "forcePullImage": True
                },
                "volumes": [
                    {
                        "containerPath": "/tmp/kafkaconfig/kafka-client.keytab",
                        "secret": "kafka_keytab"
                    }
                ]
            },
            "secrets": {
                "kafka_keytab": {
                    "source": kerberos.get_keytab_path(),

                }
            },
            "networks": [
                {
                    "mode": "host"
                }
            ],
            "env": {
                "JVM_MaxHeapSize": "512",
                "KAFKA_CLIENT_MODE": "test",
                "KAFKA_TOPIC": "securetest",
                "KAFKA_BROKER_LIST": ""
            }
        }

        sdk_marathon.install_app(client)

        # Create a TLS certificate for the TLS tests
        transport_encryption.create_tls_artifacts(
            cn="client",
            marathon_task=client_id)

        yield {
            **client,
            **{
                "tls-id": "client",
            }
        }

    finally:
        sdk_marathon.destroy_app(client_id)

Exemple #2

Fichier : test_toggle_security.py Projet : rathohit311356/dcos-commons

def kafka_client():
    try:
        kafka_client = client.KafkaClient("kafka-client", config.PACKAGE_NAME, config.SERVICE_NAME)
        kafka_client.install()
        transport_encryption.create_tls_artifacts(TLS_USER, "kafka-client")

        yield kafka_client
    finally:
        kafka_client.uninstall()

Exemple #3

Fichier : test_ssl_kerberos_auth.py Projet : keithchambers/dcos-commons

def kafka_client(kerberos, kafka_server):

    brokers = sdk_cmd.svc_cli(
        kafka_server["package_name"],
        kafka_server["service"]["name"],
        "endpoint broker-tls", json=True)["dns"]

    try:
        client_id = "kafka-client"
        client = {
            "id": client_id,
            "mem": 512,
            "user": "******",
            "container": {
                "type": "MESOS",
                "docker": {
                    "image": "elezar/kafka-client:latest",
                    "forcePullImage": True
                },
                "volumes": [
                    {
                        "containerPath": "/tmp/kafkaconfig/kafka-client.keytab",
                        "secret": "kafka_keytab"
                    }
                ]
            },
            "secrets": {
                "kafka_keytab": {
                    "source": kerberos.get_keytab_path(),

                }
            },
            "networks": [
                {
                    "mode": "host"
                }
            ],
            "env": {
                "JVM_MaxHeapSize": "512",
                "KAFKA_CLIENT_MODE": "test",
                "KAFKA_TOPIC": "securetest",
                "KAFKA_BROKER_LIST": ",".join(brokers)
            }
        }

        sdk_marathon.install_app(client)

        transport_encryption.create_tls_artifacts(
            cn="client",
            marathon_task=client_id)

        broker_hosts = list(map(lambda x: x.split(':')[0], brokers))
        yield {**client, **{"brokers": broker_hosts}}

    finally:
        sdk_marathon.destroy_app(client_id)

Exemple #4

Fichier : test_ssl_kerberos_auth.py Projet : vpavan28/dcos-commons

def kafka_client(kerberos, kafka_server):

    brokers = sdk_cmd.svc_cli(
        kafka_server["package_name"],
        kafka_server["service"]["name"],
        "endpoint broker-tls", json=True)["dns"]

    try:
        client_id = "kafka-client"
        client = {
            "id": client_id,
            "mem": 512,
            "user": "******",
            "container": {
                "type": "MESOS",
                "docker": {
                    "image": "elezar/kafka-client:latest",
                    "forcePullImage": True
                },
                "volumes": [
                    {
                        "containerPath": "/tmp/kafkaconfig/kafka-client.keytab",
                        "secret": "kafka_keytab"
                    }
                ]
            },
            "secrets": {
                "kafka_keytab": {
                    "source": kerberos.get_keytab_path(),

                }
            },
            "networks": [
                {
                    "mode": "host"
                }
            ],
            "env": {
                "JVM_MaxHeapSize": "512",
                "KAFKA_CLIENT_MODE": "test",
                "KAFKA_TOPIC": "securetest",
                "KAFKA_BROKER_LIST": ",".join(brokers)
            }
        }

        sdk_marathon.install_app(client)

        transport_encryption.create_tls_artifacts(
            cn="client",
            task=client_id)

        broker_hosts = list(map(lambda x: x.split(':')[0], brokers))
        yield {**client, **{"brokers": broker_hosts}}

    finally:
        sdk_marathon.destroy_app(client_id)

Exemple #5

Fichier : test_toggle_security.py Projet : thebijuus/dcos-commons

def kafka_client(kerberos):
    """
    A pytest fixture to install a Kafka client as a Marathon application.
    This client is capable of both Kerberos and TLS communication.

    On teardown, the client is uninstalled.
    """
    try:
        client_id = "kafka-client"
        client = {
            "id": client_id,
            "mem": 512,
            "container": {
                "type":
                "MESOS",
                "docker": {
                    "image": "elezar/kafka-client:4b9c060",
                    "forcePullImage": True
                },
                "volumes": [{
                    "containerPath": "/tmp/kafkaconfig/kafka-client.keytab",
                    "secret": "kafka_keytab"
                }]
            },
            "secrets": {
                "kafka_keytab": {
                    "source": kerberos.get_keytab_path(),
                }
            },
            "networks": [{
                "mode": "host"
            }],
            "env": {
                "JVM_MaxHeapSize": "512",
                "KAFKA_CLIENT_MODE": "test",
                "KAFKA_TOPIC": "securetest",
                "KAFKA_BROKER_LIST": ""
            }
        }

        sdk_marathon.install_app(client)

        # Create a TLS certificate for the TLS tests
        transport_encryption.create_tls_artifacts(cn="client",
                                                  marathon_task=client_id)

        yield {
            **client,
            **{
                "tls-id": "client",
            }
        }

    finally:
        sdk_marathon.destroy_app(client_id)

Exemple #6

Fichier : test_toggle_security.py Projet : rathohit311356/dcos-commons

def kerberized_kafka_client(kerberos: sdk_auth.KerberosEnvironment):
    try:
        kafka_client = client.KafkaClient(
            "kerberized-client", config.PACKAGE_NAME, config.SERVICE_NAME, kerberos
        )
        kafka_client.install()
        transport_encryption.create_tls_artifacts(TLS_USER, "kerberized-client")

        yield kafka_client
    finally:
        kafka_client.uninstall()

Exemple #7

Fichier : test_tls.py Projet : rathohit311356/dcos-commons

def kafka_client():
    try:
        kafka_client = client.KafkaClient("kafka-client", config.PACKAGE_NAME,
                                          config.SERVICE_NAME)
        kafka_client.install()

        # TODO: This flag should be set correctly.
        kafka_client._is_tls = True
        transport_encryption.create_tls_artifacts(TLS_USER, "kafka-client")

        yield kafka_client
    finally:
        kafka_client.uninstall()

Exemple #8

Fichier : test_ssl_kerberos_auth.py Projet : waldonhendricks/dcos-commons

def kafka_client(kerberos):
    try:
        kafka_client = client.KafkaClient("kafka-client")
        kafka_client.install(kerberos)

        # TODO: This flag should be set correctly.
        kafka_client._is_tls = True

        transport_encryption.create_tls_artifacts(
            cn="client", marathon_task=kafka_client.get_id())

        yield kafka_client
    finally:
        kafka_client.uninstall()

Exemple #9

Fichier : test_ssl_auth.py Projet : waldonhendricks/dcos-commons

def setup_principals(kafka_client: client.KafkaClient):
    client_id = kafka_client.get_id()

    transport_encryption.create_tls_artifacts(cn="kafka-tester", marathon_task=client_id)
    transport_encryption.create_tls_artifacts(cn="authorized", marathon_task=client_id)
    transport_encryption.create_tls_artifacts(cn="unauthorized", marathon_task=client_id)
    transport_encryption.create_tls_artifacts(cn="super", marathon_task=client_id)

Exemple #10

def setup_principals(kafka_client):
    client_id = kafka_client["id"]

    transport_encryption.create_tls_artifacts(cn="kafka-tester",
                                              task=client_id)
    transport_encryption.create_tls_artifacts(cn="authorized", task=client_id)
    transport_encryption.create_tls_artifacts(cn="unauthorized",
                                              task=client_id)
    transport_encryption.create_tls_artifacts(cn="super", task=client_id)

Exemple #11

Fichier : test_ssl_auth.py Projet : keithchambers/dcos-commons

def setup_principals(kafka_client):
    client_id = kafka_client["id"]

    transport_encryption.create_tls_artifacts(
        cn="kafka-tester",
        marathon_task=client_id)
    transport_encryption.create_tls_artifacts(
        cn="authorized",
        marathon_task=client_id)
    transport_encryption.create_tls_artifacts(
        cn="unauthorized",
        marathon_task=client_id)
    transport_encryption.create_tls_artifacts(
        cn="super",
        marathon_task=client_id)