def test_process_request_noapp(self):
"""Test processing ticket request."""
treadmill.zkutils.get.side_effect = kazoo.client.NoNodeError
tkt_locker = tickets.TicketLocker(kazoo.client.KazooClient(),
'/var/spool/tickets')
# With no node node error, result will be empty dict.
self.assertEqual(
{},
tkt_locker.process_request('host/[email protected]', 'foo#1234'))
def locker(tkt_spool_dir, trusted, no_register):
"""Run ticket locker daemon."""
trusted_apps = {}
for hostname, app, tkts in trusted:
tkts = list(set(tkts.split(',')))
_LOGGER.info('Trusted: %s/%s : %r', hostname, app, tkts)
trusted_apps[(hostname, app)] = tkts
tkt_locker = tickets.TicketLocker(context.GLOBAL.zk.conn,
tkt_spool_dir,
trusted=trusted_apps)
tickets.run_server(tkt_locker, register=(not no_register))
def test_publish(self):
"""Test tickets publishing."""
tkt_locker = tickets.TicketLocker(kazoo.client.KazooClient(),
self.tkt_dir)
io.open(os.path.join(self.tkt_dir, 'x@r1'), 'w+').close()
io.open(os.path.join(self.tkt_dir, 'x@r2'), 'w+').close()
io.open(os.path.join(self.tkt_dir, 'x@r3'), 'w+').close()
tkt_locker.publish_tickets(['@r1', '@r2'], once=True)
treadmill.zkutils.put.assert_has_calls([
mock.call(mock.ANY, '/tickets/x@r1/h', 'klist-output',
ephemeral=True),
mock.call(mock.ANY, '/tickets/x@r2/h', 'klist-output',
ephemeral=True),
], any_order=True)
def test_process_trusted(self):
"""Test processing trusted app."""
tkt_locker = tickets.TicketLocker(kazoo.client.KazooClient(),
self.tkt_dir,
trusted={
('aaa.xxx.com', 'master'):
['x@r1']
})
with io.open(os.path.join(self.tkt_dir, 'x@r1'), 'w+') as f:
f.write('x')
# base64 encoded 'x'.
self.assertEqual({'x@r1': b'eA=='},
tkt_locker.process_request('host/[email protected]',
'master'))
def test_prune(self):
"""Test pruning published tickets."""
tkt_locker = tickets.TicketLocker(kazoo.client.KazooClient(),
self.tkt_dir)
tickets.krbcc_ok.return_value = True
tkt_locker.prune_tickets()
tickets.krbcc_ok.assert_called_with(os.path.join(self.tkt_dir, 'x@r1'))
self.assertFalse(zkutils.ensure_deleted.called)
tickets.krbcc_ok.reset_mock()
tickets.krbcc_ok.return_value = False
tkt_locker.prune_tickets()
tickets.krbcc_ok.assert_called_with(os.path.join(self.tkt_dir, 'x@r1'))
zkutils.ensure_deleted.assert_called_with(mock.ANY, '/tickets/x@r1/h')
def test_process_request(self):
"""Test processing ticket request."""
treadmill.zkutils.get.return_value = {'tickets': ['tkt1']}
tkt_locker = tickets.TicketLocker(kazoo.client.KazooClient(),
'/var/spool/tickets')
# With no ticket in /var/spool/tickets, result will be empty dict
self.assertEqual({},
tkt_locker.process_request('host/[email protected]',
'foo#1234'))
kazoo.client.KazooClient.exists.assert_called_with(
'/placement/aaa.xxx.com/foo#1234')
# Invalid (non host) principal
self.assertEqual(
None, tkt_locker.process_request('*****@*****.**', 'foo#1234'))
def locker(tkt_spool_dir):
"""Run ticket locker daemon."""
tkt_locker = tickets.TicketLocker(context.GLOBAL.zk.conn,
tkt_spool_dir)
tickets.run_server(tkt_locker)
def publish(tkt_spool_dir, realms):
"""Run ticket locker daemon."""
tkt_locker = tickets.TicketLocker(context.GLOBAL.zk.conn,
tkt_spool_dir)
tkt_locker.publish_tickets(realms)
