def client():
"""
init Etcd3Client, close its connection-pool when teardown
"""
c = Client(host, port, protocol)
yield c
c.close()
def client():
"""
init Etcd3Client, close its connection-pool when teardown
"""
_, p, _ = docker_run_etcd_main()
c = Client(host, p, protocol)
yield c
c.close()
def setup():
global _toxi_proxy_clt
_toxi_proxy_clt = ToxiProxyClient()
_toxi_proxy_clt.start()
seed_endpoint = os.getenv(ENV_ETCD3_ENDPOINT)
user = os.getenv(ENV_ETCD3_USER)
password = user # That is how the test etcd cluster is configured.
cert_ca = None
if os.getenv(ENV_ETCD3_TLS):
cert_ca = 'tests/fixtures/ca.pem'
global _direct_clt
_direct_clt = Client(seed_endpoint, user, password, cert_ca=cert_ca)
global _aux_clt
_aux_clt = Client(seed_endpoint, user, password, cert_ca=cert_ca)
_aux_clt._reset_grpc_channel()
discovered_endpoints = _aux_clt._endpoint_balancer._endpoints
global _proxy_endpoint_index
_proxy_endpoint_index = {}
proxy_endpoints = []
for i, discovered_endpoint in enumerate(discovered_endpoints):
proxy_name = str(i)
proxy_spec = _toxi_proxy_clt.add_proxy(proxy_name, discovered_endpoint)
proxy_endpoint = proxy_spec['listen']
# Make sure to access proxy via 127.0.0.1 otherwise TLS verification fails.
if proxy_endpoint.startswith('[::]:'):
proxy_endpoint = '127.0.0.1:' + proxy_endpoint[5:]
proxy_endpoints.append(proxy_endpoint)
_proxy_endpoint_index[proxy_endpoint] = proxy_name
# Proxied client is assumed to have not established a connection with Etcd.
global _proxied_clt
_proxied_clt = Client(proxy_endpoints, user, password, cert_ca=cert_ca)
_proxied_clt._skip_endpoint_discovery = True
# Clean leftovers from previous tests.
_aux_clt.delete('/test', is_prefix=True)
def __init__(self, log, server_ip, cert_file, key_file, port=5002):
self.log = log
self.server_ip = server_ip
self.port = port
self.cert_file = cert_file
self.key_file = key_file
self.client = None
print(self.server_ip, self.port, self.cert_file, self.key_file)
self.client = Client(self.server_ip,
self.port,
cert=(self.cert_file, self.key_file),
verify=False)
print(self.client)
async def post(self):
"""增加指定角色的权限
"""
body = self.get_body_json()
role = self.db.query(Role).filter_by(name=body["role"]).first()
if not role:
role = Role(name=body["role"])
self.db.add(role)
self.db.commit()
perms = []
for perm_name in body["permissions"]:
perm = self.db.query(Permission).filter_by(name=perm_name).first()
if not perm:
perm = Permission(name=perm_name)
self.db.add(perm)
self.db.commit()
perms.append(perm)
if not perms:
self.fail("no-permissions")
return
# sync to etcd
if settings.SYCN_ETCD:
# create etcd client
for endpoint in settings.ETCD_ENDPOINTS.split(";"):
host, port = endpoint.split(":")
client = Client(host, int(port))
break # FIXME: try when failed
key = get_permission_role_key(perm.name)
new_roles = []
r = client.range(key)
if r.count == 1:
new_roles.extend(json.loads(r.kvs[0].value))
if role.name not in new_roles:
new_roles.append(role.name)
client.put(key, json.dumps(new_roles))
# append permissions
role.permissions.extend(perms)
self.db.commit()
self.success()
def test_auth_no_tls():
with assert_raises_regexp(AttributeError, 'Authentication is only allowed via TLS'):
Client(user='******', password='******')
def test_user_password_inconsistent():
with assert_raises_regexp(AttributeError, 'Neither or both user and password should be specified'):
Client(user='******')
with assert_raises_regexp(AttributeError, 'Neither or both user and password should be specified'):
Client(password='******')