def test_custom_service_tld():
task_count = 1
custom_tld = sdk_hosts.get_crypto_id_domain()
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
task_count,
additional_options={
"service": {
"custom_service_tld": custom_tld,
"yaml": "custom_tld"
}
},
)
# Verify the endpoint entry is correct
assert set(["test"]) == set(
sdk_networks.get_endpoint_names(config.PACKAGE_NAME,
config.SERVICE_NAME))
test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME,
config.SERVICE_NAME, "test")
assert set(["address", "dns"]) == set(test_endpoint.keys())
assert len(test_endpoint["address"]) == task_count
# Expect ip:port:
for entry in test_endpoint["address"]:
assert len(entry.split(":")) == 2
assert len(test_endpoint["dns"]) == task_count
# Expect custom tld:
for entry in test_endpoint["dns"]:
assert custom_tld in entry
def test_custom_domain():
task_count = 3
custom_domain = sdk_hosts.get_crypto_id_domain()
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
task_count,
additional_options={
"service": {
"security": {
"custom_domain": custom_domain
}
}
})
# Verify the endpoint entry is correct
assert set(["native-client"]) == set(
sdk_networks.get_endpoint_names(config.PACKAGE_NAME,
config.SERVICE_NAME))
test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME,
config.SERVICE_NAME,
"native-client")
assert set(["address", "dns"]) == set(test_endpoint.keys())
assert len(test_endpoint["address"]) == task_count
# Expect ip:port:
for entry in test_endpoint["address"]:
assert len(entry.split(":")) == 2
assert len(test_endpoint["dns"]) == task_count
# Expect custom domain:
for entry in test_endpoint["dns"]:
assert custom_domain in entry
def test_verify_https_ports(hdfs_client, node_type, port):
"""
Verify that HTTPS port is open name, journal and data node types.
"""
task_id = "{}-0-node".format(node_type)
host = sdk_hosts.custom_host(
config.SERVICE_NAME, task_id, sdk_hosts.get_crypto_id_domain(), port
)
ca_bundle = transport_encryption.fetch_dcos_ca_bundle(hdfs_client["id"])
config.verify_https_ports(ca_bundle, host, task_id)
def kerberos(configure_security):
try:
kerberos_env = sdk_auth.KerberosEnvironment()
principals = auth.get_service_principals(
config.SERVICE_NAME, kerberos_env.get_realm(),
sdk_hosts.get_crypto_id_domain())
kerberos_env.add_principals(principals)
kerberos_env.finalize()
yield kerberos_env
finally:
kerberos_env.cleanup()
def kafka_server(kerberos, service_account):
"""
A pytest fixture that installs a Kerberized kafka service.
On teardown, the service is uninstalled.
"""
service_kerberos_options = {
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"custom_domain": sdk_hosts.get_crypto_id_domain(),
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
},
"transport_encryption": {
"enabled":
True,
"ciphers":
"TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
},
},
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60,
)
yield {
**service_kerberos_options,
**{
"package_name": config.PACKAGE_NAME
}
}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kerberos(configure_security):
try:
kerberos_env = sdk_auth.KerberosEnvironment()
principals = auth.get_service_principals(config.SERVICE_NAME,
kerberos_env.get_realm(),
sdk_hosts.get_crypto_id_domain())
kerberos_env.add_principals(principals)
kerberos_env.finalize()
yield kerberos_env
finally:
kerberos_env.cleanup()
def test_custom_service_tld():
custom_tld = sdk_hosts.get_crypto_id_domain()
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
1,
additional_options={
"service": {
"custom_service_tld": custom_tld,
"yaml": "custom_tld",
}
})
# Verify the endpoints are correct
endpoints = sdk_networks.get_and_test_endpoints(config.PACKAGE_NAME, config.SERVICE_NAME, "test", 2)
for entry in endpoints["dns"]:
assert custom_tld in entry
def test_custom_service_tld():
custom_tld = sdk_hosts.get_crypto_id_domain()
sdk_install.install(config.PACKAGE_NAME,
config.SERVICE_NAME,
1,
additional_options={
"service": {
"custom_service_tld": custom_tld,
"yaml": "custom_tld",
}
})
# Verify the endpoints are correct
endpoints = sdk_networks.get_and_test_endpoints(config.PACKAGE_NAME,
config.SERVICE_NAME,
"test", 2)
for entry in endpoints["dns"]:
assert custom_tld in entry
def kafka_server(kerberos, service_account, kafka_client: client.KafkaClient):
"""
A pytest fixture that installs a Kerberized kafka service.
On teardown, the service is uninstalled.
"""
service_kerberos_options = {
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"custom_domain": sdk_hosts.get_crypto_id_domain(),
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
},
"transport_encryption": {
"enabled": True
},
},
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60,
)
kafka_client.connect(config.DEFAULT_BROKER_COUNT)
yield
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def kafka_server(kerberos, service_account):
"""
A pytest fixture that installs a Kerberized kafka service.
On teardown, the service is uninstalled.
"""
service_kerberos_options = {
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"custom_domain": sdk_hosts.get_crypto_id_domain(),
"kerberos": {
"enabled": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": sdk_auth.REALM,
"keytab_secret": kerberos.get_keytab_path(),
},
"transport_encryption": {
"enabled": True
}
}
}
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_BROKER_COUNT,
additional_options=service_kerberos_options,
timeout_seconds=30 * 60)
yield {**service_kerberos_options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def hdfs_server(kerberos, service_account):
"""
A pytest fixture that installs a Kerberized HDFS service.
On teardown, the service is uninstalled.
"""
service_options = {
"service": {
"name": config.SERVICE_NAME,
"service_account": service_account["name"],
"service_account_secret": service_account["secret"],
"security": {
"custom_domain": sdk_hosts.get_crypto_id_domain(),
"kerberos": {
"enabled": True,
"kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
},
"transport_encryption": {"enabled": True},
},
},
"hdfs": {"security_auth_to_local": auth.get_principal_to_user_mapping()},
}
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
try:
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
config.DEFAULT_TASK_COUNT,
additional_options=service_options,
timeout_seconds=30 * 60,
)
yield {**service_options, **{"package_name": config.PACKAGE_NAME}}
finally:
sdk_install.uninstall(config.PACKAGE_NAME, config.SERVICE_NAME)
def test_custom_service_tld():
task_count = 1
custom_tld = sdk_hosts.get_crypto_id_domain()
sdk_install.install(
config.PACKAGE_NAME,
config.SERVICE_NAME,
task_count,
additional_options={"service": {"custom_service_tld": custom_tld, "yaml": "custom_tld"}},
)
# Verify the endpoint entry is correct
assert set(["test"]) == set(sdk_networks.get_endpoint_names(config.PACKAGE_NAME, config.SERVICE_NAME))
test_endpoint = sdk_networks.get_endpoint(config.PACKAGE_NAME, config.SERVICE_NAME, "test")
assert set(["address", "dns"]) == set(test_endpoint.keys())
assert len(test_endpoint["address"]) == task_count
# Expect ip:port:
for entry in test_endpoint["address"]:
assert len(entry.split(":")) == 2
assert len(test_endpoint["dns"]) == task_count
# Expect custom tld:
for entry in test_endpoint["dns"]:
assert custom_tld in entry
