def _validate_positive_cases(self, vector, ca_cert=""):
shell_options = ["--ssl", "-q", "select 1 + 2"]
result = run_impala_shell_cmd(vector,
shell_options,
wait_until_connected=False)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
for warning in [
self.DEPRECATED_POSITIONAL_WARNING,
self.DEPRECATED_VALIDATE_WARNING
]:
assert warning not in result.stderr
if ca_cert != "":
shell_options = shell_options + ["--ca_cert=%s" % ca_cert]
result = run_impala_shell_cmd(vector,
shell_options,
wait_until_connected=False)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
for warning in [
self.DEPRECATED_POSITIONAL_WARNING,
self.DEPRECATED_VALIDATE_WARNING
]:
assert warning not in result.stderr
def test_saml2_browser_profile_no_group_filter(self, vector):
# Iterate over test vector within test function to avoid restarting cluster.
for vector in\
[ImpalaTestVector([value]) for value in create_client_protocol_dimension()]:
protocol = vector.get_value("protocol")
if protocol != "hs2-http":
# SAML2 should not affect non http protocols.
args = ["--protocol=%s" % protocol, "-q", "select 1 + 2"]
run_impala_shell_cmd(vector, args, expect_success=True)
continue
# hs2-http connections without further arguments should be rejected.
args = ["--protocol=hs2-http", "-q", "select 1 + 2"]
run_impala_shell_cmd(vector, args, expect_success=False)
# test the SAML worflow with different attributes
self._test_saml2_browser_workflow("", True)
attributes_xml = TestClientSaml.ATTRIBUTE_STATEMENT.format(
group_name="group1")
self._test_saml2_browser_workflow(attributes_xml, True)
attributes_xml = TestClientSaml.ATTRIBUTE_STATEMENT.format(
group_name="bad_group")
self._test_saml2_browser_workflow(attributes_xml, True)
def _verify_negative_cases(self):
# Expect the shell to not start successfully if we point --ca_cert to an incorrect
# certificate.
args = "--ssl -q 'select 1 + 2' --ca_cert=%s/incorrect-commonname-cert.pem" \
% self.CERT_DIR
run_impala_shell_cmd(args, expect_success=False)
# Expect the shell to not start successfully if we don't specify the --ssl option
args = "-q 'select 1 + 2'"
run_impala_shell_cmd(args, expect_success=False)
def _verify_negative_cases(self):
# Expect the shell to not start successfully if we point --ca_cert to an incorrect
# certificate.
args = "--ssl -q 'select 1 + 2' --ca_cert=%s/incorrect-commonname-cert.pem" \
% self.CERT_DIR
run_impala_shell_cmd(args, expect_success=False)
# Expect the shell to not start successfully if we don't specify the --ssl option
args = "-q 'select 1 + 2'"
run_impala_shell_cmd(args, expect_success=False)
def _verify_negative_cases(self, vector):
# Expect the shell to not start successfully if we point --ca_cert to an incorrect
# certificate.
args = ["--ssl", "-q", "select 1 + 2",
"--ca_cert=%s/incorrect-commonname-cert.pem" % self.CERT_DIR]
run_impala_shell_cmd(vector, args, expect_success=False)
# Expect the shell to not start successfully if we don't specify the --ssl option
args = ["-q", "select 1 + 2"]
run_impala_shell_cmd(vector, args, expect_success=False)
def _validate_positive_cases(self, ca_cert=""):
shell_options = "--ssl -q 'select 1 + 2'"
result = run_impala_shell_cmd(shell_options)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
if ca_cert != "":
shell_options = shell_options + (" --ca_cert=%s" % ca_cert)
result = run_impala_shell_cmd(shell_options)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
def _validate_positive_cases(self, ca_cert=""):
shell_options = "--ssl -q 'select 1 + 2'"
result = run_impala_shell_cmd(shell_options)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
if ca_cert != "":
shell_options = shell_options + (" --ca_cert=%s" % ca_cert)
result = run_impala_shell_cmd(shell_options)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
def test_webserver_url_not_exposed(self, vector):
if vector.get_value('table_format').file_format != 'text':
pytest.skip('runs only for text table_format')
# If webserver url is not exposed, debug web urls shouldn't be printed out.
shell_messages = ["Query submitted at: ", "(Coordinator: ",
"Query progress can be monitored at: "]
query_shell_arg = '--query=select * from functional.alltypes'
# hs2
results = run_impala_shell_cmd(vector, [query_shell_arg])
self._validate_shell_messages(results.stderr, shell_messages, should_exist=False)
# beeswax
results = run_impala_shell_cmd(vector, ['--protocol=beeswax', query_shell_arg])
self._validate_shell_messages(results.stderr, shell_messages, should_exist=False)
# Even though webserver url is not exposed, it is still accessible.
page = requests.get('http://localhost:25000')
assert page.status_code == requests.codes.ok
def test_ssl(self, vector):
# TODO: This is really two different tests, but the custom cluster takes too long to
# start. Make it so that custom clusters can be specified across test suites.
result = run_impala_shell_cmd("--ssl --ca_cert=%s/server-cert.pem -q 'select 1 + 2'"
% self.CERT_DIR)
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
# No certificate checking: will accept any cert.
result = run_impala_shell_cmd("--ssl -q 'select 1 + 2'")
for msg in [self.SSL_ENABLED, self.CONNECTED, self.FETCHED]:
assert msg in result.stderr
# Test cancelling a query
impalad = ImpaladService(socket.getfqdn())
impalad.wait_for_num_in_flight_queries(0)
p = ImpalaShell(args="--ssl")
p.send_cmd("SET DEBUG_ACTION=0:OPEN:WAIT")
p.send_cmd("select count(*) from functional.alltypes")
impalad.wait_for_num_in_flight_queries(1)
LOG = logging.getLogger('test_client_ssl')
LOG.info("Cancelling query")
num_tries = 0
# In practice, sending SIGINT to the shell process doesn't always seem to get caught
# (and a search shows up some bugs in Python where SIGINT might be ignored). So retry
# for 30s until one signal takes.
while impalad.get_num_in_flight_queries() == 1:
time.sleep(1)
LOG.info("Sending signal...")
os.kill(p.pid(), signal.SIGINT)
num_tries += 1
assert num_tries < 30, "SIGINT was not caught by shell within 30s"
p.send_cmd("profile")
result = p.get_result()
print result.stderr
assert result.rc == 0
assert "Query Status: Cancelled" in result.stdout
assert impalad.wait_for_num_in_flight_queries(0)
