def test_local_tls(loop, temporary): if temporary: xfail_ssl_issue5601() pytest.importorskip("cryptography") security = True else: security = tls_only_security() with LocalCluster( n_workers=0, scheduler_port=8786, silence_logs=False, security=security, dashboard_address=":0", host="tls://0.0.0.0", loop=loop, ) as c: sync( loop, assert_can_connect_from_everywhere_4, c.scheduler.port, protocol="tls", timeout=3, **c.security.get_connection_args("client"), ) # If we connect to a TLS localculster without ssl information we should fail sync( loop, assert_cannot_connect, addr="tcp://127.0.0.1:%d" % c.scheduler.port, exception_class=RuntimeError, **c.security.get_connection_args("client"), )
def test_extra_conn_args_in_temporary_credentials(): xfail_ssl_issue5601() pytest.importorskip("cryptography") sec = Security.temporary( extra_conn_args={"headers": { "X-Request-ID": "abcd" }}) assert sec.extra_conn_args == {"headers": {"X-Request-ID": "abcd"}}
async def test_client_constructor_with_temporary_security(): xfail_ssl_issue5601() pytest.importorskip("cryptography") async with Client(security=True, silence_logs=False, dashboard_address=":0", asynchronous=True) as c: assert c.cluster.scheduler_address.startswith("tls") assert c.security == c.cluster.security
def test_temporary_credentials(): xfail_ssl_issue5601() pytest.importorskip("cryptography") sec = Security.temporary() sec_repr = repr(sec) fields = ["tls_ca_file"] fields.extend(f"tls_{role}_{kind}" for role in ["client", "scheduler", "worker"] for kind in ["key", "cert"]) for f in fields: val = getattr(sec, f) assert "\n" in val assert val not in sec_repr
async def test_wss_roundtrip(): np = pytest.importorskip("numpy") xfail_ssl_issue5601() pytest.importorskip("cryptography") security = Security.temporary() async with Scheduler( protocol="wss://", security=security, dashboard_address=":0" ) as s: async with Worker(s.address, security=security) as w: async with Client(s.address, security=security, asynchronous=True) as c: x = np.arange(100) future = await c.scatter(x) y = await future assert (x == y).all()
async def test_http_and_comm_server(cleanup, dashboard, protocol, security, port): if security: xfail_ssl_issue5601() pytest.importorskip("cryptography") security = Security.temporary() async with Scheduler( protocol=protocol, dashboard=dashboard, port=port, security=security ) as s: if port == 8787: assert s.http_server is s.listener.server else: assert s.http_server is not s.listener.server async with Worker(s.address, protocol=protocol, security=security) as w: async with Client(s.address, asynchronous=True, security=security) as c: result = await c.submit(lambda x: x + 1, 10) assert result == 11
async def test_capture_security(cleanup, temporary): if temporary: xfail_ssl_issue5601() pytest.importorskip("cryptography") security = True else: security = tls_only_security() async with LocalCluster( n_workers=0, silence_logs=False, security=security, asynchronous=True, dashboard_address=":0", host="tls://0.0.0.0", ) as cluster: async with Client(cluster, asynchronous=True) as client: assert client.security == cluster.security
async def test_expect_scheduler_ssl_when_sharing_server(tmpdir): xfail_ssl_issue5601() pytest.importorskip("cryptography") security = Security.temporary() key_path = os.path.join(str(tmpdir), "dask.pem") cert_path = os.path.join(str(tmpdir), "dask.crt") with open(key_path, "w") as f: f.write(security.tls_scheduler_key) with open(cert_path, "w") as f: f.write(security.tls_scheduler_cert) c = { "distributed.scheduler.dashboard.tls.key": key_path, "distributed.scheduler.dashboard.tls.cert": cert_path, } with dask.config.set(c): with pytest.raises(RuntimeError): async with Scheduler(protocol="ws://", dashboard=True, port=8787): pass
async def test_connection_made_with_extra_conn_args(cleanup, protocol): if protocol == "ws://": security = Security( extra_conn_args={"headers": {"Authorization": "Token abcd"}} ) else: xfail_ssl_issue5601() pytest.importorskip("cryptography") security = Security.temporary( extra_conn_args={"headers": {"Authorization": "Token abcd"}} ) async with Scheduler( protocol=protocol, security=security, dashboard_address=":0" ) as s: connection_args = security.get_connection_args("worker") comm = await connect(s.address, **connection_args) assert comm.sock.request.headers.get("Authorization") == "Token abcd" await comm.close()
async def test_tls_temporary_credentials_functional(): xfail_ssl_issue5601() pytest.importorskip("cryptography") async def handle_comm(comm): peer_addr = comm.peer_address assert peer_addr.startswith("tls://") await comm.write("hello") await comm.close() sec = Security.temporary() async with listen("tls://", handle_comm, **sec.get_listen_args("scheduler")) as listener: comm = await connect(listener.contact_address, **sec.get_connection_args("worker")) msg = await comm.read() assert msg == "hello" comm.abort()
def test_repr_temp_keys(): xfail_ssl_issue5601() pytest.importorskip("cryptography") sec = Security.temporary() representation = repr(sec) assert "Temporary (In-memory)" in representation