maojian
/
CnOCRService
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
图片解析应用
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
49 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
CnOCRService/Lib/site-packages/kazoo/tests/test_sasl.py

195 lines
5.6 KiB
Raw Permalink Normal View History

图片解析应用
7 months ago
  1. import os
  2. import subprocess
  3. import time
  5. import pytest
  7. from kazoo.testing import KazooTestHarness
  8. from kazoo.exceptions import (
  9. AuthFailedError,
  10. NoAuthError,
  11. )
  12. from kazoo.tests.util import CI_ZK_VERSION
  15. class TestLegacySASLDigestAuthentication(KazooTestHarness):
  16. def setUp(self):
  17. try:
  18. import puresasl # NOQA
  19. except ImportError:
  20. pytest.skip("PureSASL not available.")
  22. os.environ["ZOOKEEPER_JAAS_AUTH"] = "digest"
  23. self.setup_zookeeper()
  25. if CI_ZK_VERSION:
  26. version = CI_ZK_VERSION
  27. else:
  28. version = self.client.server_version()
  29. if not version or version < (3, 4):
  30. pytest.skip("Must use Zookeeper 3.4 or above")
  32. def tearDown(self):
  33. self.teardown_zookeeper()
  34. os.environ.pop("ZOOKEEPER_JAAS_AUTH", None)
  36. def test_connect_sasl_auth(self):
  37. from kazoo.security import make_acl
  39. username = "jaasuser"
  40. password = "jaas_password"
  42. acl = make_acl("sasl", credential=username, all=True)
  44. sasl_auth = "%s:%s" % (username, password)
  45. client = self._get_client(auth_data=[("sasl", sasl_auth)])
  47. client.start()
  48. try:
  49. client.create("/1", acl=(acl,))
  50. # give ZK a chance to copy data to other node
  51. time.sleep(0.1)
  52. with pytest.raises(NoAuthError):
  53. self.client.get("/1")
  54. finally:
  55. client.delete("/1")
  56. client.stop()
  57. client.close()
  59. def test_invalid_sasl_auth(self):
  60. client = self._get_client(auth_data=[("sasl", "baduser:badpassword")])
  61. with pytest.raises(AuthFailedError):
  62. client.start()
  65. class TestSASLDigestAuthentication(KazooTestHarness):
  66. def setUp(self):
  67. try:
  68. import puresasl # NOQA
  69. except ImportError:
  70. pytest.skip("PureSASL not available.")
  72. os.environ["ZOOKEEPER_JAAS_AUTH"] = "digest"
  73. self.setup_zookeeper()
  75. if CI_ZK_VERSION:
  76. version = CI_ZK_VERSION
  77. else:
  78. version = self.client.server_version()
  79. if not version or version < (3, 4):
  80. pytest.skip("Must use Zookeeper 3.4 or above")
  82. def tearDown(self):
  83. self.teardown_zookeeper()
  84. os.environ.pop("ZOOKEEPER_JAAS_AUTH", None)
  86. def test_connect_sasl_auth(self):
  87. from kazoo.security import make_acl
  89. username = "jaasuser"
  90. password = "jaas_password"
  92. acl = make_acl("sasl", credential=username, all=True)
  94. client = self._get_client(
  95. sasl_options={
  96. "mechanism": "DIGEST-MD5",
  97. "username": username,
  98. "password": password,
  99. }
  100. )
  101. client.start()
  102. try:
  103. client.create("/1", acl=(acl,))
  104. # give ZK a chance to copy data to other node
  105. time.sleep(0.1)
  106. with pytest.raises(NoAuthError):
  107. self.client.get("/1")
  108. finally:
  109. client.delete("/1")
  110. client.stop()
  111. client.close()
  113. def test_invalid_sasl_auth(self):
  114. client = self._get_client(
  115. sasl_options={
  116. "mechanism": "DIGEST-MD5",
  117. "username": "baduser",
  118. "password": "badpassword",
  119. }
  120. )
  121. with pytest.raises(AuthFailedError):
  122. client.start()
  125. class TestSASLGSSAPIAuthentication(KazooTestHarness):
  126. def setUp(self):
  127. try:
  128. import puresasl # NOQA
  129. except ImportError:
  130. pytest.skip("PureSASL not available.")
  131. try:
  132. import kerberos # NOQA
  133. except ImportError:
  134. pytest.skip("Kerberos support not available.")
  135. if not os.environ.get("KRB5_TEST_ENV"):
  136. pytest.skip("Test Kerberos environ not setup.")
  138. os.environ["ZOOKEEPER_JAAS_AUTH"] = "gssapi"
  139. self.setup_zookeeper()
  141. if CI_ZK_VERSION:
  142. version = CI_ZK_VERSION
  143. else:
  144. version = self.client.server_version()
  145. if not version or version < (3, 4):
  146. pytest.skip("Must use Zookeeper 3.4 or above")
  148. def tearDown(self):
  149. self.teardown_zookeeper()
  150. os.environ.pop("ZOOKEEPER_JAAS_AUTH", None)
  152. def test_connect_gssapi_auth(self):
  153. from kazoo.security import make_acl
  155. # Ensure we have a client ticket
  156. subprocess.check_call(
  157. [
  158. "kinit",
  159. "-kt",
  160. os.path.expandvars("${KRB5_TEST_ENV}/client.keytab"),
  161. "client",
  162. ]
  163. )
  165. acl = make_acl("sasl", credential="client@KAZOOTEST.ORG", all=True)
  167. client = self._get_client(sasl_options={"mechanism": "GSSAPI"})
  168. client.start()
  169. try:
  170. client.create("/1", acl=(acl,))
  171. # give ZK a chance to copy data to other node
  172. time.sleep(0.1)
  173. with pytest.raises(NoAuthError):
  174. self.client.get("/1")
  175. finally:
  176. client.delete("/1")
  177. client.stop()
  178. client.close()
  180. def test_invalid_gssapi_auth(self):
  181. # Request a post-datated ticket, so that it is currently invalid.
  182. subprocess.check_call(
  183. [
  184. "kinit",
  185. "-kt",
  186. os.path.expandvars("${KRB5_TEST_ENV}/client.keytab"),
  187. "-s",
  188. "30min",
  189. "client",
  190. ]
  191. )
  193. client = self._get_client(sasl_options={"mechanism": "GSSAPI"})
  194. with pytest.raises(AuthFailedError):
  195. client.start()