YugabyteDB (2.13.0.0-b42, bfc6a6643e7399ac8a0e81d06a3ee6d6571b33ab)

Coverage Report

Created: 2022-03-09 17:30

/Users/deen/code/yugabyte-db/src/yb/integration-tests/external_mini_cluster_secure_test.cc
Line
Count
Source (jump to first uncovered line)
1
// Copyright (c) YugaByte, Inc.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
4
// in compliance with the License.  You may obtain a copy of the License at
5
//
6
// http://www.apache.org/licenses/LICENSE-2.0
7
//
8
// Unless required by applicable law or agreed to in writing, software distributed under the License
9
// is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
10
// or implied.  See the License for the specific language governing permissions and limitations
11
// under the License.
12
//
13
14
#include "yb/client/ql-dml-test-base.h"
15
#include "yb/client/table_handle.h"
16
#include "yb/client/yb_op.h"
17
18
#include "yb/integration-tests/cql_test_util.h"
19
#include "yb/integration-tests/external_mini_cluster_ent.h"
20
21
#include "yb/rpc/messenger.h"
22
#include "yb/rpc/secure_stream.h"
23
24
#include "yb/util/env_util.h"
25
#include "yb/util/string_util.h"
26
#include "yb/util/subprocess.h"
27
#include "yb/util/tostring.h"
28
29
DECLARE_bool(use_client_to_server_encryption);
30
DECLARE_bool(use_node_to_node_encryption);
31
DECLARE_bool(allow_insecure_connections);
32
DECLARE_bool(node_to_node_encryption_use_client_certificates);
33
DECLARE_string(certs_dir);
34
35
namespace yb {
36
37
class ExternalMiniClusterSecureTest :
38
    public MiniClusterTestWithClient<ExternalMiniCluster> {
39
 public:
40
0
  void SetUp() override {
41
0
    FLAGS_use_node_to_node_encryption = true;
42
0
    FLAGS_use_client_to_server_encryption = true;
43
0
    FLAGS_allow_insecure_connections = false;
44
0
    const auto sub_dir = JoinPathSegments("ent", "test_certs");
45
0
    FLAGS_certs_dir = JoinPathSegments(env_util::GetRootDir(sub_dir), sub_dir);
46
47
0
    SetUpFlags();
48
49
0
    MiniClusterTestWithClient::SetUp();
50
51
0
    ASSERT_NO_FATALS(StartSecure(&cluster_, &secure_context_, &messenger_));
52
53
0
    ASSERT_OK(CreateClient());
54
55
0
    DontVerifyClusterBeforeNextTearDown(); // Verify requires insecure connection.
56
0
  }
57
58
0
  virtual void SetUpFlags() {
59
0
  }
60
61
0
  void DoTearDown() override {
62
0
    messenger_->Shutdown();
63
0
    MiniClusterTestWithClient::DoTearDown();
64
0
  }
65
66
0
  CHECKED_STATUS CreateClient() override {
67
0
    return cluster_->CreateClient(messenger_.get()).MoveTo(&client_);
68
0
  }
69
70
  std::unique_ptr<rpc::SecureContext> secure_context_;
71
  std::unique_ptr<rpc::Messenger> messenger_;
72
  client::TableHandle table_;
73
};
74
75
0
TEST_F(ExternalMiniClusterSecureTest, Simple) {
76
0
  client::kv_table_test::CreateTable(
77
0
      client::Transactional::kFalse, CalcNumTablets(3), client_.get(), &table_);
78
79
0
  const int32_t kKey = 1;
80
0
  const int32_t kValue = 2;
81
82
0
  {
83
0
    auto session = NewSession();
84
0
    auto op = ASSERT_RESULT(client::kv_table_test::WriteRow(
85
0
        &table_, session, kKey, kValue));
86
0
    ASSERT_EQ(op->response().status(), QLResponsePB::YQL_STATUS_OK);
87
0
  }
88
89
0
  {
90
0
    auto value = ASSERT_RESULT(client::kv_table_test::SelectRow(
91
0
        &table_, NewSession(), kKey));
92
0
    ASSERT_EQ(kValue, value);
93
0
  }
94
0
}
95
96
class ExternalMiniClusterSecureAllowInsecureTest : public ExternalMiniClusterSecureTest {
97
 public:
98
0
  void SetUpFlags() override {
99
0
    FLAGS_allow_insecure_connections = true;
100
0
  }
101
};
102
103
// Test that CQL driver could connect to cluster with not encrypted connection.
104
// So we are checking disabled mode of RefinedStream.
105
// For this test with allow insecure (i.e. not encrypted) connections.
106
0
TEST_F_EX(ExternalMiniClusterSecureTest, InsecureCql, ExternalMiniClusterSecureAllowInsecureTest) {
107
0
  std::vector<std::string> hosts;
108
0
  for (size_t i = 0; i < cluster_->num_tablet_servers(); ++i) {
109
0
    hosts.push_back(cluster_->tablet_server(i)->bind_host());
110
0
  }
111
112
0
  auto cql_port = cluster_->tablet_server(0)->cql_rpc_port();
113
0
  LOG(INFO) << "CQL port: " << cql_port;
114
0
  auto driver = std::make_unique<CppCassandraDriver>(
115
0
      hosts, cql_port, UsePartitionAwareRouting::kTrue);
116
117
0
  auto session = ASSERT_RESULT(EstablishSession(driver.get()));
118
0
  ASSERT_OK(session.ExecuteQuery("CREATE TABLE t (k INT PRIMARY KEY, v INT)"));
119
0
  ASSERT_OK(session.ExecuteQuery("INSERT INTO t (k, v) VALUES (1, 2)"));
120
0
  auto content = ASSERT_RESULT(session.ExecuteAndRenderToString("SELECT * FROM t"));
121
0
  ASSERT_EQ(content, "1,2");
122
0
}
123
124
class ExternalMiniClusterSecureWithClientCertsTest : public ExternalMiniClusterSecureTest {
125
0
  void SetUp() override {
126
0
    FLAGS_node_to_node_encryption_use_client_certificates = true;
127
0
    ExternalMiniClusterSecureTest::SetUp();
128
0
  }
129
};
130
131
0
TEST_F_EX(ExternalMiniClusterSecureTest, YbAdmin, ExternalMiniClusterSecureWithClientCertsTest) {
132
0
  ASSERT_OK(Subprocess::Call(ToStringVector(
133
0
      GetToolPath("yb-admin"), "--master_addresses", cluster_->GetMasterAddresses(),
134
0
      "--certs_dir_name", GetToolPath("../ent/test_certs"),
135
0
      "--client_node_name=127.0.0.100", "list_tables")));
136
0
}
137
138
0
TEST_F_EX(ExternalMiniClusterSecureTest, YbTsCli, ExternalMiniClusterSecureWithClientCertsTest) {
139
0
  ASSERT_OK(Subprocess::Call(ToStringVector(
140
0
      GetToolPath("yb-ts-cli"),
141
0
      "--server_address", cluster_->tablet_server(0)->bound_rpc_addr(),
142
0
      "--certs_dir_name", GetToolPath("../ent/test_certs"),
143
0
      "--client_node_name=127.0.0.100", "list_tablets")));
144
0
}
145
146
} // namespace yb