/Users/deen/code/yugabyte-db/src/yb/integration-tests/external_mini_cluster_secure_test.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright (c) YugaByte, Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except |
4 | | // in compliance with the License. You may obtain a copy of the License at |
5 | | // |
6 | | // http://www.apache.org/licenses/LICENSE-2.0 |
7 | | // |
8 | | // Unless required by applicable law or agreed to in writing, software distributed under the License |
9 | | // is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
10 | | // or implied. See the License for the specific language governing permissions and limitations |
11 | | // under the License. |
12 | | // |
13 | | |
14 | | #include "yb/client/ql-dml-test-base.h" |
15 | | #include "yb/client/table_handle.h" |
16 | | #include "yb/client/yb_op.h" |
17 | | |
18 | | #include "yb/integration-tests/cql_test_util.h" |
19 | | #include "yb/integration-tests/external_mini_cluster_ent.h" |
20 | | |
21 | | #include "yb/rpc/messenger.h" |
22 | | #include "yb/rpc/secure_stream.h" |
23 | | |
24 | | #include "yb/util/env_util.h" |
25 | | #include "yb/util/string_util.h" |
26 | | #include "yb/util/subprocess.h" |
27 | | #include "yb/util/tostring.h" |
28 | | |
29 | | DECLARE_bool(use_client_to_server_encryption); |
30 | | DECLARE_bool(use_node_to_node_encryption); |
31 | | DECLARE_bool(allow_insecure_connections); |
32 | | DECLARE_bool(node_to_node_encryption_use_client_certificates); |
33 | | DECLARE_string(certs_dir); |
34 | | |
35 | | namespace yb { |
36 | | |
37 | | class ExternalMiniClusterSecureTest : |
38 | | public MiniClusterTestWithClient<ExternalMiniCluster> { |
39 | | public: |
40 | 0 | void SetUp() override { |
41 | 0 | FLAGS_use_node_to_node_encryption = true; |
42 | 0 | FLAGS_use_client_to_server_encryption = true; |
43 | 0 | FLAGS_allow_insecure_connections = false; |
44 | 0 | const auto sub_dir = JoinPathSegments("ent", "test_certs"); |
45 | 0 | FLAGS_certs_dir = JoinPathSegments(env_util::GetRootDir(sub_dir), sub_dir); |
46 | |
|
47 | 0 | SetUpFlags(); |
48 | |
|
49 | 0 | MiniClusterTestWithClient::SetUp(); |
50 | |
|
51 | 0 | ASSERT_NO_FATALS(StartSecure(&cluster_, &secure_context_, &messenger_)); |
52 | |
|
53 | 0 | ASSERT_OK(CreateClient()); |
54 | |
|
55 | 0 | DontVerifyClusterBeforeNextTearDown(); // Verify requires insecure connection. |
56 | 0 | } |
57 | | |
58 | 0 | virtual void SetUpFlags() { |
59 | 0 | } |
60 | | |
61 | 0 | void DoTearDown() override { |
62 | 0 | messenger_->Shutdown(); |
63 | 0 | MiniClusterTestWithClient::DoTearDown(); |
64 | 0 | } |
65 | | |
66 | 0 | CHECKED_STATUS CreateClient() override { |
67 | 0 | return cluster_->CreateClient(messenger_.get()).MoveTo(&client_); |
68 | 0 | } |
69 | | |
70 | | std::unique_ptr<rpc::SecureContext> secure_context_; |
71 | | std::unique_ptr<rpc::Messenger> messenger_; |
72 | | client::TableHandle table_; |
73 | | }; |
74 | | |
75 | 0 | TEST_F(ExternalMiniClusterSecureTest, Simple) { |
76 | 0 | client::kv_table_test::CreateTable( |
77 | 0 | client::Transactional::kFalse, CalcNumTablets(3), client_.get(), &table_); |
78 | |
|
79 | 0 | const int32_t kKey = 1; |
80 | 0 | const int32_t kValue = 2; |
81 | |
|
82 | 0 | { |
83 | 0 | auto session = NewSession(); |
84 | 0 | auto op = ASSERT_RESULT(client::kv_table_test::WriteRow( |
85 | 0 | &table_, session, kKey, kValue)); |
86 | 0 | ASSERT_EQ(op->response().status(), QLResponsePB::YQL_STATUS_OK); |
87 | 0 | } |
88 | |
|
89 | 0 | { |
90 | 0 | auto value = ASSERT_RESULT(client::kv_table_test::SelectRow( |
91 | 0 | &table_, NewSession(), kKey)); |
92 | 0 | ASSERT_EQ(kValue, value); |
93 | 0 | } |
94 | 0 | } |
95 | | |
96 | | class ExternalMiniClusterSecureAllowInsecureTest : public ExternalMiniClusterSecureTest { |
97 | | public: |
98 | 0 | void SetUpFlags() override { |
99 | 0 | FLAGS_allow_insecure_connections = true; |
100 | 0 | } |
101 | | }; |
102 | | |
103 | | // Test that CQL driver could connect to cluster with not encrypted connection. |
104 | | // So we are checking disabled mode of RefinedStream. |
105 | | // For this test with allow insecure (i.e. not encrypted) connections. |
106 | 0 | TEST_F_EX(ExternalMiniClusterSecureTest, InsecureCql, ExternalMiniClusterSecureAllowInsecureTest) { |
107 | 0 | std::vector<std::string> hosts; |
108 | 0 | for (size_t i = 0; i < cluster_->num_tablet_servers(); ++i) { |
109 | 0 | hosts.push_back(cluster_->tablet_server(i)->bind_host()); |
110 | 0 | } |
111 | |
|
112 | 0 | auto cql_port = cluster_->tablet_server(0)->cql_rpc_port(); |
113 | 0 | LOG(INFO) << "CQL port: " << cql_port; |
114 | 0 | auto driver = std::make_unique<CppCassandraDriver>( |
115 | 0 | hosts, cql_port, UsePartitionAwareRouting::kTrue); |
116 | |
|
117 | 0 | auto session = ASSERT_RESULT(EstablishSession(driver.get())); |
118 | 0 | ASSERT_OK(session.ExecuteQuery("CREATE TABLE t (k INT PRIMARY KEY, v INT)")); |
119 | 0 | ASSERT_OK(session.ExecuteQuery("INSERT INTO t (k, v) VALUES (1, 2)")); |
120 | 0 | auto content = ASSERT_RESULT(session.ExecuteAndRenderToString("SELECT * FROM t")); |
121 | 0 | ASSERT_EQ(content, "1,2"); |
122 | 0 | } |
123 | | |
124 | | class ExternalMiniClusterSecureWithClientCertsTest : public ExternalMiniClusterSecureTest { |
125 | 0 | void SetUp() override { |
126 | 0 | FLAGS_node_to_node_encryption_use_client_certificates = true; |
127 | 0 | ExternalMiniClusterSecureTest::SetUp(); |
128 | 0 | } |
129 | | }; |
130 | | |
131 | 0 | TEST_F_EX(ExternalMiniClusterSecureTest, YbAdmin, ExternalMiniClusterSecureWithClientCertsTest) { |
132 | 0 | ASSERT_OK(Subprocess::Call(ToStringVector( |
133 | 0 | GetToolPath("yb-admin"), "--master_addresses", cluster_->GetMasterAddresses(), |
134 | 0 | "--certs_dir_name", GetToolPath("../ent/test_certs"), |
135 | 0 | "--client_node_name=127.0.0.100", "list_tables"))); |
136 | 0 | } |
137 | | |
138 | 0 | TEST_F_EX(ExternalMiniClusterSecureTest, YbTsCli, ExternalMiniClusterSecureWithClientCertsTest) { |
139 | 0 | ASSERT_OK(Subprocess::Call(ToStringVector( |
140 | 0 | GetToolPath("yb-ts-cli"), |
141 | 0 | "--server_address", cluster_->tablet_server(0)->bound_rpc_addr(), |
142 | 0 | "--certs_dir_name", GetToolPath("../ent/test_certs"), |
143 | 0 | "--client_node_name=127.0.0.100", "list_tablets"))); |
144 | 0 | } |
145 | | |
146 | | } // namespace yb |