mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dff7e2fc2f98231e529107e648cf124a052d9d7c
scylladb/test/cluster/auth_cluster/test_maintenance_socket.py
Artsiom Mishuta a283b391c2 test.py: merge auth_cluster into cluster folter 
Now that we support suite subfolders, there is no
need to create an own suite for auth_cluster
2025-03-04 10:32:44 +01:00

68 lines
2.7 KiB
Python
Raw Blame History

#
# Copyright (C) 2023-present ScyllaDB
#
# SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
#
from cassandra.auth import PlainTextAuthProvider
from cassandra.cluster import Cluster, NoHostAvailable
from cassandra import Unauthorized
from cassandra.connection import UnixSocketEndPoint
from test.pylib.manager_client import ManagerClient
import pytest
from test.cluster.auth_cluster import extra_scylla_config_options as auth_config
@pytest.mark.asyncio
async def test_maintenance_socket(manager: ManagerClient):
"""
Test that when connecting to the maintenance socket, the user has superuser permissions,
even if the authentication is enabled on the regular port.
"""
config = {
**auth_config,
"authenticator": "PasswordAuthenticator",
"authorizer": "CassandraAuthorizer",
}
server = await manager.server_add(config=config)
socket = await manager.server_get_maintenance_socket_path(server.server_id)
try:
cluster = Cluster([server.ip_addr])
cluster.connect()
except NoHostAvailable:
pass
else:
pytest.fail("Client should not be able to connect if auth provider is not specified")
cluster = Cluster([server.ip_addr], auth_provider=PlainTextAuthProvider(username="cassandra", password="cassandra"))
session = cluster.connect()
session.execute("CREATE ROLE john WITH PASSWORD = 'password' AND LOGIN = true;")
session.execute("CREATE KEYSPACE ks1 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
session.execute("CREATE KEYSPACE ks2 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
session.execute("CREATE TABLE ks1.t1 (pk int PRIMARY KEY, val int);")
session.execute("CREATE TABLE ks2.t1 (pk int PRIMARY KEY, val int);")
session.execute("GRANT SELECT ON ks1.t1 TO john;")
cluster = Cluster([server.ip_addr], auth_provider=PlainTextAuthProvider(username="john", password="password"))
session = cluster.connect()
try:
session.execute("SELECT * FROM ks2.t1")
except Unauthorized:
pass
else:
pytest.fail("User 'john' has no permissions to access ks2.t1")
maintenance_cluster = Cluster([UnixSocketEndPoint(socket)])
maintenance_session = maintenance_cluster.connect()
# check that the maintenance session has superuser permissions
maintenance_session.execute("SELECT * FROM ks1.t1")
maintenance_session.execute("SELECT * FROM ks2.t1")
maintenance_session.execute("INSERT INTO ks1.t1 (pk, val) VALUES (1, 1);")
maintenance_session.execute("CREATE KEYSPACE ks3 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
maintenance_session.execute("CREATE TABLE ks1.t2 (pk int PRIMARY KEY, val int);")
Reference in New Issue View Git Blame Copy Permalink