mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-29 20:57:00 +00:00
e26cf0b2d6
test_maintenance_socket with new way of running is flaky. Looks like the driver tries to reconnect with an old maintenance socket from previous driver and fails. This PR adds white list for connection that stabilize the test test_no_removed_node_event_on_ip_change was flaky on CI, while the issue never reproduced locally. The assumption that under load we have race condition and trying to check the logs before message is arrived. Small for loop to retry added to avoid such situation. Closes scylladb/scylladb#28635
72 lines
2.9 KiB
Python
72 lines
2.9 KiB
Python
#
|
|
# Copyright (C) 2023-present ScyllaDB
|
|
#
|
|
# SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
|
|
#
|
|
|
|
from cassandra.auth import PlainTextAuthProvider
|
|
from cassandra.cluster import Cluster, NoHostAvailable
|
|
from cassandra import Unauthorized
|
|
from cassandra.connection import UnixSocketEndPoint
|
|
from cassandra.policies import WhiteListRoundRobinPolicy
|
|
|
|
from test.cluster.conftest import cluster_con
|
|
from test.pylib.manager_client import ManagerClient
|
|
|
|
import pytest
|
|
from test.cluster.auth_cluster import extra_scylla_config_options as auth_config
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_maintenance_socket(manager: ManagerClient):
|
|
"""
|
|
Test that when connecting to the maintenance socket, the user has superuser permissions,
|
|
even if the authentication is enabled on the regular port.
|
|
"""
|
|
config = {
|
|
**auth_config,
|
|
"authenticator": "PasswordAuthenticator",
|
|
"authorizer": "CassandraAuthorizer",
|
|
}
|
|
|
|
server = await manager.server_add(config=config)
|
|
socket = await manager.server_get_maintenance_socket_path(server.server_id)
|
|
|
|
try:
|
|
cluster = Cluster([server.ip_addr])
|
|
cluster.connect()
|
|
except NoHostAvailable:
|
|
pass
|
|
else:
|
|
pytest.fail("Client should not be able to connect if auth provider is not specified")
|
|
|
|
cluster = cluster_con([server.ip_addr],
|
|
auth_provider=PlainTextAuthProvider(username="cassandra", password="cassandra"))
|
|
session = cluster.connect()
|
|
|
|
session.execute("CREATE ROLE john WITH PASSWORD = 'password' AND LOGIN = true;")
|
|
session.execute("CREATE KEYSPACE ks1 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
|
|
session.execute("CREATE KEYSPACE ks2 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
|
|
session.execute("CREATE TABLE ks1.t1 (pk int PRIMARY KEY, val int);")
|
|
session.execute("CREATE TABLE ks2.t1 (pk int PRIMARY KEY, val int);")
|
|
session.execute("GRANT SELECT ON ks1.t1 TO john;")
|
|
|
|
cluster = cluster_con([server.ip_addr], auth_provider=PlainTextAuthProvider(username="john", password="password"))
|
|
session = cluster.connect()
|
|
try:
|
|
session.execute("SELECT * FROM ks2.t1")
|
|
except Unauthorized:
|
|
pass
|
|
else:
|
|
pytest.fail("User 'john' has no permissions to access ks2.t1")
|
|
|
|
maintenance_cluster = cluster_con([UnixSocketEndPoint(socket)], load_balancing_policy=WhiteListRoundRobinPolicy([UnixSocketEndPoint(socket)]))
|
|
maintenance_session = maintenance_cluster.connect()
|
|
|
|
# check that the maintenance session has superuser permissions
|
|
maintenance_session.execute("SELECT * FROM ks1.t1")
|
|
maintenance_session.execute("SELECT * FROM ks2.t1")
|
|
maintenance_session.execute("INSERT INTO ks1.t1 (pk, val) VALUES (1, 1);")
|
|
maintenance_session.execute("CREATE KEYSPACE ks3 WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};")
|
|
maintenance_session.execute("CREATE TABLE ks1.t2 (pk int PRIMARY KEY, val int);")
|