mik-laj commented on a change in pull request #18258:
URL: https://github.com/apache/airflow/pull/18258#discussion_r709131658
##########
File path: tests/security/test_kerberos.py
##########
@@ -104,3 +105,255 @@ def test_args_from_cli(self):
)
assert ctx.value.code == 1
+
+
+class TestKerberosUnit(unittest.TestCase):
+ @parameterized.expand(
+ [
+ (
+ {('kerberos', 'reinit_frequency'): '42'},
+ [
+ 'kinit',
+ '-f',
+ '-a',
+ '-r',
+ '42m',
+ '-k',
+ '-t',
+ 'keytab',
+ '-c',
+ '/tmp/airflow_krb5_ccache',
+ 'test-principal',
+ ],
+ ),
+ (
+ {('kerberos', 'forwardable'): 'True', ('kerberos',
'include_ip'): 'True'},
+ [
+ 'kinit',
+ '-f',
+ '-a',
+ '-r',
+ '3600m',
+ '-k',
+ '-t',
+ 'keytab',
+ '-c',
+ '/tmp/airflow_krb5_ccache',
+ 'test-principal',
+ ],
+ ),
+ (
+ {('kerberos', 'forwardable'): 'False', ('kerberos',
'include_ip'): 'False'},
+ [
+ 'kinit',
+ '-F',
+ '-A',
+ '-r',
+ '3600m',
+ '-k',
+ '-t',
+ 'keytab',
+ '-c',
+ '/tmp/airflow_krb5_ccache',
+ 'test-principal',
+ ],
+ ),
+ ]
+ )
+ def test_renew_from_kt(self, kerberos_config, expected_cmd):
+ with self.assertLogs(kerberos.log) as log_ctx,
conf_vars(kerberos_config), mock.patch(
+ 'airflow.security.kerberos.subprocess'
+ ) as mock_subprocess, mock.patch(
+ 'airflow.security.kerberos.NEED_KRB181_WORKAROUND', None
+ ), mock.patch(
+ 'airflow.security.kerberos.open',
mock.mock_open(read_data=b'X-CACHECONF:')
+ ), mock.patch(
+ 'time.sleep', return_value=None
+ ):
+
mock_subprocess.Popen.return_value.__enter__.return_value.returncode = 0
+ mock_subprocess.call.return_value = 0
+ renew_from_kt(principal="test-principal", keytab="keytab")
+
+ assert mock_subprocess.Popen.call_args[0][0] == expected_cmd
+
+ expected_cmd_text = " ".join(shlex.quote(f) for f in expected_cmd)
+ assert log_ctx.output == [
+ f'INFO:airflow.security.kerberos:Re-initialising kerberos from
keytab: {expected_cmd_text}',
+ 'INFO:airflow.security.kerberos:Renewing kerberos ticket to work
around kerberos 1.8.1: '
+ 'kinit -c /tmp/airflow_krb5_ccache -R',
+ ]
+
+ mock_subprocess.assert_has_calls(
+ [
+ mock.call.Popen(
+ expected_cmd,
+ bufsize=-1,
+ close_fds=True,
+ stderr=mock_subprocess.PIPE,
+ stdout=mock_subprocess.PIPE,
+ universal_newlines=True,
+ ),
+ mock.call.Popen().__enter__(),
+ mock.call.Popen().__enter__().wait(),
+ mock.call.Popen().__exit__(None, None, None),
+ mock.call.call(['kinit', '-c', '/tmp/airflow_krb5_ccache',
'-R'], close_fds=True),
+ ]
+ )
Review comment:
Updated. Thanks. I was concerned if mock.ANY would work in this
situation, but it works.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
