IMPALA-5775: (Addendum) Make SSL cluster actually come up in test_client_ssl.py
The non-wildcard certs in test_client_ssl.py require that the hostname of the process is 'localhost' for clients to validate them. This wasn't the case for one test, and so the cluster wouldn't actually start. Although the test would still pass (because the shell wasn't actually checking the certificate), it's better hygiene to have the cluster correctly configured to make sure we're testing what we think we are. Testing: test continues to pass Change-Id: Idad8bbf3b8be853d3406bcbaed24909501500ea9 Reviewed-on: http://gerrit.cloudera.org:8080/7732 Reviewed-by: Henry Robinson <[email protected]> Tested-by: Impala Public Jenkins Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/81c3d883 Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/81c3d883 Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/81c3d883 Branch: refs/heads/master Commit: 81c3d883b9be13f1afe766477f2d056afd9a3a8a Parents: 74dad17 Author: Henry Robinson <[email protected]> Authored: Fri Aug 18 16:22:29 2017 -0700 Committer: Impala Public Jenkins <[email protected]> Committed: Thu Aug 24 02:23:21 2017 +0000 ---------------------------------------------------------------------- tests/custom_cluster/test_client_ssl.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/81c3d883/tests/custom_cluster/test_client_ssl.py ---------------------------------------------------------------------- diff --git a/tests/custom_cluster/test_client_ssl.py b/tests/custom_cluster/test_client_ssl.py index 4858ce0..487b802 100644 --- a/tests/custom_cluster/test_client_ssl.py +++ b/tests/custom_cluster/test_client_ssl.py @@ -61,10 +61,15 @@ class TestClientSsl(CustomClusterTestSuite): "--ssl_private_key=%s/wildcard-san-cert.key" % (CERT_DIR, CERT_DIR, CERT_DIR)) + SSL_ARGS = ("--ssl_client_ca_certificate=%s/server-cert.pem " + "--ssl_server_certificate=%s/server-cert.pem " + "--ssl_private_key=%s/server-key.pem " + "--hostname=localhost " # Required to match hostname in certificate + % (CERT_DIR, CERT_DIR, CERT_DIR)) + @pytest.mark.execute_serially - @CustomClusterTestSuite.with_args("--ssl_server_certificate=%s/server-cert.pem " - "--ssl_private_key=%s/server-key.pem" - % (CERT_DIR, CERT_DIR)) + @CustomClusterTestSuite.with_args(impalad_args=SSL_ARGS, statestored_args=SSL_ARGS, + catalogd_args=SSL_ARGS) def test_ssl(self, vector): self._verify_negative_cases()
