This is an automated email from the ASF dual-hosted git repository.
mgreber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new a1b879774 KUDU-1457 [7/n] Use correct URL host for ip mode
a1b879774 is described below
commit a1b87977403a7ea1875869cc557b9e3e3086227b
Author: Ashwani Raina <[email protected]>
AuthorDate: Sun Nov 23 02:05:14 2025 +0530
KUDU-1457 [7/n] Use correct URL host for ip mode
This patch uses correct URL host for a given IP config mode. If
webserver is running on wildcard address, tests using URL as input
to FetchURL need to make use of a corresponding loopback address.
For example, for a webserver running on '0.0.0.0', URL host is
'127.0.0.1' and similarly, for a webserver running on '[::]', URL
host is '[::1]'.
* Based on IP config mode, choose correct service principal name.
* Ensure test certificate contains subject name that matches with
target hostname for non-IPv4 cases (i.e. when IP address is ::1).
For this, new certificate and corresponding key is added with same
configuration with additional subject name to accomodate '::1'.
* Add a few more tests to IP config coverage.
Change-Id: I152b0755f286edce1738683b5d2cdf5804f4ff2a
Reviewed-on: http://gerrit.cloudera.org:8080/23711
Reviewed-by: Marton Greber <[email protected]>
Tested-by: Marton Greber <[email protected]>
Reviewed-by: Alexey Serbin <[email protected]>
---
src/kudu/security/test/test_certs.cc | 169 ++++++++++++++++++-----------------
src/kudu/server/webserver-test.cc | 55 ++++++++----
2 files changed, 121 insertions(+), 103 deletions(-)
diff --git a/src/kudu/security/test/test_certs.cc
b/src/kudu/security/test/test_certs.cc
index e47c4ae53..fc07d1b37 100644
--- a/src/kudu/security/test/test_certs.cc
+++ b/src/kudu/security/test/test_certs.cc
@@ -458,94 +458,95 @@ Status CreateTestSSLCertWithEncryptedKey(const string&
dir,
string* key_password) {
const char* kCert = R"(
-----BEGIN CERTIFICATE-----
-MIIF2TCCA8GgAwIBAgIJAOiLCthPpcWhMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD
-VQQGEwJVUzEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MSMwIQYDVQQKDBpBcGFjaGUg
-U29mdHdhcmUgRm91bmRhdGlvbjESMBAGA1UEAwwJMTI3LjAuMC4xMSIwIAYJKoZI
-hvcNAQkBFhNkZXZAa3VkdS5hcGFjaGUub3JnMCAXDTIyMDgyMzA4NDc0OFoYDzIx
-MjIwNzMwMDg0NzQ4WjCBgTELMAkGA1UEBhMCVVMxFTATBgNVBAcMDERlZmF1bHQg
-Q2l0eTEjMCEGA1UECgwaQXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xEjAQBgNV
-BAMMCTEyNy4wLjAuMTEiMCAGCSqGSIb3DQEJARYTZGV2QGt1ZHUuYXBhY2hlLm9y
-ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4C/zTxyaCSC0ukf4RE
-BokuClJD6XZR9QdMHhd4VdxZzGWxHJeqo1OHk3CSMwhzoSLynXY8GiX0jaP/+X2w
-KYtdYNerYQUWRn61yzM+NCJOarM96u4CdqZjO5AWKhmac1s/KkP2p2T8hZjhdYxY
-4v+oiGeQ1C+zBIKq7skDfvFqI6p0sFi3+dI32Hlw7CKIdA4NjXk6auAAHgk71usd
-0Gn9/Og3cOQelDRXmuURn7lR32oOzdQRAyCj5lXzBgspVv3+xTJa76LU0kgAiE23
-mgLwBckm34LkGqZ7f7uaRaecGj0PCy+eoM6M5joC+k40cN5GAQEF6WPysY4ZAAWB
-9OW/7DeQNqzbmjGah5VdI8X3h5Tvlu78QToYY2l7UQFm18ZRJ9EtnAEwB5Nnt/Vv
-3GA3KA2kEabC31uD6o5no9haQYis/n5SaGPKyzbqPms/MlK6aYH3f7r1CgRIucXr
-xZwWtHt/E36hWtrreSJz/C8LdEf4/eUAhpjD10oa15wPf8XbEGn35DecwlDkwYN2
-/jBtZD2UDre7BxZIYg/dHcoquzhQu28chVDPe2ApvC4vDkszvHcqdXWIzB8kLT0j
-6W/wzEkFLtzEZTtQTIhqwiKuxluU9MGyGOgo9rHZFZEj9Uj0fB0DhwKT7Nu+SUre
-EeB6YJqBUsgbBPn61Tu1jhQ5AgMBAAGjUDBOMB0GA1UdDgQWBBT7idW7lmwLOzfD
-FvJLws2aQvzj0DAfBgNVHSMEGDAWgBT7idW7lmwLOzfDFvJLws2aQvzj0DAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBd4Yw1S/URnAhon5m17BnT1/91
-GPntoIv5eu0aqwQsx8TReG9vSGr9N9QpwkziwCFUweSSPsmyp7PtdzkCQdVQ8R4V
-3GB3hDVS3aYFMNkKi00qNB0ytUMtYAoP/31JI8u4R7oXPI1XDRInWBHM//ByfNvm
-up3duP38pY3HglIRqA+RaJo5M532cN0XcufSmt7i+amPzm2ZQ3N5yaQGUEdIwE/4
-CIT50gzW0IXJHT/Z9wPPLnhPF7z0tQaN56vjIGmPMaAuvTZbm6Lspz3PCLEE1Ecg
-UfsvOFSPQ5pvsAmSG7OCwwqg/cKm4ZSY2eW5gyW+PFu7MxXsZwLReNxwfHhV7Fx2
-4LF3FTGWFTQJOSQAW/YDLjEuLJrHA8SC4jMDO/+9RNqdsHTGXgrGtQRBfdvOXFAW
-gpEb/e75Hb7kn/erN3hDRGgPOM9oaMaWGry1hzKN3vuK7Ch5t+luE76FFHJWHqQw
-xdoXNYABiwweXxA8w5Tg96eakN9b4X4Unhn4AjikP1tTFFazY7IMOcO0yRnmtujc
-/RCGewtaFMFverDmYNhtQmKcNsjZgHyGSgqc+qw1bK+r559D1TJL+OGlSGR/M+TA
-d7Xh+yJBR1m0BKGmDlvYoA/q011T9Ub4Inu2KST92TxIuEZk0C9ghp8ARcNulDhY
-PS4lBkgDhK2s1TPdYg==
+MIIGFjCCA/6gAwIBAgIUI/06Zq6G0VqILf+haV3YuYMmGvMwDQYJKoZIhvcNAQEL
+BQAwgYExCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxIzAhBgNV
+BAoMGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMRIwEAYDVQQDDAkxMjcuMC4w
+LjExIjAgBgkqhkiG9w0BCQEWE2RldkBrdWR1LmFwYWNoZS5vcmcwIBcNMjUxMjMx
+MDYyMTEzWhgPMjEyNTEyMDcwNjIxMTNaMIGBMQswCQYDVQQGEwJVUzEVMBMGA1UE
+BwwMRGVmYXVsdCBDaXR5MSMwIQYDVQQKDBpBcGFjaGUgU29mdHdhcmUgRm91bmRh
+dGlvbjESMBAGA1UEAwwJMTI3LjAuMC4xMSIwIAYJKoZIhvcNAQkBFhNkZXZAa3Vk
+dS5hcGFjaGUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx4/7
+UJFUqTyBe6TzpOL/JPMo/6JuNpg/jWtu+34K+HYLwr4LpwuXXpzpJ6L2b+NEnQIh
+2xflOKH3CbAlq/usLkShhl8yADWmnCw/USC44Uw9v5zOmN8ZgR6528NH7CG9w8Mp
+2Cm8YTchn+nLRSvZjxlA1LZ7jVBoiR7WpqYX1H/tH0x1QPA79iuva5kp8riv3AEf
+oK3rajIk8Za33c2NEgKZldjKByMRZhfJOoHeecBhceXv5Ofhg+0YjSH9oGmWZ+8r
+CSYlmQDFQkBN5pR0G86ps9oOel14t5fndG/C2bMyYNTeUOvcdmgsvxVfolfVNAqA
+RRoKDM8wxjB+vXuYgHQcASxmOsxkUa34G7xBZvNEZfExQx/jcjech+rpM/MZUz2Q
+jrNP3fVvhiNnEDHLw/Ke0cDwzDGO3yeRn0xXQHJ+nUE6fhMTErl9OzAyD8/RrgZN
+mVm8uHPdafKYFajJ8dr1QGQdvMSm2yu3hZ/eLyoANI47cTHRjazK9fYQ727fhsA/
+Givjrhu+bi6CNQs/BbTPDFd+iL0LBlJOl5wjcUjhYzN3Lc8sodg+yTvLvuHD3HCJ
+edTAQ1fBy6nI64I2Q0gctH1m/ZEUPi5zjl+hn7OckC0QGH3285LyvGbdrmvLzlI0
+g2+NWaQspdtOwmyccmZ64MvuwP+VPJSAFa++k1UCAwEAAaOBgTB/MB0GA1UdDgQW
+BBSRc7gK699gjdwyCvssksNScTRbFzAfBgNVHSMEGDAWgBSRc7gK699gjdwyCvss
+ksNScTRbFzAPBgNVHRMBAf8EBTADAQH/MCwGA1UdEQQlMCOHBH8AAAGHEAAAAAAA
+AAAAAAAAAAAAAAGCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAgEAVjIGyHrD
+ZP5ASUmg14PfOLQUhcBiaCZJbRULqFmDVpNrfjeSkAS9O4UmK71lFdH8rtLFBW+K
+PJIKrV9ggNtLHiLwU0+bdMYyxpPvCiWgysoONL0yy1TZlBz3n9ly+j5t0ojUupnp
+vB/cuqD42OdVqDWpO74CY1EisKQf4QC5bssBEmEBe4pE1fvkZwDNThQUvVvxjvp1
+EBQW33nvJzV/snZOb+zKVXm62W+TUDtMnBbtyHo/LdWErzfV+M+22RZOeWC2bbJX
+MRNfcjiiMtgEcuDPHMDMXmLnhbgfTz7yC6tQXF8BgQ8g9M9EgPi9+FQozNcy4JEb
+1nGqC8QUdq5Jn0PzjPa1k1miUEnLxKlzlgYPKReBRnh7dByS1tzE8FQXmkoKXQIm
+4OWcGtd1B92iwO5eIenFdFZmJJiw3e5bAR62anq3/aKwUY5tOUgkQGMV1TEBP6DI
+JNWsdNUQKFap8sWnavrInvM/x+CGqe3yeW5LPlcEBOMalU52gWmWnFyx3GHVQ+Ux
+55CKqfcxp5jrpg0kuwIlweRr6FImt7FSkzD5HCtWlrAFV02GYCTObJs+Vg3mznwm
+T0GQrV+UMl+2iAXQS/1/zMllt2Vn/wnURgPj01W/jPAj6gIhbi/v/Y+b0adoU13d
+aguDYzI0vhxbixQQW9MDhpBZMs3u0VjIjjY=
-----END CERTIFICATE-----
)";
const char* kKey = R"(
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQfgyMe//utcCAggA
-MBQGCCqGSIb3DQMHBAiO+0dos6mhJQSCCVDmzHR2xvhXpuw/CxE8Qs49VndyqC3p
-U5jIukFD79/Cyt6I7uH0TOqj2e+0ucVbYuMrx29xaD6WOef+SXV+Q5WMDdQ/5rYW
-lY5Mgl8QxRYnIppWLk1Hn48289wzqkhhBSspRjWfQfDlSP8c1+FPzNJ8l0bk2N8l
-erfkScbEAtI54e31nBjJb3Z7YEWbttPLD4FraX2bteA2F5Vgn5m5LoEmhmS8KO55
-HIMO6HQVLpwpEX0k5oxi96+Sqh26ZkO72qBDhQ6hvhHSRfxXl73+oURyFcDZeRfF
-CNAZHVBPSN7I76R+vK6HvkIS9nLIm3YQ5DGck9XzjdIaY49srBLT3ZTY4ObPtuay
-MKtnfrfLSGD9VBuGcpJx0e5WqJgb1eVKcfRNRC+mp6vyJMqTVmoC+cjRIDg7As8D
-+Mze0V3jYQfZtv6Cl6TZvCWmhtiVqdVnvz37NpExFe5PCqij+tDvAoUHLPltzkgw
-+ivXbb08G+VjYVwGTWjvbMhnJ19LvOiKnfrE4MLmjiDvJToBD4uBN1NLjB2wE2Nb
-J33m8OTTJyGPSbXBsb3L53nDhs1rB8y3YXIFU5e1W0IbnX3jU1Z9Bb+/YniGBcyQ
-H1MX4Bz7mZBsU7wMT7z5g5qQfMxG2saRqcNseKOqVA2e9T9hUGmaac0//JHvrWTO
-fJyiAL4HOa24uP6cmht03Ui+tBiEu6hAOlLrDsaXcdEZ4zv7pf784+XotY+J4S9E
-emJLQnhxBFqwIy+6DSvKBhnVohCz5VCC/9ssRmpAhiCObFbUU8Np5nINOp9uzr66
-n2QVEH6eTGccXDmx1K5z/+HlImVcKcpBJvYKdTpW0VxlDxjOp6DwxCiY1uvWytX4
-GQ6qxtnCsA6K+j7UcgAHHOwN/ltkVUMOlFkwebu/AT337jR0tGXOxQLU3GT/nNLq
-i+2L7I8yUpxVLxYshDhBFd4gKiaU5Uy9ADBbv8qAVOhmrCYfCqbdO4GGLQTlVhwA
-0LAqsCWo6aZPPYeoJRCy4SGIW428+qOVx2AkopT6SlCi9mypuvar07JoN0aNBj0C
-+9n0/WBQ5BmY1+vpFYyos7JOcopGg1ownF1nZ0IccZhyBgTk0S7E+rYh2ovzzy7K
-1PRh/zo+bWKJmBKhClAgr+104AM0oVCfUdG8G+JY2ckoInA8ticv8a4JMYHnxCRD
-ZJ/5TpBw4YLimgBRLj9iDOf5V9HeIb7weUp+q8NZ2BEjG9ODX4/kcVVxWQPJS8Ig
-u0dBl+T61nq7Tg45PhE0nzyEoGGPL2xC5QayF5/eAhFtGUXpPVAE52AuCLrT5KKB
-ksfiIbqq6gKrK0clNZFgn7TyadGZL6NKdlb3Gk0ZY+F7/E23ayjEJ28GgHo+yLXz
-p8oGMn1F2IuzQH+H1vNhb0iFDDcE6lalq6TOhtGE/sxkll4JXTosAJIJ2gimpNOJ
-18qHpB8cbl/X2haKbURLTKppLqxSJYAwhttJ37oeq5t88u1W481bHZKlOD7OZ1l5
-r7BWFUY7nFBYVmNixWeda/EBuFQth+XZ1hfKO5M2F6F2jcLbkElbST30Fj1aU/pA
-Yq0PBW01sq1EdlxRszjCEtYjFePmXvDpOKW9mqvAKHYNY/U2vUS3go5BYwXOpK3Z
-ijWBuwJLisbFSzxC7eCWu7S8y4W96lENOz+Xf4aD0n3rjYeCVmj4VXsF1Tcl9H2k
-S4p9SP4OC/IMK8TmFWTy3Ilp3la3IJnFAqDezaJeLA32w756QbQ6ziJKgGUZYWhg
-RYM/8ha06LxOLhRA4qvSCEs6NOii3stKB4pQTBcTqYp5jZFnoR9YhpV++rKwyQC7
-8vQO+MZnJ3mBuwoXA01VBI9spmvTC8w7S6z1nIr7mjuItluYZHZOXpwaiL0kB+0O
-Ttv8l/uRlT85Q0vwpqk9tY8uNKdqOidrLHuv2ICHUeTU7AylDzZrWvK0/NNd+Sfx
-2/Mqu6jbuEUJwsFGHB3zPJoT8v9+jHiTi0upv/OEqu/LXfw7/Arhbup4ujyymrpu
-aD9i/5vu042XXzM1IcF4FrXITb36vRvBOfFIgsdIXstvXXxyLYZ8orO1kreVQB1J
-TRbWDOk+/IDQMnYef/p84y+DKHiCVUYIbYQe0x7synYrtlzSjf6SOrMKiFlZWZhl
-Du0YAMRnxHp6CiFVc+Zpt8hFC2GEgeffL+qUgfJyGH1R0hknSWyBN2b/84kcs9wJ
-YIqAzzPz1HSE80MVCbv5lJt1I0PLNam5AwEeTqcntZuu/4LWlbYSFZ/R4kF/qaAb
-EzE6PQeLBNIzNEemQWD7b2XvludB8cAiMa/HNvpjOaWqZZLdDR8VLYb2WzPjWuO/
-gFc9z95G0AZM8aUadt3w/bgoc4QgZX3sZmBiWBtKI6XNnhVD54w04gAirrXYjxF0
-pb79pb2w0IVCAdgm2Ybd8QB83EU2bwAXL4e9infojHpRZMk/j7TKHnaJOpr0xTsQ
-CY+D6+3EkbM+jl3OdtaMORY2fFik2Ujf6DctQG5IR8LB0z7xp2HbedGNI5x2eY5i
-13veBE+U/Z9d6uzs9Vgxk1maKLQXu7+h8IN+jMjVJsZ/WkeERcbbt8nihBS+66er
-JFjFGRejvWEuBdhKl8rSWf8OxNoajZyWcmUgxNvg/6o3xGYdj6Wu8VT/t2juoC4F
-fY2yvlIq7+Zx4q5IuSW+Qm5wROtHvKLvBwDSzAoJ4ai/Yyse3USEOZCv7rS+59Si
-p3/rlnipLAs29R8SYAt8Q2ntSmZOkfWaz+/IV1KeEoH5qUmI/rKDueNjPnKNEmLX
-9Q3oDEvNmsYuAaCN2wvFDDpwkmhjepxUR5FewlCwbHVNfF0KVdlX9XmvVIQXfbF6
-uRlmBalqiXW1xyd9agQnV3+t8Mvuddn+KKEX9nqZ4teloVByfyNE9gAatBUcT33V
-0xGW1CIRzkYykT3HSbf/irfzXHU090M//P8bX6z430Jrg3DxiVUQZiAo2NoVetFH
-x/h68BZ6/j8O0F36V2W+0sE+qN8Wrh1lDxBykzexJAWS063xe5oVbINbZplsO5tK
-ghdr7RWGVApmwaXBhKIxtapSQUMLFhBKEGLL4iDw+jwPAlcBQl3lw+xEOu/No+aE
-XPwFoojhSS9XuE3M8Sc9gKvLcZbdKAegMnYz+py5OwdJ8RiaoaetCTJist08FUg2
-TOQYXv+dMtOkYg==
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIWJyoXsTXU0ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOWGMJtckNf6BIIJUIHNub5T+xx+
+m67PipjEqBU4tPC1w5kYtNQgg+ySR7jqzx9x0Wc26hiDC8SoTsjitTtsqX7wLzZX
+h11+EnDT1Qip5kwqKEHU9U+e+aR6RvlFL/KX2hepfcxOesNlOj8Ix9eGsg25BFp/
+zknduGY+kkedT/tjV05r6pNa2ZyVgIhRl13XTDW9KK+NjiiD1G15/IXVB/sPTCrF
+8+WAstNcHTFvqhgJTyeC2li4WvPaJeSyz+oWmdRMC93nlEzud7kChjoVCwmRfpvs
+L0gbX+0hAKZrAdk02/3pMeSsGlkzFf7Jlw5UNN4FgBJgthzkYKTwAnlIU20rMD04
+PYTkkdLQuSBvk5vAOIRZq3V/370QysKNpw++ntvbjYOo81Bk4rXG7OL+IB/gt9zy
+R6AWlKBSNXTrBcBkUVaNzjVhiJNiM0lI/SiQryYbUl7KhKSQ6Q/GhaW2peDIn7/0
+0j5Q+qfGs5phNq4jk0/s+7bqDcCyuFDWGqw0PPyFVUHuuncuXZ4MLp34jzHwsbZR
+V3lPV5e4W5OPdNvkA91uzVBkKKOZZZ5evr55V2HGk9X5wtHPAaAEWHxt2ehy+MTA
+Y5rlE/AOnZmlv0+JBNQm4nBJ9IKe/vqZF72SXMi47JgpcC/A2g3cWIbDL7debKAO
+BSN7uDZJ7W/AlfkNnMbUjStnmu0Z21RC53uMH9ygn+nKr8ldtoQEFXgbMKzT6+xs
+fzTXGWXwCvRv/6syLj5yZ/0nD3k0NNG2CtW6AquYDpo2BxIF3PzMGQGwe0nsF/qs
+JXBe8lFQqd/RJn4Twjnp9/NxV/cOWQKkPFRBVMQAwUXBOXo7jWJp47jDm02EyAL4
+57Cs5bON+d8hUwURgexKhXasXZ89HBTNvoVj6mv/txThvQnXaOUzW4Jw/j1Bq+q9
+91jg7HWDkODt6yxYrDHZUU9p4s7e+gObwKizTWxiD4RIaLjrOTAMM0qRRBLko66a
+xS49PDu+Z5OYMkRYRXDXaCXesAe5Js8cBXnX5TSOB5ePOzITPSCDlt6b9eVnJKEw
+MBV+j2DpRtbh9D4DtTNZrB5O7uolKCw4v3jqGq3a5RL201VJ8M0mUjNrb0IA0M8b
+gFwovy/MKg7NG/iZsHFv8WaR8ZpA0CDGX+af5k51q2vyYVx0lHfbn4zE4zoNWS/k
+VG/YuBbulzFIoJ2WJWvJP8ep/Ccp/m/dGWwxSSjexmBgXf/JbCOr0vCXhMUjLCXZ
+3JDWRXg/eZDFqheL0gXjHrvE/+cFzIkAWd95QFvBCnhA4j1iLk0Ua5r8pYfsOsrt
+DTkzB7bOTwI73kek7BTjRO2fMwpjlj/QUid++YhKeQ5fAZt2LqSWmzrxdJwNOMez
+nFivvOsKtQynwhSbaNBo/H0jCznUPfD++ZG39S5Da7rHmsUu4l87CbSnm3TYu0jC
+YDXw+C0buiayX1rlUAVextdK4/9BTjZOw6/F3ISi+6FnzUOGY4HN50x10obDO+03
+Qi5+XtViD48WWf0DISOrGPz2rXoKjC+U7pbPfZFOlERPdXZVd3mAq+UlowYnym37
+D58jZlU6kDkzvBcB1ViDjl2Z91fo87qL1oQXPAv4u0Wsf/EumZHaUKOH6C4MsSDu
+W0V4lx6JZ9Ipu0XAwxSvNJe2IBeef+1lEKfgUTCRUdpAz3p6W9xO1fImNKYDgKGj
+vtjd3vxaPhSwGiZ+gN3JO7tSqWa8hlLcBb/I8DyMHYvr8TlBfkursXZur6Tz06Hu
+mAk/Edal5ZwkMjVhs3urZziwSAXQUoI4LLFZLHzGiAsro5Xcvgwv55ICseMPimRF
+jMbvfcpQxbn6iHDYjOP8I6NI+h4POBeWc7I/wqbBPZCWNCt8taSBZsPrIr9dxXgu
+N0sM+EP/RaDcD8EXXLNuNp+ftGIrhQosDAweapwJVuaGbr6N++Sc4mfC5AW0tscA
+wGY8Z3/nS6SKYNNnAMxkFCGS41vAOIEI2Tv2FSuZ+uF0knO+CDraqelyLUwA7IzM
+QzWHGcUq/1O08au6cuWmwWEoaLBOQPV/vQCVJhJX/IG/pm++2sG94Rf8XQ6InxP3
+pYHLYudq5oh3mQA2CI2msxG4LuSO9sPx+LZ+Ps2qIbun3yVxJGk90AOSMMGp7soE
+sFhTkI+zM+264FOIaFP5K66ZXW09gqx6CIkoQXjejLFbWMmS7JnRIVLC6RtJg9+Q
+sMGJ6rwyw3ZSjHs5uuOa7VOIK6EZ6kAKJTRfPjb9lDhCNQkJJ/sBRFKw7/DpxLft
+gmgQ2Vr68KUrn7e3J9KZr+BhRpXZlEcql1MjlLFky8YxT4nFbN8uY6Pl64ikJZFe
+s73lutE8DkDA5pO9UZzqs6Q4S8q5wlVc3nX2HfKDddyRxFuybZZr7XIZ3Z2NsCoQ
+IYjwJLPG2p/h2MVCy3mV/Iud1LSkLWOOahTVR3GtQE+UTBhirPU43p60RsKjQr16
+Trphzh10m7e/wsU7KokS/aIdqAPYUhK4CD1Wl/qX87mLsdH4imBDJ8yKaXtwywqD
+MLOtZuDPKmowV7hoOZMgwmbE8z1GYD4t1uZEVNK+1ysfiJ05KmCwik/KITFrlTrZ
+np+/5cMSsBnUBrRnBQF+9Pe2tCkmkI8YjeZAXc7cAvG5cDiJfi+Shyi33ek3KHTb
+cAYhfl7Xh9RXnWiMBxiZGVJVjSt//9nobX9pBW2ARx744UArs3duTxF9lvzw+UEu
+DmFS6BFcZFt4r/TXrcJwN+xT5Y44r9tqCZVb8x33AoFxC+kYXF4GLcvAJ3whWsL9
+LhEISJMNvaoWWQmBzYIrsYMoFLfQ1kS3hCQ79LBUl0fWDS9eU3okwBuyPIY+ykQg
+B29A6F2c8NesFYqTzNX8c4kFBqae4uz6mL65kjCJ/xmqklODYgzFAHtQM+KxAjPx
+zfMIMw6hEQvDkKZYSrhWHOC0Q3KE6Qd5XfarLrYKWQvhx7tMIgNxaCL2RDZlEY3T
+E5oP+akZ4KifUmPp0woxVAveoIE1mDjOWk2c9TEOQDp+b+kLtZ12kAzfQmSjUwTh
+yIY9Z6S9HtveI3Neq7Z0scL7XYsVVLI0LAiS3xbwEqTGA2lQKvskq5KIZ76qPB4Z
+TXXwG2YQfcYZuImmzHur2pn9dssKwfU9N90Lsf6+TKQtt8glpOQkw1pSTDvsV/Rb
+4o5SENtYBbXaRMaKKSUBNDa5V5FGvv0H
-----END ENCRYPTED PRIVATE KEY-----
)";
const char* kKeyPassword = "test";
diff --git a/src/kudu/server/webserver-test.cc
b/src/kudu/server/webserver-test.cc
index d95c7372c..5c28857ac 100644
--- a/src/kudu/server/webserver-test.cc
+++ b/src/kudu/server/webserver-test.cc
@@ -103,12 +103,14 @@ class WebserverTest : public KuduTest,
public ::testing::WithParamInterface<std::string> {
public:
WebserverTest() {
- IPMode mode;
static_dir_ = GetTestPath("webserver-docroot");
CHECK_OK(env_->CreateDir(static_dir_));
FLAGS_ip_config_mode = GetParam();
- CHECK_OK(ParseIPModeFlag(FLAGS_ip_config_mode, &mode));
- if (mode == IPMode::DUAL) {
+ CHECK_OK(ParseIPModeFlag(FLAGS_ip_config_mode, &mode_));
+ if (mode_ == IPMode::DUAL || mode_ == IPMode::IPV6) {
+ // The wildcard address is applicable to both 'IPV6' as well as 'DUAL'
modes.
+ // For 'IPV6' mode, IPV6_V6ONLY is enabled on server socket option that
ensures
+ // IPv4 connections are rejected by the server.
FLAGS_webserver_interface = "[::]";
}
}
@@ -141,7 +143,14 @@ class WebserverTest : public KuduTest,
ASSERT_OK(server_->GetBoundAddresses(&addrs));
ASSERT_EQ(addrs.size(), 1);
ASSERT_TRUE(addrs[0].IsWildcard());
- ASSERT_OK(addr_.ParseString("127.0.0.1", addrs[0].port()));
+ if (mode_ == IPMode::IPV4) {
+ // For 'IPV4' mode, set IPv4 loopback address as URL host.
+ ASSERT_OK(addr_.ParseString("127.0.0.1", addrs[0].port()));
+ } else {
+ // For both IPV6 and DUAL mode, choose IPv6 loopback address as URL
host.
+ // Both are expected to work with IPv6 loopback address.
+ ASSERT_OK(addr_.ParseString("[::1]", addrs[0].port()));
+ }
url_ = Substitute(use_ssl() ? "https://$0/"; : "http://$0";,
addr_.ToString());
// For testing purposes, we assume the server has been initialized.
Typically this
// is set to true after the rpc server is started in the server startup
process.
@@ -157,6 +166,13 @@ class WebserverTest : public KuduTest,
"Allow: GET, POST, HEAD, CONNECT, PUT, DELETE,
OPTIONS");
}
+ string ServicePrincipalName() const {
+ if (mode_ == IPMode::IPV4) {
+ return "HTTP/127.0.0.1";
+ }
+ return "HTTP/::1";
+ }
+
protected:
virtual void MaybeSetupSpnego(WebserverOptions* /*opts*/) {}
@@ -173,6 +189,7 @@ class WebserverTest : public KuduTest,
string url_;
string static_dir_;
string cert_path_;
+ IPMode mode_;
};
class SslWebserverTest : public WebserverTest {
@@ -192,7 +209,7 @@ class PasswdWebserverTest : public WebserverTest {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, PasswdWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
// Send a HTTP request with no username and password. It should reject
// the request as the .htpasswd is presented to webserver.
@@ -231,7 +248,7 @@ class SpnegoWebserverTest : public WebserverTest {
ASSERT_OK(kdc_->Start());
ASSERT_OK(kdc_->SetKrb5Environment());
string kt_path;
- ASSERT_OK(kdc_->CreateServiceKeytab("HTTP/127.0.0.1", &kt_path));
+ ASSERT_OK(kdc_->CreateServiceKeytab(ServicePrincipalName(), &kt_path));
PCHECK(setenv("KRB5_KTNAME", kt_path.c_str(), 1) == 0);
ASSERT_OK(kdc_->CreateUserPrincipal("alice"));
@@ -277,7 +294,7 @@ class SpnegoDedicatedKeytabWebserverTest : public
SpnegoWebserverTest {
ASSERT_OK(kdc_->Start());
ASSERT_OK(kdc_->SetKrb5Environment());
string kt_path;
- ASSERT_OK(kdc_->CreateServiceKeytabWithName("HTTP/127.0.0.1",
+ ASSERT_OK(kdc_->CreateServiceKeytabWithName(ServicePrincipalName(),
"spnego.dedicated",
&kt_path));
ASSERT_OK(kdc_->CreateUserPrincipal("alice"));
@@ -292,7 +309,7 @@ class SpnegoDedicatedKeytabWebserverTest : public
SpnegoWebserverTest {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, SpnegoDedicatedKeytabWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(SpnegoDedicatedKeytabWebserverTest, TestAuthenticated) {
ASSERT_OK(kdc_->Kinit("alice"));
@@ -303,7 +320,7 @@ TEST_P(SpnegoDedicatedKeytabWebserverTest,
TestAuthenticated) {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, SpnegoWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
// Tests that execute DoSpnegoCurl() are ignored in MacOS (except the first
test case)
// MacOS heimdal kerberos caches kdc port number somewhere so that all the
test cases
@@ -323,7 +340,7 @@ TEST_P(SpnegoWebserverTest, TestUnauthenticatedBadKeytab) {
// Randomize the server's key in the KDC so that the key in the keytab
doesn't match the
// one for which the client will get a ticket. This is just an easy way to
provoke an
// error and make sure that our error handling works.
- ASSERT_OK(kdc_->RandomizePrincipalKey("HTTP/127.0.0.1"));
+ ASSERT_OK(kdc_->RandomizePrincipalKey(ServicePrincipalName()));
Status s = DoSpnegoCurl();
EXPECT_EQ(s.ToString(), "Remote error: HTTP 401");
@@ -429,7 +446,7 @@ TEST_P(SpnegoWebserverTest, TestAuthNotRequiredForOptions) {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, WebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(WebserverTest, TestIndexPage) {
curl_.set_return_headers(true);
@@ -530,7 +547,7 @@ TEST_P(WebserverTest, TestHttpCompression) {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, SslWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(SslWebserverTest, TestSSL) {
// We use a self-signed cert, so we have to trust it manually.
@@ -543,7 +560,7 @@ TEST_P(SslWebserverTest, TestSSL) {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, Tls13WebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(Tls13WebserverTest, TestTlsMinVersion) {
FLAGS_trusted_certificate_file = cert_path_;
@@ -748,7 +765,7 @@ class NoAuthnWebserverTest : public WebserverTest {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, NoAuthnWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(NoAuthnWebserverTest, TestUnauthenticatedUser) {
ASSERT_OK(curl_.FetchURL(Substitute("$0/authn", url_), &buf_));
@@ -757,7 +774,7 @@ TEST_P(NoAuthnWebserverTest, TestUnauthenticatedUser) {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, AuthnWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
// The following tests are skipped on macOS due to inconsistent behavior of
SPNEGO.
// macOS heimdal kerberos caches the KDC port number, which can cause
subsequent tests to fail.
@@ -774,7 +791,7 @@ TEST_P(AuthnWebserverTest,
TestAuthenticatedUserPassedToHandler) {
TEST_P(AuthnWebserverTest, TestUnauthenticatedBadKeytab) {
// Test based on the SpnegoWebserverTest::TestUnauthenticatedBadKeytab test.
ASSERT_OK(kdc_->Kinit("alice"));
- ASSERT_OK(kdc_->RandomizePrincipalKey("HTTP/127.0.0.1"));
+ ASSERT_OK(kdc_->RandomizePrincipalKey(ServicePrincipalName()));
curl_.set_auth(CurlAuthType::SPNEGO);
Status s = curl_.FetchURL(Substitute("$0/authn", url_), &buf_);
EXPECT_EQ(s.ToString(), "Remote error: HTTP 401");
@@ -834,7 +851,7 @@ class PathParamWebserverTest : public WebserverTest {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, PathParamWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(PathParamWebserverTest, TestPathParameterAtEnd) {
ASSERT_OK(
@@ -897,7 +914,7 @@ class DisabledDocRootWebserverTest : public WebserverTest {
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, DisabledDocRootWebserverTest,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(DisabledDocRootWebserverTest, TestHandlerNotFound) {
Status s = curl_.FetchURL(Substitute("$0/foo", url_), &buf_);
@@ -1125,7 +1142,7 @@ class WebserverNegativeTests : public KuduTest,
// This is used to run all parameterized tests with different IP modes.
INSTANTIATE_TEST_SUITE_P(Parameters, WebserverNegativeTests,
- testing::Values("ipv4", "dual"));
+ testing::Values("ipv4", "ipv6", "dual"));
TEST_P(WebserverNegativeTests, BadCertFile) {
ExpectFailedStartup([](WebserverOptions* opts) {
