Update tests

stackabletech · Jan 5, 2023 · d4477a5 · d4477a5
1 parent 9602bf6
commit d4477a5
Show file tree

Hide file tree

Showing 24 changed files with 183 additions and 304 deletions.
diff --git a/tests/templates/kuttl/authorizer/03-install-druid.yaml.j2 b/tests/templates/kuttl/authorizer/03-install-druid.yaml.j2
@@ -27,12 +27,10 @@ spec:
       connString: jdbc:derby://localhost:1527/var/druid/metadata.db;create=true
       host: localhost
       port: 1527
-    tls:
-      serverAndInternalSecretClass: null
     zookeeperConfigMapName: druid-znode
   brokers:
     configOverrides:
-      runtime.properties:
+      runtime.properties: &runtime-properties
         druid.auth.authenticatorChain: "[\"MyBasicMetadataAuthenticator\"]"
         druid.auth.authenticator.MyBasicMetadataAuthenticator.type: basic
 
@@ -59,109 +57,25 @@ spec:
         replicas: 1
   coordinators:
     configOverrides:
-      runtime.properties:
-        druid.auth.authenticatorChain: "[\"MyBasicMetadataAuthenticator\"]"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.type: basic
-
-        # Default password for 'admin' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword: password1
-
-        # Default password for internal 'druid_system' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword: password2
-
-        # Uses the metadata store for storing users, you can use authentication API to create new users and grant permissions
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type: metadata
-
-        # If true and the request credential doesn't exists in this credentials store, the request will proceed to next Authenticator in the chain.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure: "false"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName: OpaAuthorizer
-
-        # Escalator
-        druid.escalator.type: basic
-        druid.escalator.internalClientUsername: druid_system
-        druid.escalator.internalClientPassword: password2
-        druid.escalator.authorizerName: OpaAuthorizer
+      runtime.properties: *runtime-properties
     roleGroups:
       default:
         replicas: 1
   historicals:
     configOverrides:
-      runtime.properties:
-        druid.auth.authenticatorChain: "[\"MyBasicMetadataAuthenticator\"]"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.type: basic
-
-        # Default password for 'admin' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword: password1
-
-        # Default password for internal 'druid_system' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword: password2
-
-        # Uses the metadata store for storing users, you can use authentication API to create new users and grant permissions
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type: metadata
-
-        # If true and the request credential doesn't exists in this credentials store, the request will proceed to next Authenticator in the chain.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure: "false"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName: OpaAuthorizer
-
-        # Escalator
-        druid.escalator.type: basic
-        druid.escalator.internalClientUsername: druid_system
-        druid.escalator.internalClientPassword: password2
-        druid.escalator.authorizerName: OpaAuthorizer
+      runtime.properties: *runtime-properties
     roleGroups:
       default:
         replicas: 1
   middleManagers:
     configOverrides:
-      runtime.properties:
-        druid.auth.authenticatorChain: "[\"MyBasicMetadataAuthenticator\"]"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.type: basic
-
-        # Default password for 'admin' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword: password1
-
-        # Default password for internal 'druid_system' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword: password2
-
-        # Uses the metadata store for storing users, you can use authentication API to create new users and grant permissions
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type: metadata
-
-        # If true and the request credential doesn't exists in this credentials store, the request will proceed to next Authenticator in the chain.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure: "false"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName: OpaAuthorizer
-
-        # Escalator
-        druid.escalator.type: basic
-        druid.escalator.internalClientUsername: druid_system
-        druid.escalator.internalClientPassword: password2
-        druid.escalator.authorizerName: OpaAuthorizer
+      runtime.properties: *runtime-properties
     roleGroups:
       default:
         replicas: 1
   routers:
     configOverrides:
-      runtime.properties:
-        druid.auth.authenticatorChain: "[\"MyBasicMetadataAuthenticator\"]"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.type: basic
-
-        # Default password for 'admin' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword: password1
-
-        # Default password for internal 'druid_system' user, should be changed for production.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword: password2
-
-        # Uses the metadata store for storing users, you can use authentication API to create new users and grant permissions
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type: metadata
-
-        # If true and the request credential doesn't exists in this credentials store, the request will proceed to next Authenticator in the chain.
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure: "false"
-        druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName: OpaAuthorizer
-
-        # Escalator
-        druid.escalator.type: basic
-        druid.escalator.internalClientUsername: druid_system
-        druid.escalator.internalClientPassword: password2
-        druid.escalator.authorizerName: OpaAuthorizer
+      runtime.properties: *runtime-properties
     roleGroups:
       default:
         replicas: 1
diff --git a/tests/templates/kuttl/authorizer/05-assert.yaml b/tests/templates/kuttl/authorizer/05-assert.yaml
@@ -2,5 +2,5 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
 commands:
-  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/authcheck.py
+  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/authcheck.py derby-druid
 timeout: 600
diff --git a/tests/templates/kuttl/authorizer/authcheck.py b/tests/templates/kuttl/authorizer/authcheck.py
@@ -3,20 +3,27 @@
 import logging
 
 coordinator_host = "derby-druid-coordinator-default"
-coordinator_port = "8081"
+coordinator_port = "8281"
 authenticator_name = "MyBasicMetadataAuthenticator"
 
 
 def create_user(user_name):
     requests.post(
-        f"http://{coordinator_host}:{coordinator_port}/druid-ext/basic-security/authentication/db/{authenticator_name}/users/{user_name}",
-        auth=("admin", "password1")
+        f"https://{coordinator_host}:{coordinator_port}/druid-ext/basic-security/authentication/db/{authenticator_name}/users/{user_name}",
+        auth=("admin", "password1"),
+        verify=False,
     )
     data = f"{{\"password\": \"{user_name}\"}}"
     headers = {
         'Content-Type': 'application/json',
     }
-    requests.post(f"http://{coordinator_host}:{coordinator_port}/druid-ext/basic-security/authentication/db/{authenticator_name}/users/{user_name}/credentials", headers=headers, data=data, auth=('admin', 'password1'))
+    requests.post(
+        f"https://{coordinator_host}:{coordinator_port}/druid-ext/basic-security/authentication/db/{authenticator_name}/users/{user_name}/credentials",
+        headers=headers,
+        data=data,
+        auth=('admin', 'password1'),
+        verify=False,
+    )
 
 
 if __name__ == "__main__":
@@ -30,39 +37,33 @@ def create_user(user_name):
     create_user("eve")
     print("USERS CREATED!")
 
-    druid_cluster_name = "derby-druid"
-    druid_roles = [
-        "broker",
-        "coordinator",
-        "middlemanager",
-        "historical",
-        "router"
-    ]
-    druid_ports = {
-        "broker": 8082,
-        "coordinator": 8081,
-        "middlemanager": 8091,
-        "historical": 8083,
-        "router": 8888
+    druid_cluster_name = sys.argv[1]
+
+    druid_role_ports = {
+        "broker": 8282,
+        "coordinator": 8281,
+        "middlemanager": 8291,
+        "historical": 8283,
+        "router": 9088,
     }
 
-    for role in druid_roles:
-        url = f"http://{druid_cluster_name}-{role}-default:{druid_ports[role]}/status"
+    for role, port in druid_role_ports.items():
+        url = f"https://{druid_cluster_name}-{role}-default:{port}/status"
         # make an authorized request -> return 401 expected
         print("Checking Unauthorized")
-        res = requests.get(url)
+        res = requests.get(url, verify=False)
         if res.status_code != 401:
             result = 1
             break
         # make an authorized request -> return 200 expected
         print("Checking Alice")
-        res = requests.get(url, auth=("alice", "alice"))
+        res = requests.get(url, auth=("alice", "alice"), verify=False)
         if res.status_code != 200:
             result = 1
             break
         # make an unauthorized request -> return 403 expected
         print("Checking Eve")
-        res = requests.get(url, auth=("eve", "eve"))
+        res = requests.get(url, auth=("eve", "eve"), verify=False)
         if res.status_code != 403:
             result = 1
             break

diff --git a/tests/templates/kuttl/ingestion-no-s3-ext/02-install-druid.yaml.j2 b/tests/templates/kuttl/ingestion-no-s3-ext/02-install-druid.yaml.j2
@@ -23,8 +23,6 @@ spec:
       connString: jdbc:derby://localhost:1527/var/druid/metadata.db;create=true
       host: localhost
       port: 1527
-    tls:
-      serverAndInternalSecretClass: null
     zookeeperConfigMapName: druid-znode
   brokers:
     roleGroups:

diff --git a/tests/templates/kuttl/ingestion-no-s3-ext/04-assert.yaml b/tests/templates/kuttl/ingestion-no-s3-ext/04-assert.yaml
@@ -2,5 +2,5 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
 commands:
-  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/healthcheck.py
+  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/healthcheck.py derby-druid
 timeout: 300
diff --git a/tests/templates/kuttl/ingestion-no-s3-ext/healthcheck.py b/tests/templates/kuttl/ingestion-no-s3-ext/healthcheck.py
@@ -9,24 +9,18 @@
     log_level = 'DEBUG'  # if args.debug else 'INFO'
     logging.basicConfig(level=log_level, format='%(asctime)s %(levelname)s: %(message)s', stream=sys.stdout)
 
-    druid_cluster_name = "derby-druid"
-    druid_roles = [
-        "broker",
-        "coordinator",
-        "middlemanager",
-        "historical",
-        "router"
-    ]
-    druid_ports = {
-        "broker": 8082,
-        "coordinator": 8081,
-        "middlemanager": 8091,
-        "historical": 8083,
-        "router": 8888
+    druid_cluster_name = sys.argv[1]
+
+    druid_role_ports = {
+        "broker": 8282,
+        "coordinator": 8281,
+        "middlemanager": 8291,
+        "historical": 8283,
+        "router": 9088,
     }
 
-    for role in druid_roles:
-        url = f"http://{druid_cluster_name}-{role}-default:{druid_ports[role]}/status/health"
+    for role, port in druid_role_ports.items():
+        url = f"https://{druid_cluster_name}-{role}-default:{port}/status/health"
         count = 1
 
         # As this script is intended to be executed by Kuttl which is in charge of overall test timeouts it is ok
@@ -43,7 +37,7 @@
             try:
                 count = count + 1
                 print(f"Checking role [{role}] on url [{url}]")
-                res = requests.get(url, timeout=5)
+                res = requests.get(url, verify=False, timeout=5)
                 code = res.status_code
                 if res.status_code == 200 and res.text.lower() == "true":
                     break
@@ -60,5 +54,4 @@
 
             # Wait a little bit before retrying
             time.sleep(1)
-
     sys.exit(0)
diff --git a/tests/templates/kuttl/ingestion-no-s3-ext/ingestioncheck.py b/tests/templates/kuttl/ingestion-no-s3-ext/ingestioncheck.py
@@ -11,6 +11,7 @@ class DruidClient:
     def __init__(self):
         self.session = requests.Session()
         self.session.headers.update({'Accept': 'application/json', 'Content-Type': 'application/json'})
+        self.session.verify = False
         http.client.HTTPConnection.debuglevel = 1
 
     def get(self, url):
@@ -52,7 +53,7 @@ def query_datasource(self, url, sql, expected, iterations):
 Query tasks
 ===========''')
 tasks = druid.get_tasks(
-    url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/tasks",
+    url=f"https://{druid_cluster_name}-coordinator-default:8281/druid/indexer/v1/tasks",
 )
 task_count = len(json.loads(tasks))
 print(f'existing tasks: {task_count}')
@@ -61,7 +62,7 @@ def query_datasource(self, url, sql, expected, iterations):
 Start ingestion task
 ====================''')
 ingestion = druid.post_task(
-    url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/task",
+    url=f"https://{druid_cluster_name}-coordinator-default:8281/druid/indexer/v1/task",
     input='/tmp/druid-quickstartimport.json'
 )
 task_id = json.loads(ingestion)["task"]
@@ -71,7 +72,7 @@ def query_datasource(self, url, sql, expected, iterations):
 Re-query tasks
 ==============''')
 tasks = druid.get_tasks(
-    url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/tasks",
+    url=f"https://{druid_cluster_name}-coordinator-default:8281/druid/indexer/v1/tasks",
 )
 new_task_count = len(json.loads(tasks))
 print(f'new tasks: {new_task_count}')
@@ -85,7 +86,7 @@ def query_datasource(self, url, sql, expected, iterations):
 while not job_finished:
     time.sleep(5)
     task = druid.get(
-        url=f"http://{druid_cluster_name}-coordinator-default:8081/druid/indexer/v1/task/{url_encoded_taskid}/status",
+        url=f"https://{druid_cluster_name}-coordinator-default:8281/druid/indexer/v1/task/{url_encoded_taskid}/status",
     )
     task_status = json.loads(task)["status"]["statusCode"]
     print(f"Current task status: [{task_status}]")
@@ -98,7 +99,7 @@ def query_datasource(self, url, sql, expected, iterations):
 broker_ready = False
 while not broker_ready:
     time.sleep(2)
-    broker_ready_rc = druid.check_rc(f"http://{druid_cluster_name}-broker-default:8082/druid/broker/v1/readiness")
+    broker_ready_rc = druid.check_rc(f"https://{druid_cluster_name}-broker-default:8282/druid/broker/v1/readiness")
     broker_ready = broker_ready_rc == 200
     print(f"Broker respondend with [{broker_ready_rc}] to readiness check")
 
@@ -107,7 +108,7 @@ def query_datasource(self, url, sql, expected, iterations):
 ==============''')
 sample_data_size = 39244
 result = druid.query_datasource(
-    url=f"http://{druid_cluster_name}-broker-default:8082/druid/v2/sql",
+    url=f"https://{druid_cluster_name}-broker-default:8282/druid/v2/sql",
     sql={"query": "select count(*) as c from \"wikipedia-2015-09-12\""},
     expected=sample_data_size,
     iterations=12

diff --git a/tests/templates/kuttl/ingestion-s3-ext/02-install-druid.yaml.j2 b/tests/templates/kuttl/ingestion-s3-ext/02-install-druid.yaml.j2
@@ -29,8 +29,6 @@ spec:
       connString: jdbc:derby://localhost:1527/var/druid/metadata.db;create=true
       host: localhost
       port: 1527
-    tls:
-      serverAndInternalSecretClass: null
     zookeeperConfigMapName: druid-znode
   brokers:
     roleGroups:

diff --git a/tests/templates/kuttl/ingestion-s3-ext/04-assert.yaml b/tests/templates/kuttl/ingestion-s3-ext/04-assert.yaml
@@ -2,5 +2,5 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
 commands:
-  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/healthcheck.py
+  - script: kubectl exec -n $NAMESPACE checks-0 -- python /tmp/healthcheck.py derby-druid
 timeout: 300