krb5 commit: Import and complete Greg Hudson's iprop test
Greg Hudson
ghudson at MIT.EDU
Mon Oct 8 12:18:48 EDT 2012
https://github.com/krb5/krb5/commit/8d6e23999009c025b7f4cdf9b5c007d827266c5e
commit 8d6e23999009c025b7f4cdf9b5c007d827266c5e
Author: Nicolas Williams <nico at cryptonector.com>
Date: Mon Sep 3 15:57:03 2012 -0500
Import and complete Greg Hudson's iprop test
ticket: 7374
src/tests/Makefile.in | 1 +
src/tests/t_iprop.py | 139 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 140 insertions(+), 0 deletions(-)
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 26576fd..5bb2b04 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -65,6 +65,7 @@ kdb_check: kdc.conf krb5.conf
check-pytests:: hist
$(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_anonpkinit.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_lockout.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
new file mode 100644
index 0000000..33bf918
--- /dev/null
+++ b/src/tests/t_iprop.py
@@ -0,0 +1,139 @@
+#!/usr/bin/python
+
+import os
+import time
+
+from k5test import *
+
+iprop_kdc_conf = {
+ 'all' : { 'libdefaults' : { 'default_realm' : 'KRBTEST.COM'},
+ 'realms' : { '$realm' : {
+ 'iprop_enable' : 'true',
+ 'iprop_slave_poll' : '1'
+ }}},
+ 'master' : { 'realms' : { '$realm' : {
+ 'iprop_logfile' : '$testdir/db.ulog'
+ }}},
+ 'slave' : { 'realms' : { '$realm' : {
+ 'iprop_logfile' : '$testdir/slave-db.ulog'
+ }}}
+}
+
+realm = K5Realm(kdc_conf=iprop_kdc_conf, create_user=False, start_kadmind=True)
+
+ulog = os.path.join(realm.testdir, 'db.ulog')
+if not os.path.exists(ulog):
+ fail('update log not created: ' + ulog)
+
+# Create the principal used to authenticate kpropd to kadmind.
+kiprop_princ = 'kiprop/' + hostname
+realm.addprinc(kiprop_princ)
+realm.extract_keytab(kiprop_princ, realm.keytab)
+
+# Create the slave db.
+dumpfile = os.path.join(realm.testdir, 'dump')
+realm.run_as_master([kdb5_util, 'dump', dumpfile])
+realm.run_as_slave([kdb5_util, 'load', dumpfile])
+realm.run_as_slave([kdb5_util, 'stash', '-P', 'master'])
+
+# Make some changes to the master db.
+realm.addprinc('wakawaka')
+# Add a principal enough to make realloc likely, but not enough to grow
+# basic ulog entry size.
+c = 'chocolate-flavored-school-bus'
+cs = c + '/'
+longname = cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + c
+realm.addprinc(longname)
+realm.addprinc('w')
+realm.run_kadminl('modprinc -allow_tix w')
+realm.run_kadminl('modprinc +allow_tix w')
+
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : 7' not in out:
+ fail('Update log on master has incorrect last serial number')
+
+# Set up the kpropd acl file.
+acl_file = os.path.join(realm.testdir, 'kpropd-acl')
+acl = open(acl_file, 'w')
+acl.write(realm.host_princ + '\n')
+acl.close()
+
+realm.start_kpropd()
+realm.run_kadminl('modprinc -allow_tix w')
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : 8' not in out:
+ fail('Update log on master has incorrect last serial number')
+
+# We need to give iprop (really, a full resync here and maybe an
+# incremental) a chance to happen.
+#
+# Sometimes we need to wait a long time because kpropd's do_iprop()
+# can race with kadmind and fail to kadm5 init, which leads -apparently-
+# to some backoff effect.
+output('Sleeping for 3 seconds\n')
+time.sleep(3)
+
+# Now check that iprop happened. Note that we depend on timing here,
+# thus the above sleep, but there's no way to wait synchronously or force
+# iprop to happen (since iprop here is a pull system) and then wait for
+# it synchronously.
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : 8' not in out:
+ fail('Update log on slave has incorrect last serial number')
+
+# Make another change.
+realm.run_kadminl('modprinc +allow_tix w')
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : 9' not in out:
+ fail('Update log on master has incorrect last serial number')
+
+# Check that we're at sno 9 on the slave side too.
+output('Sleeping for 3 seconds\n')
+time.sleep(3)
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : 9' not in out:
+ fail('Update log on slave has incorrect last serial number')
+
+# Reset the ulog on the slave side to force a full resync to the slave.
+realm.run_as_slave([kproplog, '-R'])
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : None' not in out:
+ fail('Reset of update log on slave failed')
+output('Sleeping for 3 seconds\n')
+time.sleep(3)
+# Check that a full resync happened.
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : 9' not in out:
+ fail('Update log on slave has incorrect last serial number')
+
+# Make another change.
+realm.run_kadminl('modprinc +allow_tix w')
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : 10' not in out:
+ fail('Update log on master has incorrect last serial number')
+
+output('Sleeping for 3 seconds\n')
+time.sleep(3)
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : 10' not in out:
+ fail('Update log on slave has incorrect last serial number')
+
+# Reset the ulog on the master side to force a full resync to all slaves.
+# XXX Note that we only have one slave in this test, so we can't really
+# test this.
+realm.run_as_master([kproplog, '-R'])
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : None' not in out:
+ fail('Reset of update log on master failed')
+realm.run_kadminl('modprinc -allow_tix w')
+out = realm.run_as_master([kproplog, '-h'])
+if 'Last serial # : 1' not in out:
+ fail('Update log on master has incorrect last serial number')
+output('Sleeping for 3 seconds\n')
+time.sleep(3)
+# Check that a full resync happened.
+out = realm.run_as_slave([kproplog, '-h'])
+if 'Last serial # : 1' not in out:
+ fail('Update log on slave has incorrect last serial number')
+
+success('iprop tests')
More information about the cvs-krb5
mailing list