Skip to content

PLAT-167: Migrate test_tls #1137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ethho merged 5 commits into from
Dec 15, 2023
Merged

PLAT-167: Migrate test_tls #1137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
acb2ab3
Checkout conftest from dev-tests-plat-166-schema
ethho Dec 14, 2023
ffc61b8
cp to tests
ethho Dec 14, 2023
9974818
nose2pytest test_tls
ethho Dec 14, 2023
0a94b20
Migrate test_tls
ethho Dec 14, 2023
1e3ba5c
Format with black
ethho Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 17 additions & 11 deletions tests/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,15 @@ def enable_filepath_feature(monkeypatch):
monkeypatch.delenv(FILEPATH_FEATURE_SWITCH, raising=True)


@pytest.fixture(scope="session")
def db_creds_test() -> Dict:
return dict(
host=os.getenv("DJ_TEST_HOST", "fakeservices.datajoint.io"),
user=os.getenv("DJ_TEST_USER", "datajoint"),
password=os.getenv("DJ_TEST_PASSWORD", "datajoint"),
)

Copy link
Contributor Author

@ethho ethho Dec 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out from #1136


@pytest.fixture(scope="session")
def db_creds_root() -> Dict:
return dict(
Expand Down Expand Up @@ -142,12 +151,9 @@ def connection_root(connection_root_bare):


@pytest.fixture(scope="session")
def connection_test(connection_root):
def connection_test(connection_root, db_creds_test):
"""Test user database connection."""
database = f"{PREFIX}%%"
credentials = dict(
host=os.getenv("DJ_HOST"), user="datajoint", password="datajoint"
)
permission = "ALL PRIVILEGES"

# Create MySQL users
Expand All @@ -157,14 +163,14 @@ def connection_test(connection_root):
# create user if necessary on mysql8
connection_root.query(
f"""
CREATE USER IF NOT EXISTS '{credentials["user"]}'@'%%'
IDENTIFIED BY '{credentials["password"]}';
CREATE USER IF NOT EXISTS '{db_creds_test["user"]}'@'%%'
IDENTIFIED BY '{db_creds_test["password"]}';
"""
)
connection_root.query(
f"""
GRANT {permission} ON `{database}`.*
TO '{credentials["user"]}'@'%%';
TO '{db_creds_test["user"]}'@'%%';
"""
)
else:
Expand All @@ -173,14 +179,14 @@ def connection_test(connection_root):
connection_root.query(
f"""
GRANT {permission} ON `{database}`.*
TO '{credentials["user"]}'@'%%'
IDENTIFIED BY '{credentials["password"]}';
TO '{db_creds_test["user"]}'@'%%'
IDENTIFIED BY '{db_creds_test["password"]}';
"""
)

connection = dj.Connection(**credentials)
connection = dj.Connection(**db_creds_test)
yield connection
connection_root.query(f"""DROP USER `{credentials["user"]}`""")
connection_root.query(f"""DROP USER `{db_creds_test["user"]}`""")
connection.close()


Expand Down
32 changes: 32 additions & 0 deletions tests/test_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
import pytest
import datajoint as dj
from pymysql.err import OperationalError


def test_secure_connection(db_creds_test, connection_test):
Copy link
Contributor Author

@ethho ethho Dec 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have to use connection_test fixture so that the test user is created in the DB.

result = (
dj.conn(reset=True, **db_creds_test)
.query("SHOW STATUS LIKE 'Ssl_cipher';")
.fetchone()[1]
)
assert len(result) > 0


def test_insecure_connection(db_creds_test, connection_test):
result = (
dj.conn(use_tls=False, reset=True, **db_creds_test)
.query("SHOW STATUS LIKE 'Ssl_cipher';")
.fetchone()[1]
)
assert result == ""


def test_reject_insecure(db_creds_test, connection_test):
with pytest.raises(OperationalError):
dj.conn(
db_creds_test["host"],
user="djssl",
password="djssl",
use_tls=False,
reset=True,
).query("SHOW STATUS LIKE 'Ssl_cipher';").fetchone()[1]