首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6dd8e59864
Branches Tags
Materialize
/
test
/
secrets-local-file
/
mzcompose.py

mzcompose.py 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. # Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. #
    3. 

  3. # Use of this software is governed by the Business Source License
    4. 

  4. # included in the LICENSE file at the root of this repository.
    5. 

  5. #
    6. 

  6. # As of the Change Date specified in that file, in accordance with
    7. 

  7. # the Business Source License, use of this software will be governed
    8. 

  8. # by the Apache License, Version 2.0.
    9. 

  9. 

  10. """
    11. 

  11. Test that `CREATE SECRET` and using secrets works using a local file for storage.
    12. 

  12. """
    13. 

  13. 

  14. from materialize.mzcompose.composition import Composition
    15. 

  15. from materialize.mzcompose.services.materialized import Materialized
    16. 

  16. from materialize.mzcompose.services.testdrive import Testdrive
    17. 

  17. 

  18. SERVICES = [
    19. 

  19.     Materialized(),
    20. 

  20.     Testdrive(),
    21. 

  21. ]
    22. 

  22. 

  23. 

  24. def workflow_default(c: Composition) -> None:
    25. 

  25.     c.up("materialized")
    26. 

  26. 

  27.     # ensure that the directory has restricted permissions
    28. 

  28.     c.exec(
    29. 

  29.         "materialized",
    30. 

  30.         "bash",
    31. 

  31.         "-c",
    32. 

  32.         "[[ `stat -c \"%a\" /mzdata/secrets` == '700' ]] && exit 0 || exit 1",
    33. 

  33.     )
    34. 

  34. 

  35.     c.sql("CREATE SECRET secret AS 's3cret'")
    36. 

  36.     # Check that the contents of the secret have made it to the storage
    37. 

  37.     c.exec(
    38. 

  38.         "materialized",
    39. 

  39.         "bash",
    40. 

  40.         "-c",
    41. 

  41.         "[[ `cat /mzdata/secrets/*` == 's3cret' ]] && exit 0 || exit 1",
    42. 

  42.     )
    43. 

  43. 

  44.     # Check that the file permissions are restrictive
    45. 

  45.     c.exec(
    46. 

  46.         "materialized",
    47. 

  47.         "bash",
    48. 

  48.         "-c",
    49. 

  49.         "[[ `stat -c \"%a\" /mzdata/secrets/*` == '600' ]] && exit 0 || exit 1",
    50. 

  50.     )
    51. 

  51. 

  52.     # Check that alter secret gets reflected on disk
    53. 

  53.     c.sql("ALTER SECRET secret AS 'tops3cret'")
    54. 

  54.     c.exec(
    55. 

  55.         "materialized",
    56. 

  56.         "bash",
    57. 

  57.         "-c",
    58. 

  58.         "[[ `cat /mzdata/secrets/*` == 'tops3cret' ]] && exit 0 || exit 1",
    59. 

  59.     )
    60. 

  60. 

  61.     # check that replacing the file did not change permissions
    62. 

  62.     c.exec(
    63. 

  63.         "materialized",
    64. 

  64.         "bash",
    65. 

  65.         "-c",
    66. 

  66.         "[[ `stat -c \"%a\" /mzdata/secrets/*` == '600' ]] && exit 0 || exit 1",
    67. 

  67.     )
    68. 

  68. 

  69.     # Rename should not change the contents on disk
    70. 

  70.     c.sql("ALTER SECRET secret RENAME TO renamed_secret")
    71. 

  71. 

  72.     # Check that the contents of the secret have made it to the storage
    73. 

  73.     c.exec(
    74. 

  74.         "materialized",
    75. 

  75.         "bash",
    76. 

  76.         "-c",
    77. 

  77.         "[[ `cat /mzdata/secrets/*` == 'tops3cret' ]] && exit 0 || exit 1",
    78. 

  78.     )
    79. 

  79. 

  80.     c.sql("DROP SECRET renamed_secret")
    81. 

  81.     # Check that the file has been deleted from the storage
    82. 

  82.     c.exec(
    83. 

  83.         "materialized",
    84. 

  84.         "bash",
    85. 

  85.         "-c",
    86. 

  86.         "[[ -z `ls -A /mzdata/secrets` ]] && exit 0 || exit 1",
    87. 

  87.     )
    88.