findepi
commented
4 years ago If we run everything in Docker, we can easily migrate to Github Action or another system if necessary Travis CI is not a tool that is actively developed.
Open mik-laj opened 4 years ago
findepi
commented
4 years ago If we run everything in Docker, we can easily migrate to Github Action or another system if necessary Travis CI is not a tool that is actively developed.
findepi
commented
4 years ago @mik-laj thanks for looking into this. I guess we should use the KDC image that we already have: https://hub.docker.com/r/prestodev/kerberos / https://github.com/prestosql/docker-images/tree/master/prestodev/kerberos
Then there is a question how do we launch the environment. I think docker-compose is fine here.
In practice, this means that we will have to run all the tests in Docker because you cannot configure only KDC and Presto in Docker, and the tests on the machine, because Kerberos will detect it as a connection from another network, which will make configuration even more difficult.
Correct. Fortunately docker network and docker container hostnames are good solution for this. This is how we test kerberos in product tests in https://github.com/prestosql/presto
Hello,
I have currently prepared the Docker environment, there are 3 containers:
Link: https://github.com/mik-laj/presto-kerberos-docker
All Keytab keys, SSL certificates are generated automatically. All you need to do is run
start.sh. To test the environment, you can runtest.sh. Currently, Github Action is set up in this repository, so it's easy to verify that everything is working fine.I think we can use it for automatic tests of this library as well, to verify the correct implementation of Kerberos authorization. This will require some changes to our CI environment as Kerberos is very sensitive to hostnames. In practice, this means that we will have to run all the tests in Docker because you cannot configure only KDC and Presto in Docker, and the tests on the machine, because Kerberos will detect it as a connection from another network, which will make configuration even more difficult. I think this is a good solution as Docker will also provide greater repeatability of these tests and independence from CI.
If we run everything in Docker, we can easily migrate to Github Action or another system if necessary Travis CI is not a tool that is actively developed. It is only maintained by the owners.
Best regards.