Skip to content

Commit

Permalink
945 (#951)
Browse files Browse the repository at this point in the history
Signed-off-by: user1 <imavo@users.noreply.github.com>
  • Loading branch information
imavo authored Jul 24, 2024
1 parent e7f40b2 commit cf653e0
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 15 deletions.
4 changes: 3 additions & 1 deletion config.py.sample
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ if sys.platform != 'zos':

env_not_set = False
if 'DB2_USER' in os.environ:
user = os.getenv('DB2_USER') # User ID to connect with
user = os.getenv('DB2_USER') # User ID to connect with (must be secadm for trusted-context testcases)
else:
user = data['user']
env_not_set = True
Expand Down Expand Up @@ -52,3 +52,5 @@ auth_user = 'auth_user' # Authentic user of Database
auth_pass = 'auth_pass' # Password for Authentic user
tc_user = 'tc_user' # Trusted user
tc_pass = 'tc_pass' # Password to trusted user
tc_appserver_address = '' # optional. Hostname/IP-address, where trusted-context testcases run, defaults to local hostname

31 changes: 22 additions & 9 deletions ibm_db_tests/test_trusted_context_connect.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,19 @@ def test_trusted_context_connect(self):
obj.assert_expectf(self.run_test_trusted_context_connect)

def run_test_trusted_context_connect(self):
# if the Db2-server cannot resolve the remote-client hostname(where testcase runs), then use config.py tc_appserver_address to give IP-address
# and use that IP-address in the trusted-context definition, to allow operation remotely from the Db2-server.

if ( sys.platform == 'win32'): # on ms-windows get hostname from env to avoid importing other modules
this_hostname = os.environ['COMPUTERNAME']
else:
this_hostname = os.uname()[1] # get local non-windows hostname

if config.tc_appserver_address:
if config.tc_appserver_address != '':
this_hostname = config.tc_appserver_address # in case Db2-server cannot resolve remote-client hostname


sql_drop_role = "DROP ROLE role_01"
sql_create_role = "CREATE ROLE role_01"

Expand All @@ -31,7 +44,7 @@ def run_test_trusted_context_connect(self):
sql_create_trusted_context = "CREATE TRUSTED CONTEXT ctx BASED UPON CONNECTION USING SYSTEM AUTHID "
sql_create_trusted_context += config.auth_user
sql_create_trusted_context += " ATTRIBUTES (ADDRESS '"
sql_create_trusted_context += config.hostname
sql_create_trusted_context += this_hostname
sql_create_trusted_context += "') DEFAULT ROLE role_01 ENABLE WITH USE FOR "
sql_create_trusted_context += config.tc_user

Expand Down Expand Up @@ -324,7 +337,7 @@ def run_test_trusted_context_connect(self):
#But trusted user is not switched.
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Trusted connection succeeded.
#[%s][%s][%s] SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 SQLCODE=-30082
#Trusted connection succeeded.
Expand All @@ -334,7 +347,7 @@ def run_test_trusted_context_connect(self):
#[%s][%s][%s] SQL20361N The switch user request using authorization ID "%s" within trusted context "CTX" failed with reason code "2". SQLSTATE=42517 SQLCODE=-20361
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "INSERT" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "INSERT". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Connection succeeded.
#__ZOS_EXPECTED__
#Normal connection established.
Expand All @@ -344,7 +357,7 @@ def run_test_trusted_context_connect(self):
#But trusted user is not switched.
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Trusted connection succeeded.
#[%s][%s][%s] SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 SQLCODE=-30082
#Trusted connection succeeded.
Expand All @@ -354,7 +367,7 @@ def run_test_trusted_context_connect(self):
#[%s][%s][%s] SQL20361N The switch user request using authorization ID "%s" within trusted context "CTX" failed with reason code "2". SQLSTATE=42517 SQLCODE=-20361
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "INSERT" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "INSERT". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Connection succeeded.
#__SYSTEMI_EXPECTED__
#Normal connection established.
Expand All @@ -364,7 +377,7 @@ def run_test_trusted_context_connect(self):
#But trusted user is not switched.
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Trusted connection succeeded.
#[%s][%s][%s] SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 SQLCODE=-30082
#Trusted connection succeeded.
Expand All @@ -374,7 +387,7 @@ def run_test_trusted_context_connect(self):
#[%s][%s][%s] SQL20361N The switch user request using authorization ID "%s" within trusted context "CTX" failed with reason code "2". SQLSTATE=42517 SQLCODE=-20361
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "INSERT" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "INSERT". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Connection succeeded.
#__IDS_EXPECTED__
#Normal connection established.
Expand All @@ -384,7 +397,7 @@ def run_test_trusted_context_connect(self):
#But trusted user is not switched.
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Trusted connection succeeded.
#[%s][%s][%s] SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001 SQLCODE=-30082
#Trusted connection succeeded.
Expand All @@ -394,5 +407,5 @@ def run_test_trusted_context_connect(self):
#[%s][%s][%s] SQL20361N The switch user request using authorization ID "%s" within trusted context "CTX" failed with reason code "2". SQLSTATE=42517 SQLCODE=-20361
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "INSERT" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "INSERT". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Connection succeeded.
21 changes: 16 additions & 5 deletions ibm_db_tests/test_trusted_context_pconnect.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,17 @@ def test_trusted_context_pconnect(self):
obj.assert_expectf(self.run_test_trusted_context_pconnect)

def run_test_trusted_context_pconnect(self):
if ( sys.platform == 'win32'): # on ms-windows get hostname from env to avoid importing other modules
this_hostname = os.environ['COMPUTERNAME']
else:
this_hostname = os.uname()[1] # get local non-windows hostname

if config.tc_appserver_address:
if config.tc_appserver_address != '':
this_hostname = config.tc_appserver_address # in case Db2-server cannot resolve remote-client hostname



sql_drop_role = "DROP ROLE role_01"
sql_create_role = "CREATE ROLE role_01"

Expand All @@ -31,7 +42,7 @@ def run_test_trusted_context_pconnect(self):
sql_create_trusted_context = "CREATE TRUSTED CONTEXT ctx BASED UPON CONNECTION USING SYSTEM AUTHID "
sql_create_trusted_context += config.auth_user
sql_create_trusted_context += " ATTRIBUTES (ADDRESS '"
sql_create_trusted_context += config.hostname
sql_create_trusted_context += this_hostname
sql_create_trusted_context += "') DEFAULT ROLE role_01 ENABLE WITH USE FOR "
sql_create_trusted_context += config.tc_user

Expand Down Expand Up @@ -154,7 +165,7 @@ def run_test_trusted_context_pconnect(self):
#__LUW_EXPECTED__
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
Expand All @@ -169,7 +180,7 @@ def run_test_trusted_context_pconnect(self):
#__ZOS_EXPECTED__
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
Expand All @@ -184,7 +195,7 @@ def run_test_trusted_context_pconnect(self):
#__SYSTEMI_EXPECTED__
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
Expand All @@ -199,7 +210,7 @@ def run_test_trusted_context_pconnect(self):
#__IDS_EXPECTED__
#Trusted connection succeeded.
#User has been switched.
#[%s][%s][%s] SQL0551N "%s" does not have the %s privilege to perform operation "UPDATE" on object "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#[%s][%s][%s] SQL0551N The statement failed because the authorization ID does not have the required authorization or privilege to perform the operation. Authorization ID: "%s". Operation: "UPDATE". Object: "%s.TRUSTED_TABLE". SQLSTATE=42501 SQLCODE=-551
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
#Explicit Trusted Connection succeeded.
Expand Down

0 comments on commit cf653e0

Please sign in to comment.