Skip to content

Parametrize tests with pools encryption #30242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rosik wants to merge 3 commits into
base: main
Choose a base branch
from
+42 −12
Open

Parametrize tests with pools encryption #30242

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c6a1f20
Parametrize tests with pools encryption
rosik Nov 27, 2025
4e4f536
Address copilot review comments
rosik Dec 8, 2025
a4d1d6c
Remove fixture became unused
rosik Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ydb/tests/functional/tenants/test_auth_system_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ def ydb_cluster_configuration():


@pytest.fixture(scope='module')
def ydb_configurator(ydb_cluster_configuration):
config_generator = KikimrConfigGenerator(**ydb_cluster_configuration)
def ydb_configurator(ydb_cluster_configuration_with_encryption_parametrized):
config_generator = KikimrConfigGenerator(**ydb_cluster_configuration_with_encryption_parametrized)
config_generator.yaml_config['auth_config'] = {
'domain_login_only': False,
}
Expand Down
18 changes: 18 additions & 0 deletions ydb/tests/library/fixtures/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,3 +167,21 @@ def stop_pool():
# with Driver(DriverConfig(ydb_endpoint, database_path)) as driver:
# with SessionPool(driver) as pool:
# yield database_path, pool


@pytest.fixture(scope='module', params=[True, False], ids=["encryption_enabled", "encryption_disabled"])
def encryption_enabled(request):
"""
Parametrized fixture that runs tests with both encryption enabled and disabled.
"""
return request.param


@pytest.fixture(scope='module')
def ydb_cluster_configuration_with_encryption_parametrized(ydb_cluster_configuration, encryption_enabled):
"""
Extended cluster configuration that includes encryption settings based on the parametrized fixture.
"""
config = ydb_cluster_configuration.copy()
config['enable_pool_encryption'] = encryption_enabled
return config
10 changes: 9 additions & 1 deletion ydb/tests/library/harness/kikimr_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,8 @@ def __init__(
cms_config=None,
explicit_statestorage_config=None,
system_tablets=None,
protected_mode=False,
protected_mode=False, # Authentication
enable_pool_encryption=False,
tiny_mode=False,
module=None,
):
Expand Down Expand Up @@ -222,6 +223,7 @@ def __init__(
erasure = Erasure.NONE if erasure is None else erasure
self.system_tablets = system_tablets
self.protected_mode = protected_mode
self.enable_pool_encryption = enable_pool_encryption
self.module = module
self.__grpc_ssl_enable = grpc_ssl_enable or protected_mode
self.__grpc_tls_data_path = None
Expand Down Expand Up @@ -684,6 +686,7 @@ def grpc_tls_ca(self):
@property
def domains_txt(self):
app_config = config_pb2.TAppConfig()
assert not self.enable_pool_encryption, "pool encryption isn't addressed in domains.txt"
Parse(read_binary(__name__, "resources/default_domains.txt"), app_config.DomainsConfig)
return app_config.DomainsConfig

Expand Down Expand Up @@ -947,3 +950,8 @@ def __build(self):
self._add_state_storage_config()
if not self.use_self_management and not self.explicit_hosts_and_host_configs:
self._initialize_pdisks_info()

if self.enable_pool_encryption:
for domain in self.yaml_config['domains_config']['domain']:
for pool_type in domain['storage_pool_types']:
pool_type['pool_config']['encryption_mode'] = 1
12 changes: 12 additions & 0 deletions ydb/tests/library/harness/kikimr_runner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -641,6 +641,18 @@ def __register_slot(self, tenant_affiliation=None, encryption_key=None, seed_nod
self.nodes[1].grpc_ssl_port if self.__configurator.grpc_ssl_enable
else self.nodes[1].grpc_port
)

if encryption_key is None and self.__configurator.enable_pool_encryption:
workdir = os.path.join(self.__configurator.working_dir, self.__cluster_name)
slug = tenant_affiliation.replace('/', '_')
secret_path = os.path.join(workdir, slug + "_secret.txt")
with open(secret_path, "w") as writer:
writer.write("fake_secret_data_for_%s" % slug)
keyfile_path = os.path.join(workdir, slug + "_key.txt")
with open(keyfile_path, "w") as writer:
writer.write('Keys { ContainerPath: "%s" Pin: "" Id: "%s" Version: 1 } ' % (secret_path, slug))
encryption_key = keyfile_path

self._slots[slot_index] = KiKiMRNode(
node_id=slot_index,
config_path=self.config_path,
Expand Down
Loading