def read_from_topic(cn: str, task: str, topic: str, messages: int,
krb5: object) -> str:
return auth.read_from_topic(
cn, task, topic, messages,
auth.get_kerberos_client_properties(ssl_enabled=False),
auth.setup_krb5_env(cn, task, krb5))
def read_from_topic(cn: str, task: str, topic: str, messages: int) -> str:
return auth.read_from_topic(cn,
task,
topic,
messages,
auth.get_ssl_client_properties(cn, False),
environment=None)
def read_from_topic(self, user: str, topic_name: str, brokers: str,
krb5: sdk_auth.KerberosEnvironment) -> list:
properties, environment = self._get_cli_settings(user, krb5)
read_messages = auth.read_from_topic(user, self.id, topic_name, len(self.MESSAGES),
properties, environment, brokers)
read_success = map(lambda m: m in read_messages, self.MESSAGES)
return read_success, read_messages
def read_from_topic(cn: str, task: str, topic: str, messages: int,
krb5: object) -> str:
return auth.read_from_topic(cn,
task,
topic,
messages,
get_client_properties(cn),
environment=auth.setup_krb5_env(
cn, task, krb5))
def read_from_topic(
self, user: str, topic_name: str,
brokers: str) -> typing.Tuple[typing.Iterator[bool], str]:
properties, environment = self._get_cli_settings(user)
read_messages = auth.read_from_topic(user, self.id, topic_name,
len(self.MESSAGES), properties,
environment, brokers)
read_success = map(lambda m: m in read_messages, self.MESSAGES)
return read_success, read_messages
def read_from_topic(cn: str, task: str, topic: str, messages: int) -> str:
client_properties = write_client_properties(cn, task)
timeout_ms = 60000
cmd = "bash -c \"kafka-console-consumer \
--topic {} \
--consumer.config {} \
--bootstrap-server \$KAFKA_BROKER_LIST \
--from-beginning --max-messages {} \
--timeout-ms {} \
\"".format(topic, client_properties, messages, timeout_ms)
return auth.read_from_topic(cn, task, topic, messages, cmd)
def test_client_can_read_and_write(kafka_client, kafka_server):
client_id = kafka_client["id"]
auth.wait_for_brokers(kafka_client["id"], kafka_client["brokers"])
topic_name = "authn.test"
sdk_cmd.svc_cli(kafka_server["package_name"],
kafka_server["service"]["name"],
"topic create {}".format(topic_name),
json=True)
test_utils.wait_for_topic(kafka_server["package_name"],
kafka_server["service"]["name"], topic_name)
message = str(uuid.uuid4())
assert auth.write_to_topic("client", client_id, topic_name, message)
assert message in auth.read_from_topic("client", client_id, topic_name, 1)
def read_from_topic(cn: str, task: str, topic: str, messages: int,
brokers: str, tls: bool) -> str:
properties, environment = get_settings(cn, task, tls)
return auth.read_from_topic(cn, task, topic, messages, properties,
environment, brokers)
def read_from_topic(cn: str, marathon_task: str, topic: str, messages: int, krb5: object) -> str:
return auth.read_from_topic(cn, marathon_task, topic, messages,
get_client_properties(cn),
environment=auth.setup_krb5_env(cn, marathon_task, krb5))
def read_from_topic(cn: str, task: str, topic: str, messages: int) -> str:
return auth.read_from_topic(cn, task, topic, messages,
auth.get_ssl_client_properties(cn, False),
environment=None)
def read_from_topic(cn: str, task: str, topic: str, messages: int, krb5: object) -> str:
return auth.read_from_topic(cn, task, topic, messages,
auth.get_kerberos_client_properties(ssl_enabled=False),
auth.setup_krb5_env(cn, task, krb5))
def read_from_topic(cn: str, task: str, topic: str, messages: int, brokers: str, tls: bool) -> str:
properties, environment = get_settings(cn, task, tls)
return auth.read_from_topic(cn, task, topic, messages, properties, environment, brokers)
def test_authz_acls_required(kafka_client, kafka_server):
client_id = kafka_client["id"]
auth.wait_for_brokers(kafka_client["id"], kafka_client["brokers"])
topic_name = "authz.test"
sdk_cmd.svc_cli(kafka_server["package_name"],
kafka_server["service"]["name"],
"topic create {}".format(topic_name),
json=True)
test_utils.wait_for_topic(kafka_server["package_name"],
kafka_server["service"]["name"], topic_name)
message = str(uuid.uuid4())
log.info("Writing and reading: Writing to the topic, but not super user")
assert not auth.write_to_topic("authorized", client_id, topic_name,
message)
log.info("Writing and reading: Writing to the topic, as super user")
assert auth.write_to_topic("super", client_id, topic_name, message)
log.info("Writing and reading: Reading from the topic, but not super user")
assert auth.is_not_authorized(
auth.read_from_topic("authorized", client_id, topic_name, 1))
log.info("Writing and reading: Reading from the topic, as super user")
assert message in auth.read_from_topic("super", client_id, topic_name, 1)
zookeeper_endpoint = sdk_cmd.svc_cli(kafka_server["package_name"],
kafka_server["service"]["name"],
"endpoint zookeeper").strip()
# TODO: If zookeeper has Kerberos enabled, then the environment should be changed
topics.add_acls("authorized",
client_id,
topic_name,
zookeeper_endpoint,
env_str=None)
# Send a second message which should not be authorized
second_message = str(uuid.uuid4())
log.info("Writing and reading: Writing to the topic, but not super user")
assert auth.write_to_topic("authorized", client_id, topic_name,
second_message)
log.info("Writing and reading: Writing to the topic, as super user")
assert auth.write_to_topic("super", client_id, topic_name, second_message)
log.info("Writing and reading: Reading from the topic, but not super user")
topic_output = auth.read_from_topic("authorized", client_id, topic_name, 3)
assert message in topic_output
assert second_message in topic_output
log.info("Writing and reading: Reading from the topic, as super user")
topic_output = auth.read_from_topic("super", client_id, topic_name, 3)
assert message in topic_output
assert second_message in topic_output
# Check that the unauthorized client can still not read or write from the topic.
log.info("Writing and reading: Writing to the topic, but not super user")
assert not auth.write_to_topic("unauthorized", client_id, topic_name,
second_message)
log.info("Writing and reading: Reading from the topic, but not super user")
assert auth.is_not_authorized(
auth.read_from_topic("unauthorized", client_id, topic_name, 1))
