def test_forward_kerberos_off_tls_on_plaintext_off(kafka_client: client.KafkaClient):
update_options = {"service": {"security": {"kerberos": {"enabled": False}}}}
update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options)
with pytest.raises(AssertionError):
kafka_client._is_tls = False
kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kafka_client._is_tls = True
assert kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
def test_reverse_kerberos_on_tls_on_plaintext_on(kerberized_kafka_client: client.KafkaClient):
update_options = {
"service": {
"security": {"transport_encryption": {"enabled": True, "allow_plaintext": True}}
}
}
update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options)
kerberized_kafka_client._is_tls = False
assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
kerberized_kafka_client._is_tls = True
assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
def test_reverse_kerberos_on_tls_on_plaintext_off(
kerberized_kafka_client: client.KafkaClient, kerberos: sdk_auth.KerberosEnvironment
):
update_options = {
"service": {
"security": {
"kerberos": {
"enabled": True,
"kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
}
}
}
update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options)
with pytest.raises(AssertionError):
kerberized_kafka_client._is_tls = False
kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kerberized_kafka_client._is_tls = True
assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)