def __init__(self, context, security_protocol=None, interbroker_security_protocol=None, client_sasl_mechanism=SASL_MECHANISM_GSSAPI, interbroker_sasl_mechanism=SASL_MECHANISM_GSSAPI, zk_sasl=False, zk_tls=False, template_props="", static_jaas_conf=True, jaas_override_variables=None, listener_security_config=ListenerSecurityConfig(), tls_version=None): """ Initialize the security properties for the node and copy keystore and truststore to the remote node if the transport protocol is SSL. If security_protocol is None, the protocol specified in the template properties file is used. If no protocol is specified in the template properties either, PLAINTEXT is used as default. """ self.context = context if not SecurityConfig.ssl_stores: # This generates keystore/trustore files in a local scratch directory which gets # automatically destroyed after the test is run # Creating within the scratch directory allows us to run tests in parallel without fear of collision SecurityConfig.ssl_stores = SslStores(context.local_scratch_dir, context.logger) SecurityConfig.ssl_stores.generate_ca() SecurityConfig.ssl_stores.generate_truststore() if security_protocol is None: security_protocol = self.get_property('security.protocol', template_props) if security_protocol is None: security_protocol = SecurityConfig.PLAINTEXT elif security_protocol not in [SecurityConfig.PLAINTEXT, SecurityConfig.SSL, SecurityConfig.SASL_PLAINTEXT, SecurityConfig.SASL_SSL]: raise Exception("Invalid security.protocol in template properties: " + security_protocol) if interbroker_security_protocol is None: interbroker_security_protocol = security_protocol self.interbroker_security_protocol = interbroker_security_protocol self.has_sasl = self.is_sasl(security_protocol) or self.is_sasl(interbroker_security_protocol) or zk_sasl self.has_ssl = self.is_ssl(security_protocol) or self.is_ssl(interbroker_security_protocol) or zk_tls self.zk_sasl = zk_sasl self.zk_tls = zk_tls self.static_jaas_conf = static_jaas_conf self.listener_security_config = listener_security_config self.properties = { 'security.protocol' : security_protocol, 'ssl.keystore.location' : SecurityConfig.KEYSTORE_PATH, 'ssl.keystore.password' : SecurityConfig.ssl_stores.keystore_passwd, 'ssl.key.password' : SecurityConfig.ssl_stores.key_passwd, 'ssl.truststore.location' : SecurityConfig.TRUSTSTORE_PATH, 'ssl.truststore.password' : SecurityConfig.ssl_stores.truststore_passwd, 'ssl.endpoint.identification.algorithm' : 'HTTPS', 'sasl.mechanism' : client_sasl_mechanism, 'sasl.mechanism.inter.broker.protocol' : interbroker_sasl_mechanism, 'sasl.kerberos.service.name' : 'kafka' } if tls_version is not None: self.properties.update({'tls.version' : tls_version}) self.properties.update(self.listener_security_config.client_listener_overrides) self.jaas_override_variables = jaas_override_variables or {}
def __init__( self, context, num_nodes, zk, security_protocol=SecurityConfig.PLAINTEXT, interbroker_security_protocol=SecurityConfig.PLAINTEXT, client_sasl_mechanism=SecurityConfig.SASL_MECHANISM_GSSAPI, interbroker_sasl_mechanism=SecurityConfig.SASL_MECHANISM_GSSAPI, authorizer_class_name=None, topics=None, version=DEV_BRANCH, jmx_object_names=None, jmx_attributes=None, zk_connect_timeout=5000, zk_session_timeout=6000, server_prop_overides=None, zk_chroot=None, listener_security_config=ListenerSecurityConfig(), per_node_server_prop_overrides={}): """ :param context: test context :param ZookeeperService zk: :param dict topics: which topics to create automatically :param str security_protocol: security protocol for clients to use :param str interbroker_security_protocol: security protocol to use for broker-to-broker communication :param str client_sasl_mechanism: sasl mechanism for clients to use :param str interbroker_sasl_mechanism: sasl mechanism to use for broker-to-broker communication :param str authorizer_class_name: which authorizer class to use :param str version: which kafka version to use. Defaults to "dev" branch :param jmx_object_names: :param jmx_attributes: :param int zk_connect_timeout: :param int zk_session_timeout: :param dict server_prop_overides: overrides for kafka.properties file :param zk_chroot: :param ListenerSecurityConfig listener_security_config: listener config to use """ Service.__init__(self, context, num_nodes) JmxMixin.__init__(self, num_nodes=num_nodes, jmx_object_names=jmx_object_names, jmx_attributes=(jmx_attributes or []), root=KafkaService.PERSISTENT_ROOT) self.zk = zk self.security_protocol = security_protocol self.client_sasl_mechanism = client_sasl_mechanism self.topics = topics self.minikdc = None self.authorizer_class_name = authorizer_class_name self.zk_set_acl = False if server_prop_overides is None: self.server_prop_overides = [] else: self.server_prop_overides = server_prop_overides if per_node_server_prop_overrides is None: self.per_node_server_prop_overrides = {} else: self.per_node_server_prop_overrides = per_node_server_prop_overrides self.log_level = "DEBUG" self.zk_chroot = zk_chroot self.listener_security_config = listener_security_config # # In a heavily loaded and not very fast machine, it is # sometimes necessary to give more time for the zk client # to have its session established, especially if the client # is authenticating and waiting for the SaslAuthenticated # in addition to the SyncConnected event. # # The default value for zookeeper.connect.timeout.ms is # 2 seconds and here we increase it to 5 seconds, but # it can be overridden by setting the corresponding parameter # for this constructor. self.zk_connect_timeout = zk_connect_timeout # Also allow the session timeout to be provided explicitly, # primarily so that test cases can depend on it when waiting # e.g. brokers to deregister after a hard kill. self.zk_session_timeout = zk_session_timeout self.port_mappings = { 'PLAINTEXT': KafkaListener('PLAINTEXT', 9092, 'PLAINTEXT', False), 'SSL': KafkaListener('SSL', 9093, 'SSL', False), 'SASL_PLAINTEXT': KafkaListener('SASL_PLAINTEXT', 9094, 'SASL_PLAINTEXT', False), 'SASL_SSL': KafkaListener('SASL_SSL', 9095, 'SASL_SSL', False), KafkaService.INTERBROKER_LISTENER_NAME: KafkaListener(KafkaService.INTERBROKER_LISTENER_NAME, 9099, None, False) } self.interbroker_listener = None self.setup_interbroker_listener( interbroker_security_protocol, self.listener_security_config.use_separate_interbroker_listener) self.interbroker_sasl_mechanism = interbroker_sasl_mechanism for node in self.nodes: node.version = version node.config = KafkaConfig( **{config_property.BROKER_ID: self.idx(node)})