def test_forward_kerberos_off_tls_on_plaintext_off(kafka_client: client.KafkaClient): update_options = {"service": {"security": {"kerberos": {"enabled": False}}}} update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options) with pytest.raises(AssertionError): kafka_client._is_tls = False kafka_client.connect(config.DEFAULT_BROKER_COUNT) kafka_client._is_tls = True assert kafka_client.connect(config.DEFAULT_BROKER_COUNT) kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
def test_reverse_kerberos_on_tls_on_plaintext_on(kerberized_kafka_client: client.KafkaClient): update_options = { "service": { "security": {"transport_encryption": {"enabled": True, "allow_plaintext": True}} } } update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options) kerberized_kafka_client._is_tls = False assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT) kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME) kerberized_kafka_client._is_tls = True assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT) kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
def test_reverse_kerberos_on_tls_on_plaintext_off( kerberized_kafka_client: client.KafkaClient, kerberos: sdk_auth.KerberosEnvironment ): update_options = { "service": { "security": { "kerberos": { "enabled": True, "kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())}, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } } } } update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options) with pytest.raises(AssertionError): kerberized_kafka_client._is_tls = False kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT) kerberized_kafka_client._is_tls = True assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT) kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)