def kafka_client(kerberos): """ A pytest fixture to install a Kafka client as a Marathon application. This client is capable of both Kerberos and TLS communication. On teardown, the client is uninstalled. """ try: client_id = "kafka-client" client = { "id": client_id, "mem": 512, "container": { "type": "MESOS", "docker": { "image": "elezar/kafka-client:latest", "forcePullImage": True }, "volumes": [ { "containerPath": "/tmp/kafkaconfig/kafka-client.keytab", "secret": "kafka_keytab" } ] }, "secrets": { "kafka_keytab": { "source": kerberos.get_keytab_path(), } }, "networks": [ { "mode": "host" } ], "env": { "JVM_MaxHeapSize": "512", "KAFKA_CLIENT_MODE": "test", "KAFKA_TOPIC": "securetest", "KAFKA_BROKER_LIST": "" } } sdk_marathon.install_app(client) # Create a TLS certificate for the TLS tests transport_encryption.create_tls_artifacts( cn="client", marathon_task=client_id) yield { **client, **{ "tls-id": "client", } } finally: sdk_marathon.destroy_app(client_id)
def kafka_client(): try: kafka_client = client.KafkaClient("kafka-client", config.PACKAGE_NAME, config.SERVICE_NAME) kafka_client.install() transport_encryption.create_tls_artifacts(TLS_USER, "kafka-client") yield kafka_client finally: kafka_client.uninstall()
def kafka_client(kerberos, kafka_server): brokers = sdk_cmd.svc_cli( kafka_server["package_name"], kafka_server["service"]["name"], "endpoint broker-tls", json=True)["dns"] try: client_id = "kafka-client" client = { "id": client_id, "mem": 512, "user": "******", "container": { "type": "MESOS", "docker": { "image": "elezar/kafka-client:latest", "forcePullImage": True }, "volumes": [ { "containerPath": "/tmp/kafkaconfig/kafka-client.keytab", "secret": "kafka_keytab" } ] }, "secrets": { "kafka_keytab": { "source": kerberos.get_keytab_path(), } }, "networks": [ { "mode": "host" } ], "env": { "JVM_MaxHeapSize": "512", "KAFKA_CLIENT_MODE": "test", "KAFKA_TOPIC": "securetest", "KAFKA_BROKER_LIST": ",".join(brokers) } } sdk_marathon.install_app(client) transport_encryption.create_tls_artifacts( cn="client", marathon_task=client_id) broker_hosts = list(map(lambda x: x.split(':')[0], brokers)) yield {**client, **{"brokers": broker_hosts}} finally: sdk_marathon.destroy_app(client_id)
def kafka_client(kerberos, kafka_server): brokers = sdk_cmd.svc_cli( kafka_server["package_name"], kafka_server["service"]["name"], "endpoint broker-tls", json=True)["dns"] try: client_id = "kafka-client" client = { "id": client_id, "mem": 512, "user": "******", "container": { "type": "MESOS", "docker": { "image": "elezar/kafka-client:latest", "forcePullImage": True }, "volumes": [ { "containerPath": "/tmp/kafkaconfig/kafka-client.keytab", "secret": "kafka_keytab" } ] }, "secrets": { "kafka_keytab": { "source": kerberos.get_keytab_path(), } }, "networks": [ { "mode": "host" } ], "env": { "JVM_MaxHeapSize": "512", "KAFKA_CLIENT_MODE": "test", "KAFKA_TOPIC": "securetest", "KAFKA_BROKER_LIST": ",".join(brokers) } } sdk_marathon.install_app(client) transport_encryption.create_tls_artifacts( cn="client", task=client_id) broker_hosts = list(map(lambda x: x.split(':')[0], brokers)) yield {**client, **{"brokers": broker_hosts}} finally: sdk_marathon.destroy_app(client_id)
def kafka_client(kerberos): """ A pytest fixture to install a Kafka client as a Marathon application. This client is capable of both Kerberos and TLS communication. On teardown, the client is uninstalled. """ try: client_id = "kafka-client" client = { "id": client_id, "mem": 512, "container": { "type": "MESOS", "docker": { "image": "elezar/kafka-client:4b9c060", "forcePullImage": True }, "volumes": [{ "containerPath": "/tmp/kafkaconfig/kafka-client.keytab", "secret": "kafka_keytab" }] }, "secrets": { "kafka_keytab": { "source": kerberos.get_keytab_path(), } }, "networks": [{ "mode": "host" }], "env": { "JVM_MaxHeapSize": "512", "KAFKA_CLIENT_MODE": "test", "KAFKA_TOPIC": "securetest", "KAFKA_BROKER_LIST": "" } } sdk_marathon.install_app(client) # Create a TLS certificate for the TLS tests transport_encryption.create_tls_artifacts(cn="client", marathon_task=client_id) yield { **client, **{ "tls-id": "client", } } finally: sdk_marathon.destroy_app(client_id)
def kerberized_kafka_client(kerberos: sdk_auth.KerberosEnvironment): try: kafka_client = client.KafkaClient( "kerberized-client", config.PACKAGE_NAME, config.SERVICE_NAME, kerberos ) kafka_client.install() transport_encryption.create_tls_artifacts(TLS_USER, "kerberized-client") yield kafka_client finally: kafka_client.uninstall()
def kafka_client(): try: kafka_client = client.KafkaClient("kafka-client", config.PACKAGE_NAME, config.SERVICE_NAME) kafka_client.install() # TODO: This flag should be set correctly. kafka_client._is_tls = True transport_encryption.create_tls_artifacts(TLS_USER, "kafka-client") yield kafka_client finally: kafka_client.uninstall()
def kafka_client(kerberos): try: kafka_client = client.KafkaClient("kafka-client") kafka_client.install(kerberos) # TODO: This flag should be set correctly. kafka_client._is_tls = True transport_encryption.create_tls_artifacts( cn="client", marathon_task=kafka_client.get_id()) yield kafka_client finally: kafka_client.uninstall()
def setup_principals(kafka_client: client.KafkaClient): client_id = kafka_client.get_id() transport_encryption.create_tls_artifacts(cn="kafka-tester", marathon_task=client_id) transport_encryption.create_tls_artifacts(cn="authorized", marathon_task=client_id) transport_encryption.create_tls_artifacts(cn="unauthorized", marathon_task=client_id) transport_encryption.create_tls_artifacts(cn="super", marathon_task=client_id)
def setup_principals(kafka_client): client_id = kafka_client["id"] transport_encryption.create_tls_artifacts(cn="kafka-tester", task=client_id) transport_encryption.create_tls_artifacts(cn="authorized", task=client_id) transport_encryption.create_tls_artifacts(cn="unauthorized", task=client_id) transport_encryption.create_tls_artifacts(cn="super", task=client_id)
def setup_principals(kafka_client): client_id = kafka_client["id"] transport_encryption.create_tls_artifacts( cn="kafka-tester", marathon_task=client_id) transport_encryption.create_tls_artifacts( cn="authorized", marathon_task=client_id) transport_encryption.create_tls_artifacts( cn="unauthorized", marathon_task=client_id) transport_encryption.create_tls_artifacts( cn="super", marathon_task=client_id)