def test_idempotent_write_passes_2(self):
username, password, algorithm = self.redpanda.SUPERUSER_CREDENTIALS
rpk = RpkTool(self.redpanda)
rpk.sasl_create_user("bob", "bob", algorithm)
rpk.sasl_allow_principal("User:bob", ["write", "read", "describe"],
"topic", "*", username, password, algorithm)
self.retry(lambda: self.write_by_bob(algorithm), 5,
TOPIC_AUTHORIZATION_FAILED)
def test_idempotent_write_fails(self):
username, password, algorithm = self.redpanda.SUPERUSER_CREDENTIALS
rpk = RpkTool(self.redpanda)
rpk.sasl_create_user("bob", "bob", algorithm)
try:
self.write_by_bob(algorithm)
assert False, "bob should not have access to topic1"
except AssertionError as e:
raise e
except KafkaException as e:
assert e.args[0].code(
) == TOPIC_AUTHORIZATION_FAILED, "TOPIC_AUTHORIZATION_FAILED error is expected"
def test_tx_init_passes_2(self):
username, password, algorithm = self.redpanda.SUPERUSER_CREDENTIALS
rpk = RpkTool(self.redpanda)
rpk.sasl_create_user("bob", "bob", algorithm)
rpk.sasl_allow_principal("User:bob", ["write", "read", "describe"],
"topic", "topic1", username, password,
algorithm)
rpk.sasl_allow_principal("User:bob", ["write", "describe"],
"transactional-id", "*", username, password,
algorithm)
self.retry(lambda: self.init_by_bob("tx-id-2", algorithm), 5,
TRANSACTIONAL_ID_AUTHORIZATION_FAILED)
def test_tx_init_fails(self):
username, password, algorithm = self.redpanda.SUPERUSER_CREDENTIALS
rpk = RpkTool(self.redpanda)
rpk.sasl_create_user("bob", "bob", algorithm)
rpk.sasl_allow_principal("User:bob", ["write", "read", "describe"],
"topic", "topic1", username, password,
algorithm)
try:
self.init_by_bob("tx-id-1", algorithm)
assert False, "bob should not have access to txns"
except AssertionError as e:
raise e
except KafkaException as e:
assert e.args[0].code(
) == TRANSACTIONAL_ID_AUTHORIZATION_FAILED, "TRANSACTIONAL_ID_AUTHORIZATION_FAILED is expected"
