def read_from_topic(cn: str, task: str, topic: str, messages: int, krb5: object) -> str: return auth.read_from_topic( cn, task, topic, messages, auth.get_kerberos_client_properties(ssl_enabled=False), auth.setup_krb5_env(cn, task, krb5))
def read_from_topic(cn: str, task: str, topic: str, messages: int) -> str: return auth.read_from_topic(cn, task, topic, messages, auth.get_ssl_client_properties(cn, False), environment=None)
def read_from_topic(self, user: str, topic_name: str, brokers: str, krb5: sdk_auth.KerberosEnvironment) -> list: properties, environment = self._get_cli_settings(user, krb5) read_messages = auth.read_from_topic(user, self.id, topic_name, len(self.MESSAGES), properties, environment, brokers) read_success = map(lambda m: m in read_messages, self.MESSAGES) return read_success, read_messages
def read_from_topic(cn: str, task: str, topic: str, messages: int, krb5: object) -> str: return auth.read_from_topic(cn, task, topic, messages, get_client_properties(cn), environment=auth.setup_krb5_env( cn, task, krb5))
def read_from_topic( self, user: str, topic_name: str, brokers: str) -> typing.Tuple[typing.Iterator[bool], str]: properties, environment = self._get_cli_settings(user) read_messages = auth.read_from_topic(user, self.id, topic_name, len(self.MESSAGES), properties, environment, brokers) read_success = map(lambda m: m in read_messages, self.MESSAGES) return read_success, read_messages
def read_from_topic(cn: str, task: str, topic: str, messages: int) -> str: client_properties = write_client_properties(cn, task) timeout_ms = 60000 cmd = "bash -c \"kafka-console-consumer \ --topic {} \ --consumer.config {} \ --bootstrap-server \$KAFKA_BROKER_LIST \ --from-beginning --max-messages {} \ --timeout-ms {} \ \"".format(topic, client_properties, messages, timeout_ms) return auth.read_from_topic(cn, task, topic, messages, cmd)
def test_client_can_read_and_write(kafka_client, kafka_server): client_id = kafka_client["id"] auth.wait_for_brokers(kafka_client["id"], kafka_client["brokers"]) topic_name = "authn.test" sdk_cmd.svc_cli(kafka_server["package_name"], kafka_server["service"]["name"], "topic create {}".format(topic_name), json=True) test_utils.wait_for_topic(kafka_server["package_name"], kafka_server["service"]["name"], topic_name) message = str(uuid.uuid4()) assert auth.write_to_topic("client", client_id, topic_name, message) assert message in auth.read_from_topic("client", client_id, topic_name, 1)
def read_from_topic(cn: str, task: str, topic: str, messages: int, brokers: str, tls: bool) -> str: properties, environment = get_settings(cn, task, tls) return auth.read_from_topic(cn, task, topic, messages, properties, environment, brokers)
def read_from_topic(cn: str, marathon_task: str, topic: str, messages: int, krb5: object) -> str: return auth.read_from_topic(cn, marathon_task, topic, messages, get_client_properties(cn), environment=auth.setup_krb5_env(cn, marathon_task, krb5))
def read_from_topic(cn: str, task: str, topic: str, messages: int, krb5: object) -> str: return auth.read_from_topic(cn, task, topic, messages, auth.get_kerberos_client_properties(ssl_enabled=False), auth.setup_krb5_env(cn, task, krb5))
def test_authz_acls_required(kafka_client, kafka_server): client_id = kafka_client["id"] auth.wait_for_brokers(kafka_client["id"], kafka_client["brokers"]) topic_name = "authz.test" sdk_cmd.svc_cli(kafka_server["package_name"], kafka_server["service"]["name"], "topic create {}".format(topic_name), json=True) test_utils.wait_for_topic(kafka_server["package_name"], kafka_server["service"]["name"], topic_name) message = str(uuid.uuid4()) log.info("Writing and reading: Writing to the topic, but not super user") assert not auth.write_to_topic("authorized", client_id, topic_name, message) log.info("Writing and reading: Writing to the topic, as super user") assert auth.write_to_topic("super", client_id, topic_name, message) log.info("Writing and reading: Reading from the topic, but not super user") assert auth.is_not_authorized( auth.read_from_topic("authorized", client_id, topic_name, 1)) log.info("Writing and reading: Reading from the topic, as super user") assert message in auth.read_from_topic("super", client_id, topic_name, 1) zookeeper_endpoint = sdk_cmd.svc_cli(kafka_server["package_name"], kafka_server["service"]["name"], "endpoint zookeeper").strip() # TODO: If zookeeper has Kerberos enabled, then the environment should be changed topics.add_acls("authorized", client_id, topic_name, zookeeper_endpoint, env_str=None) # Send a second message which should not be authorized second_message = str(uuid.uuid4()) log.info("Writing and reading: Writing to the topic, but not super user") assert auth.write_to_topic("authorized", client_id, topic_name, second_message) log.info("Writing and reading: Writing to the topic, as super user") assert auth.write_to_topic("super", client_id, topic_name, second_message) log.info("Writing and reading: Reading from the topic, but not super user") topic_output = auth.read_from_topic("authorized", client_id, topic_name, 3) assert message in topic_output assert second_message in topic_output log.info("Writing and reading: Reading from the topic, as super user") topic_output = auth.read_from_topic("super", client_id, topic_name, 3) assert message in topic_output assert second_message in topic_output # Check that the unauthorized client can still not read or write from the topic. log.info("Writing and reading: Writing to the topic, but not super user") assert not auth.write_to_topic("unauthorized", client_id, topic_name, second_message) log.info("Writing and reading: Reading from the topic, but not super user") assert auth.is_not_authorized( auth.read_from_topic("unauthorized", client_id, topic_name, 1))