Search in sources :

Example 1 with ListenerName

use of org.apache.kafka.common.network.ListenerName in project kafka by apache.

the class RequestResponseTest method createUpdateMetadataRequest.

private UpdateMetadataRequest createUpdateMetadataRequest(int version, String rack) {
    Map<TopicPartition, PartitionState> partitionStates = new HashMap<>();
    List<Integer> isr = Arrays.asList(1, 2);
    List<Integer> replicas = Arrays.asList(1, 2, 3, 4);
    partitionStates.put(new TopicPartition("topic5", 105), new PartitionState(0, 2, 1, new ArrayList<>(isr), 2, new HashSet<>(replicas)));
    partitionStates.put(new TopicPartition("topic5", 1), new PartitionState(1, 1, 1, new ArrayList<>(isr), 2, new HashSet<>(replicas)));
    partitionStates.put(new TopicPartition("topic20", 1), new PartitionState(1, 0, 1, new ArrayList<>(isr), 2, new HashSet<>(replicas)));
    SecurityProtocol plaintext = SecurityProtocol.PLAINTEXT;
    List<UpdateMetadataRequest.EndPoint> endPoints1 = new ArrayList<>();
    endPoints1.add(new UpdateMetadataRequest.EndPoint("host1", 1223, plaintext, ListenerName.forSecurityProtocol(plaintext)));
    List<UpdateMetadataRequest.EndPoint> endPoints2 = new ArrayList<>();
    endPoints2.add(new UpdateMetadataRequest.EndPoint("host1", 1244, plaintext, ListenerName.forSecurityProtocol(plaintext)));
    if (version > 0) {
        SecurityProtocol ssl = SecurityProtocol.SSL;
        endPoints2.add(new UpdateMetadataRequest.EndPoint("host2", 1234, ssl, ListenerName.forSecurityProtocol(ssl)));
        endPoints2.add(new UpdateMetadataRequest.EndPoint("host2", 1334, ssl, new ListenerName("CLIENT")));
    }
    Set<UpdateMetadataRequest.Broker> liveBrokers = new HashSet<>(Arrays.asList(new UpdateMetadataRequest.Broker(0, endPoints1, rack), new UpdateMetadataRequest.Broker(1, endPoints2, rack)));
    return new UpdateMetadataRequest.Builder((short) version, 1, 10, partitionStates, liveBrokers).build();
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) SecurityProtocol(org.apache.kafka.common.protocol.SecurityProtocol) ListenerName(org.apache.kafka.common.network.ListenerName) TopicPartition(org.apache.kafka.common.TopicPartition) HashSet(java.util.HashSet)

Example 2 with ListenerName

use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.

the class LoginManagerTest method testServerLoginManager.

@Test
public void testServerLoginManager() throws Exception {
    Map<String, Object> configs = new HashMap<>();
    configs.put("plain.sasl.jaas.config", dynamicPlainContext);
    configs.put("digest-md5.sasl.jaas.config", dynamicDigestContext);
    ListenerName listenerName = new ListenerName("listener1");
    JaasContext plainJaasContext = JaasContext.loadServerContext(listenerName, "PLAIN", configs);
    JaasContext digestJaasContext = JaasContext.loadServerContext(listenerName, "DIGEST-MD5", configs);
    JaasContext scramJaasContext = JaasContext.loadServerContext(listenerName, "SCRAM-SHA-256", configs);
    LoginManager dynamicPlainLogin = LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs);
    assertEquals(dynamicPlainContext, dynamicPlainLogin.cacheKey());
    LoginManager dynamicDigestLogin = LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs);
    assertNotSame(dynamicPlainLogin, dynamicDigestLogin);
    assertEquals(dynamicDigestContext, dynamicDigestLogin.cacheKey());
    LoginManager staticScramLogin = LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs);
    assertNotSame(dynamicPlainLogin, staticScramLogin);
    assertEquals("KafkaServer", staticScramLogin.cacheKey());
    assertSame(dynamicPlainLogin, LoginManager.acquireLoginManager(plainJaasContext, "PLAIN", false, configs));
    assertSame(dynamicDigestLogin, LoginManager.acquireLoginManager(digestJaasContext, "DIGEST-MD5", false, configs));
    assertSame(staticScramLogin, LoginManager.acquireLoginManager(scramJaasContext, "SCRAM-SHA-256", false, configs));
    verifyLoginManagerRelease(dynamicPlainLogin, 2, plainJaasContext, configs);
    verifyLoginManagerRelease(dynamicDigestLogin, 2, digestJaasContext, configs);
    verifyLoginManagerRelease(staticScramLogin, 2, scramJaasContext, configs);
}
Also used : JaasContext(org.apache.kafka.common.security.JaasContext) HashMap(java.util.HashMap) ListenerName(org.apache.kafka.common.network.ListenerName) Test(org.junit.Test)

Example 3 with ListenerName

use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testJaasConfigurationForListener.

@Test
public void testJaasConfigurationForListener() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
    saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
    TestJaasConfig staticJaasConfig = new TestJaasConfig();
    Map<String, Object> globalServerOptions = new HashMap<>();
    globalServerOptions.put("user_global1", "gsecret1");
    globalServerOptions.put("user_global2", "gsecret2");
    staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), globalServerOptions);
    Map<String, Object> clientListenerServerOptions = new HashMap<>();
    clientListenerServerOptions.put("user_client1", "csecret1");
    clientListenerServerOptions.put("user_client2", "csecret2");
    String clientJaasEntryName = "client." + TestJaasConfig.LOGIN_CONTEXT_SERVER;
    staticJaasConfig.createOrUpdateEntry(clientJaasEntryName, PlainLoginModule.class.getName(), clientListenerServerOptions);
    Configuration.setConfiguration(staticJaasConfig);
    // Listener-specific credentials
    server = createEchoServer(new ListenerName("client"), securityProtocol);
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
    createAndCheckClientConnection(securityProtocol, "1");
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
    createAndCheckClientConnectionFailure(securityProtocol, "2");
    server.close();
    // Global credentials as there is no listener-specific JAAS entry
    server = createEchoServer(new ListenerName("other"), securityProtocol);
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
    createAndCheckClientConnection(securityProtocol, "3");
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
    createAndCheckClientConnectionFailure(securityProtocol, "4");
}
Also used : HashMap(java.util.HashMap) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) ListenerName(org.apache.kafka.common.network.ListenerName) Test(org.junit.Test)

Example 4 with ListenerName

use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method createClientConnectionWithoutSaslAuthenticateHeader.

private void createClientConnectionWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, final String saslMechanism, String node) throws Exception {
    final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
    final Map<String, ?> configs = Collections.emptyMap();
    final JaasContext jaasContext = JaasContext.loadClientContext(configs);
    final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
    SaslChannelBuilder clientChannelBuilder = new SaslChannelBuilder(Mode.CLIENT, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, null, null) {

        @Override
        protected SaslClientAuthenticator buildClientAuthenticator(Map<String, ?> configs, String id, String serverHost, String servicePrincipal, TransportLayer transportLayer, Subject subject) throws IOException {
            return new SaslClientAuthenticator(configs, id, subject, servicePrincipal, serverHost, saslMechanism, true, transportLayer) {

                @Override
                protected SaslHandshakeRequest createSaslHandshakeRequest(short version) {
                    return new SaslHandshakeRequest.Builder(saslMechanism).build((short) 0);
                }

                @Override
                protected void saslAuthenticateVersion(short version) {
                // Don't set version so that headers are disabled
                }
            };
        }
    };
    clientChannelBuilder.configure(saslClientConfigs);
    this.selector = NetworkTestUtils.createSelector(clientChannelBuilder);
    InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
    selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) ListenerName(org.apache.kafka.common.network.ListenerName) Subject(javax.security.auth.Subject) TransportLayer(org.apache.kafka.common.network.TransportLayer) JaasContext(org.apache.kafka.common.security.JaasContext) SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder) Map(java.util.Map) HashMap(java.util.HashMap) SaslHandshakeRequest(org.apache.kafka.common.requests.SaslHandshakeRequest)

Example 5 with ListenerName

use of org.apache.kafka.common.network.ListenerName in project apache-kafka-on-k8s by banzaicloud.

the class SaslServerAuthenticatorTest method setupAuthenticator.

private SaslServerAuthenticator setupAuthenticator(Map<String, ?> configs, TransportLayer transportLayer, String mechanism) throws IOException {
    TestJaasConfig jaasConfig = new TestJaasConfig();
    jaasConfig.addEntry("jaasContext", PlainLoginModule.class.getName(), new HashMap<String, Object>());
    Map<String, JaasContext> jaasContexts = Collections.singletonMap(mechanism, new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null));
    Map<String, Subject> subjects = Collections.singletonMap(mechanism, new Subject());
    return new SaslServerAuthenticator(configs, "node", jaasContexts, subjects, null, new CredentialCache(), new ListenerName("ssl"), SecurityProtocol.SASL_SSL, transportLayer, new DelegationTokenCache(ScramMechanism.mechanismNames()));
}
Also used : PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) ListenerName(org.apache.kafka.common.network.ListenerName) Subject(javax.security.auth.Subject) JaasContext(org.apache.kafka.common.security.JaasContext) DelegationTokenCache(org.apache.kafka.common.security.token.delegation.DelegationTokenCache)

Aggregations

ListenerName (org.apache.kafka.common.network.ListenerName)27 HashMap (java.util.HashMap)11 JaasContext (org.apache.kafka.common.security.JaasContext)9 Test (org.junit.jupiter.api.Test)8 Test (org.junit.Test)7 SaslChannelBuilder (org.apache.kafka.common.network.SaslChannelBuilder)5 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)5 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)5 Map (java.util.Map)4 Subject (javax.security.auth.Subject)4 TransportLayer (org.apache.kafka.common.network.TransportLayer)4 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)4 ByteBuffer (java.nio.ByteBuffer)3 ArrayList (java.util.ArrayList)3 ApiVersionsResponseData (org.apache.kafka.common.message.ApiVersionsResponseData)3 ApiVersionCollection (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection)3 NioEchoServer (org.apache.kafka.common.network.NioEchoServer)3 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)3 LogContext (org.apache.kafka.common.utils.LogContext)3 InetSocketAddress (java.net.InetSocketAddress)2