Search in sources :

Example 16 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testTokenAuthenticationOverSaslScram.

@Test
public void testTokenAuthenticationOverSaslScram() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    // create jaas config for token auth
    Map<String, Object> options = new HashMap<>();
    String tokenId = "token1";
    String tokenHmac = "abcdefghijkl";
    // tokenId
    options.put("username", tokenId);
    // token hmac
    options.put("password", tokenHmac);
    // enable token authentication
    options.put(ScramLoginModule.TOKEN_AUTH_CONFIG, "true");
    jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
    server = createEchoServer(securityProtocol);
    // Check invalid tokenId/tokenInfo in tokenCache
    createAndCheckClientConnectionFailure(securityProtocol, "0");
    // Check valid token Info and invalid credentials
    KafkaPrincipal owner = SecurityUtils.parseKafkaPrincipal("User:Owner");
    KafkaPrincipal renewer = SecurityUtils.parseKafkaPrincipal("User:Renewer1");
    TokenInformation tokenInfo = new TokenInformation(tokenId, owner, Collections.singleton(renewer), System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
    server.tokenCache().addToken(tokenId, tokenInfo);
    createAndCheckClientConnectionFailure(securityProtocol, "0");
    // Check with valid token Info and credentials
    updateTokenCredentialCache(tokenId, tokenHmac);
    createAndCheckClientConnection(securityProtocol, "0");
}
Also used : HashMap(java.util.HashMap) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) Test(org.junit.Test)

Example 17 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testValidSaslPlainOverPlaintext.

/**
 * Tests good path SASL/PLAIN client and server channels using PLAINTEXT transport layer.
 */
@Test
public void testValidSaslPlainOverPlaintext() throws Exception {
    String node = "0";
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    server = createEchoServer(securityProtocol);
    createAndCheckClientConnection(securityProtocol, node);
    server.verifyAuthenticationMetrics(1, 0);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 18 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testInvalidUsernameSaslPlain.

/**
 * Tests that SASL/PLAIN clients with invalid username fail authentication.
 */
@Test
public void testInvalidUsernameSaslPlain() throws Exception {
    String node = "0";
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    jaasConfig.setClientOptions("PLAIN", "invaliduser", TestJaasConfig.PASSWORD);
    server = createEchoServer(securityProtocol);
    createAndCheckClientAuthenticationFailure(securityProtocol, node, "PLAIN", "Authentication failed: Invalid username or password");
    server.verifyAuthenticationMetrics(0, 1);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 19 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class ClientUtils method createChannelBuilder.

/**
 * @param config client configs
 * @return configured ChannelBuilder based on the configs.
 */
public static ChannelBuilder createChannelBuilder(AbstractConfig config) {
    SecurityProtocol securityProtocol = SecurityProtocol.forName(config.getString(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG));
    String clientSaslMechanism = config.getString(SaslConfigs.SASL_MECHANISM);
    return ChannelBuilders.clientChannelBuilder(securityProtocol, JaasContext.Type.CLIENT, config, null, clientSaslMechanism, true);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)

Example 20 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class RequestResponseTest method createUpdateMetadataRequest.

private UpdateMetadataRequest createUpdateMetadataRequest(int version, String rack) {
    Map<TopicPartition, UpdateMetadataRequest.PartitionState> partitionStates = new HashMap<>();
    List<Integer> isr = asList(1, 2);
    List<Integer> replicas = asList(1, 2, 3, 4);
    List<Integer> offlineReplicas = asList();
    partitionStates.put(new TopicPartition("topic5", 105), new UpdateMetadataRequest.PartitionState(0, 2, 1, isr, 2, replicas, offlineReplicas));
    partitionStates.put(new TopicPartition("topic5", 1), new UpdateMetadataRequest.PartitionState(1, 1, 1, isr, 2, replicas, offlineReplicas));
    partitionStates.put(new TopicPartition("topic20", 1), new UpdateMetadataRequest.PartitionState(1, 0, 1, isr, 2, replicas, offlineReplicas));
    SecurityProtocol plaintext = SecurityProtocol.PLAINTEXT;
    List<UpdateMetadataRequest.EndPoint> endPoints1 = new ArrayList<>();
    endPoints1.add(new UpdateMetadataRequest.EndPoint("host1", 1223, plaintext, ListenerName.forSecurityProtocol(plaintext)));
    List<UpdateMetadataRequest.EndPoint> endPoints2 = new ArrayList<>();
    endPoints2.add(new UpdateMetadataRequest.EndPoint("host1", 1244, plaintext, ListenerName.forSecurityProtocol(plaintext)));
    if (version > 0) {
        SecurityProtocol ssl = SecurityProtocol.SSL;
        endPoints2.add(new UpdateMetadataRequest.EndPoint("host2", 1234, ssl, ListenerName.forSecurityProtocol(ssl)));
        endPoints2.add(new UpdateMetadataRequest.EndPoint("host2", 1334, ssl, new ListenerName("CLIENT")));
    }
    Set<UpdateMetadataRequest.Broker> liveBrokers = Utils.mkSet(new UpdateMetadataRequest.Broker(0, endPoints1, rack), new UpdateMetadataRequest.Broker(1, endPoints2, rack));
    return new UpdateMetadataRequest.Builder((short) version, 1, 10, partitionStates, liveBrokers).build();
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) ArrayList(java.util.ArrayList) ListenerName(org.apache.kafka.common.network.ListenerName) TopicPartition(org.apache.kafka.common.TopicPartition)

Aggregations

SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)33 Test (org.junit.Test)29 HashMap (java.util.HashMap)8 InetSocketAddress (java.net.InetSocketAddress)5 RequestHeader (org.apache.kafka.common.requests.RequestHeader)4 ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)4 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)3 IOException (java.io.IOException)2 ByteBuffer (java.nio.ByteBuffer)2 KafkaException (org.apache.kafka.common.KafkaException)2 ListenerName (org.apache.kafka.common.network.ListenerName)2 NetworkSend (org.apache.kafka.common.network.NetworkSend)2 ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)2 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)2 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)2 SelectionKey (java.nio.channels.SelectionKey)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 Random (java.util.Random)1 TopicPartition (org.apache.kafka.common.TopicPartition)1