kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [kafka] d8tltanc commented on a change in pull request #9485: KAKFA-10619: Idempotent producer will get authorized once it has a WRITE access to at least one topic
Date Thu, 17 Dec 2020 00:09:27 GMT

d8tltanc commented on a change in pull request #9485:
URL: https://github.com/apache/kafka/pull/9485#discussion_r544713670



##########
File path: core/src/test/scala/unit/kafka/security/authorizer/AuthorizerWrapperTest.scala
##########
@@ -0,0 +1,211 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package kafka.security.authorizer
+
+import java.net.InetAddress
+import java.util.UUID
+
+import kafka.security.auth.SimpleAclAuthorizer
+import kafka.server.KafkaConfig
+import kafka.utils.TestUtils
+import kafka.zk.ZooKeeperTestHarness
+import kafka.zookeeper.ZooKeeperClient
+import org.apache.kafka.common.acl.AclOperation._
+import org.apache.kafka.common.acl._
+import org.apache.kafka.common.network.{ClientInformation, ListenerName}
+import org.apache.kafka.common.protocol.ApiKeys
+import org.apache.kafka.common.requests.{RequestContext, RequestHeader}
+import org.apache.kafka.common.resource.PatternType.LITERAL
+import org.apache.kafka.common.resource.ResourceType._
+import org.apache.kafka.common.resource.{ResourcePattern, ResourceType}
+import org.apache.kafka.common.security.auth.{KafkaPrincipal, SecurityProtocol}
+import org.apache.kafka.common.utils.Time
+import org.apache.kafka.server.authorizer._
+import org.junit.Assert._
+import org.junit.{After, Before, Test}
+
+import scala.annotation.nowarn
+import scala.collection.mutable.ArrayBuffer
+import scala.jdk.CollectionConverters._
+
+class AuthorizerWrapperTest extends ZooKeeperTestHarness {
+  @nowarn("cat=deprecation")
+  private val wrappedSimpleAuthorizer = new AuthorizerWrapper(new SimpleAclAuthorizer)
+  @nowarn("cat=deprecation")
+  private val wrappedSimpleAuthorizerAllowEveryone = new AuthorizerWrapper(new SimpleAclAuthorizer)
+  private var resource: ResourcePattern = _
+  private val superUsers = "User:superuser1; User:superuser2"
+  private val username = "alice"
+  private val principal = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, username)
+  private val requestContext = newRequestContext(principal, InetAddress.getByName("192.168.0.1"))
+  private var config: KafkaConfig = _
+  private var zooKeeperClient: ZooKeeperClient = _
+
+  private val aclAdded: ArrayBuffer[(Authorizer, Set[AccessControlEntry], ResourcePattern)]
= ArrayBuffer()
+  private val authorizerTestFactory = new AuthorizerTestFactory(
+    newRequestContext, addAcls, authorizeByResourceType, removeAcls)
+
+  class CustomPrincipal(principalType: String, name: String) extends KafkaPrincipal(principalType,
name) {
+    override def equals(o: scala.Any): Boolean = false
+  }
+
+  @Before
+  @nowarn("cat=deprecation")
+  override def setUp(): Unit = {
+    super.setUp()
+
+    val props = TestUtils.createBrokerConfig(0, zkConnect)
+
+    props.put(AclAuthorizer.SuperUsersProp, superUsers)
+    config = KafkaConfig.fromProps(props)
+    wrappedSimpleAuthorizer.configure(config.originals)
+
+    props.put(SimpleAclAuthorizer.AllowEveryoneIfNoAclIsFoundProp, "true")
+    config = KafkaConfig.fromProps(props)
+    wrappedSimpleAuthorizerAllowEveryone.configure(config.originals)
+
+    resource = new ResourcePattern(TOPIC, "foo-" + UUID.randomUUID(), LITERAL)
+    zooKeeperClient = new ZooKeeperClient(zkConnect, zkSessionTimeout, zkConnectionTimeout,
zkMaxInFlightRequests,
+      Time.SYSTEM, "kafka.test", "AuthorizerWrapperTest")
+  }
+
+  @After
+  override def tearDown(): Unit = {
+    val authorizers = Seq(wrappedSimpleAuthorizer, wrappedSimpleAuthorizerAllowEveryone)
+    authorizers.foreach(a => {
+      a.close()
+    })
+    zooKeeperClient.close()
+    super.tearDown()
+  }
+
+  @Test
+  def testAuthorizeByResourceTypeMultipleAddAndRemove(): Unit = {
+    authorizerTestFactory.testAuthorizeByResourceTypeMultipleAddAndRemove(wrappedSimpleAuthorizer)
+  }

Review comment:
       commit 092fec70a9547ec07cba999e77be1c0cf79fa275
   commit e5e3d18f57ab22df20133f9841905af384d9b641
   
   These two commits are condensing the class methods and members into the BaseAuthorizerTest.

   
   In BaseAuthorizerTest, the only abstract method is an authorizer provider. After overriding
the provider, those test cases in it are sufficient to run.
   
   Now the test code looks much cleaner. If the changes look too much to you, we can revert
092fec70a9547ec07cba999e77be1c0cf79fa275 and move the head to e5e3d18f57ab22df20133f9841905af384d9b641




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message