[kafka] branch trunk updated: KAFKA-2951; Add a test to verify produce, consume with ACLs for topic/group wildcard resources (#5054)

Fri, 25 May 2018 23:50:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

jgus pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new d45d7ec  KAFKA-2951; Add a test to verify produce, consume with ACLs 
for topic/group wildcard resources (#5054)
d45d7ec is described below

commit d45d7ec781c7ab6d481d8e7495a08459de29d264
Author: Manikumar Reddy O <manikumar.re...@gmail.com>
AuthorDate: Sat May 26 12:19:31 2018 +0530

    KAFKA-2951; Add a test to verify produce, consume with ACLs for topic/group 
wildcard resources (#5054)
---
 .../kafka/api/EndToEndAuthorizationTest.scala      | 33 ++++++++++++++++++++--
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git 
a/core/src/test/scala/integration/kafka/api/EndToEndAuthorizationTest.scala 
b/core/src/test/scala/integration/kafka/api/EndToEndAuthorizationTest.scala
index 4500d49..a2e5fd9 100644
--- a/core/src/test/scala/integration/kafka/api/EndToEndAuthorizationTest.scala
+++ b/core/src/test/scala/integration/kafka/api/EndToEndAuthorizationTest.scala
@@ -67,7 +67,7 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
   val numRecords = 1
   val group = "group"
   val topic = "e2etopic"
-  val topicWildcard = "*"
+  val wildcard = "*"
   val part = 0
   val tp = new TopicPartition(topic, part)
   val topicAndPartition = TopicAndPartition(topic, part)
@@ -79,6 +79,8 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
   val topicResource = new Resource(Topic, topic)
   val groupResource = new Resource(Group, group)
   val clusterResource = Resource.ClusterResource
+  val wildcardTopicResource = new Resource(Topic, wildcard)
+  val wildcardGroupResource = new Resource(Group, wildcard)
 
   // Arguments to AclCommand to set ACLs. There are three definitions here:
   // 1- Provides read and write access to topic
@@ -93,7 +95,7 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
   def topicBrokerReadAclArgs: Array[String] = Array("--authorizer-properties",
                                                     
s"zookeeper.connect=$zkConnect",
                                                     s"--add",
-                                                    s"--topic=$topicWildcard",
+                                                    s"--topic=$wildcard",
                                                     s"--operation=Read",
                                                     
s"--allow-principal=$kafkaPrincipalType:$kafkaPrincipal")
   def produceAclArgs: Array[String] = Array("--authorizer-properties",
@@ -135,6 +137,15 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
                                           s"--group=$group",
                                           s"--operation=Read",
                                           
s"--allow-principal=$kafkaPrincipalType:$clientPrincipal")
+  def produceConsumeWildcardAclArgs: Array[String] = 
Array("--authorizer-properties",
+                                            s"zookeeper.connect=$zkConnect",
+                                            s"--add",
+                                            s"--topic=$wildcard",
+                                            s"--group=$wildcard",
+                                            s"--consumer",
+                                            s"--producer",
+                                            
s"--allow-principal=$kafkaPrincipalType:$clientPrincipal")
+
   def ClusterActionAcl = Set(new Acl(new KafkaPrincipal(kafkaPrincipalType, 
kafkaPrincipal), Allow, Acl.WildCardHost, ClusterAction))
   def TopicBrokerReadAcl = Set(new Acl(new KafkaPrincipal(kafkaPrincipalType, 
kafkaPrincipal), Allow, Acl.WildCardHost, Read))
   def GroupReadAcl = Set(new Acl(new KafkaPrincipal(kafkaPrincipalType, 
clientPrincipal), Allow, Acl.WildCardHost, Read))
@@ -173,7 +184,7 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
                                 saslProperties = this.clientSaslProperties,
                                 props = Some(producerConfig))
   }
-  
+
   /**
     * Closes MiniKDC last when tearing down.
     */
@@ -201,6 +212,22 @@ abstract class EndToEndAuthorizationTest extends 
IntegrationTestHarness with Sas
     consumeRecords(this.consumers.head, numRecords)
   }
 
+  @Test
+  def testProduceConsumeWithWildcardAcls(): Unit = {
+    setWildcardResourceAcls()
+    sendRecords(numRecords, tp)
+    consumers.head.subscribe(List(topic).asJava)
+    consumeRecords(this.consumers.head, numRecords)
+  }
+
+  private def setWildcardResourceAcls() {
+    AclCommand.main(produceConsumeWildcardAclArgs)
+    servers.foreach { s =>
+      TestUtils.waitAndVerifyAcls(TopicReadAcl ++ TopicWriteAcl ++ 
TopicDescribeAcl ++ TopicBrokerReadAcl, s.apis.authorizer.get, 
wildcardTopicResource)
+      TestUtils.waitAndVerifyAcls(GroupReadAcl, s.apis.authorizer.get, 
wildcardGroupResource)
+    }
+  }
+
   protected def setAclsAndProduce() {
     AclCommand.main(produceAclArgs)
     AclCommand.main(consumeAclArgs)

-- 
To stop receiving notification emails like this one, please contact
j...@apache.org.

Reply via email to