This is an automated email from the ASF dual-hosted git repository.
rsivaram pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new e5f7220 MINOR: kafkatest - adding whitelist for interbroker sasl
configs (#7093)
e5f7220 is described below
commit e5f7220b23ba556352d80a0575fcb6cbfe2d576d
Author: Brian Bushree <[email protected]>
AuthorDate: Mon Jul 22 01:38:28 2019 -0700
MINOR: kafkatest - adding whitelist for interbroker sasl configs (#7093)
---
tests/kafkatest/services/kafka/templates/kafka.properties | 4 ++--
tests/kafkatest/services/security/listener_security_config.py | 9 ++++++++-
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/tests/kafkatest/services/kafka/templates/kafka.properties
b/tests/kafkatest/services/kafka/templates/kafka.properties
index 25e4dcc..8b61322 100644
--- a/tests/kafkatest/services/kafka/templates/kafka.properties
+++ b/tests/kafkatest/services/kafka/templates/kafka.properties
@@ -28,7 +28,7 @@ security.inter.broker.protocol={{
interbroker_listener.security_protocol }}
{% endif %}
{% for k, v in listener_security_config.client_listener_overrides.iteritems()
%}
-{% if k in ["connections.max.reauth.ms", "sasl.jaas.config",
"sasl.login.callback.handler.class", "sasl.login.class",
"sasl.server.callback.handler.class"] %}
+{% if listener_security_config.requires_sasl_mechanism_prefix(k) %}
listener.name.{{ security_protocol.lower() }}.{{
security_config.client_sasl_mechanism.lower() }}.{{ k }}={{ v }}
{% else %}
listener.name.{{ security_protocol.lower() }}.{{ k }}={{ v }}
@@ -37,7 +37,7 @@ listener.name.{{ security_protocol.lower() }}.{{ k }}={{ v }}
{% if interbroker_listener.name != security_protocol %}
{% for k, v in
listener_security_config.interbroker_listener_overrides.iteritems() %}
-{% if k.startswith('sasl.') %}
+{% if listener_security_config.requires_sasl_mechanism_prefix(k) %}
listener.name.{{ interbroker_listener.name.lower() }}.{{
security_config.interbroker_sasl_mechanism.lower() }}.{{ k }}={{ v }}
{% else %}
listener.name.{{ interbroker_listener.name.lower() }}.{{ k }}={{ v }}
diff --git a/tests/kafkatest/services/security/listener_security_config.py
b/tests/kafkatest/services/security/listener_security_config.py
index 74e9e39..119e9f3 100644
--- a/tests/kafkatest/services/security/listener_security_config.py
+++ b/tests/kafkatest/services/security/listener_security_config.py
@@ -15,6 +15,10 @@
class ListenerSecurityConfig:
+ SASL_MECHANISM_PREFIXED_CONFIGS = ["connections.max.reauth.ms",
"sasl.jaas.config",
+ "sasl.login.callback.handler.class",
"sasl.login.class",
+ "sasl.server.callback.handler.class"]
+
def __init__(self, use_separate_interbroker_listener=False,
client_listener_overrides={},
interbroker_listener_overrides={}):
"""
@@ -33,4 +37,7 @@ class ListenerSecurityConfig:
"""
self.use_separate_interbroker_listener =
use_separate_interbroker_listener
self.client_listener_overrides = client_listener_overrides
- self.interbroker_listener_overrides = interbroker_listener_overrides
\ No newline at end of file
+ self.interbroker_listener_overrides = interbroker_listener_overrides
+
+ def requires_sasl_mechanism_prefix(self, config):
+ return config in ListenerSecurityConfig.SASL_MECHANISM_PREFIXED_CONFIGS
