Re: [PR] MINOR: clean up for sasl endpoints [kafka]

Thu, 16 Jan 2025 19:35:47 -0800 


showuon commented on code in PR #18519:
URL: https://github.com/apache/kafka/pull/18519#discussion_r1919506397


##########
clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/secured/ConfigurationUtils.java:
##########
@@ -228,4 +233,16 @@ public <T> T get(String name) {
         return (T) configs.get(name);
     }
 
+    // make sure the url is in the 
"org.apache.kafka.sasl.oauthbearer.allowed.urls" system property
+    public void throwIfURLIsNotAllowed(String urlConfig) {
+        Set<String> allowedLoginModuleList = Arrays.stream(
+                        
System.getProperty(ALLOWED_SASL_OAUTHBEARER_URLS_CONFIG, "").split(","))

Review Comment:
   Sounds good!



##########
clients/src/test/java/org/apache/kafka/common/security/oauthbearer/internals/secured/AccessTokenRetrieverFactoryTest.java:
##########
@@ -55,21 +63,34 @@ public void 
testConfigureRefreshingFileAccessTokenRetriever() throws Exception {
     @Test
     public void 
testConfigureRefreshingFileAccessTokenRetrieverWithInvalidDirectory() {
         // Should fail because the parent path doesn't exist.
-        Map<String, ?> configs = 
getSaslConfigs(SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL, new 
File("/tmp/this-directory-does-not-exist/foo.json").toURI().toString());
+        String file = new 
File("/tmp/this-directory-does-not-exist/foo.json").toURI().toString();
+        System.setProperty(ALLOWED_SASL_OAUTHBEARER_URLS_CONFIG, file);
+        Map<String, ?> configs = 
getSaslConfigs(SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL, file);
         Map<String, Object> jaasConfig = Collections.emptyMap();
         assertThrowsWithMessage(ConfigException.class, () -> 
AccessTokenRetrieverFactory.create(configs, jaasConfig), "that doesn't exist");
     }
 
     @Test
     public void 
testConfigureRefreshingFileAccessTokenRetrieverWithInvalidFile() throws 
Exception {
-        // Should fail because the while the parent path exists, the file 
itself doesn't.
+        // Should fail because the parent path exists, the file itself doesn't.

Review Comment:
   You're right!



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to