You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by jg...@apache.org on 2020/05/27 06:08:28 UTC
[kafka] branch 2.3 updated: MINOR: kafkatest - adding whitelist for interbroker sasl configs (#7093)

This is an automated email from the ASF dual-hosted git repository.

jgus pushed a commit to branch 2.3
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.3 by this push:
     new f4ebf82  MINOR: kafkatest - adding whitelist for interbroker sasl configs (#7093)
f4ebf82 is described below

commit f4ebf8252f14258c654071ce84af2aa67adf7ed9
Author: Brian Bushree <bb...@confluent.io>
AuthorDate: Mon Jul 22 01:38:28 2019 -0700

    MINOR: kafkatest - adding whitelist for interbroker sasl configs (#7093)
---
 tests/kafkatest/services/kafka/templates/kafka.properties     | 4 ++--
 tests/kafkatest/services/security/listener_security_config.py | 9 ++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/tests/kafkatest/services/kafka/templates/kafka.properties b/tests/kafkatest/services/kafka/templates/kafka.properties
index 6060bfa..8b61322 100644
--- a/tests/kafkatest/services/kafka/templates/kafka.properties
+++ b/tests/kafkatest/services/kafka/templates/kafka.properties
@@ -28,7 +28,7 @@ security.inter.broker.protocol={{ interbroker_listener.security_protocol }}
 {% endif %}
 
 {% for k, v in listener_security_config.client_listener_overrides.iteritems() %}
-{% if k.startswith('sasl.') %}
+{% if listener_security_config.requires_sasl_mechanism_prefix(k) %}
 listener.name.{{ security_protocol.lower() }}.{{ security_config.client_sasl_mechanism.lower() }}.{{ k }}={{ v }}
 {% else %}
 listener.name.{{ security_protocol.lower() }}.{{ k }}={{ v }}
@@ -37,7 +37,7 @@ listener.name.{{ security_protocol.lower() }}.{{ k }}={{ v }}
 
 {% if interbroker_listener.name != security_protocol %}
 {% for k, v in listener_security_config.interbroker_listener_overrides.iteritems() %}
-{% if k.startswith('sasl.') %}
+{% if listener_security_config.requires_sasl_mechanism_prefix(k) %}
 listener.name.{{ interbroker_listener.name.lower() }}.{{ security_config.interbroker_sasl_mechanism.lower() }}.{{ k }}={{ v }}
 {% else %}
 listener.name.{{ interbroker_listener.name.lower() }}.{{ k }}={{ v }}
diff --git a/tests/kafkatest/services/security/listener_security_config.py b/tests/kafkatest/services/security/listener_security_config.py
index 74e9e39..119e9f3 100644
--- a/tests/kafkatest/services/security/listener_security_config.py
+++ b/tests/kafkatest/services/security/listener_security_config.py
@@ -15,6 +15,10 @@
 
 class ListenerSecurityConfig:
 
+    SASL_MECHANISM_PREFIXED_CONFIGS = ["connections.max.reauth.ms", "sasl.jaas.config",
+                                       "sasl.login.callback.handler.class", "sasl.login.class",
+                                       "sasl.server.callback.handler.class"]
+
     def __init__(self, use_separate_interbroker_listener=False,
                  client_listener_overrides={}, interbroker_listener_overrides={}):
         """
@@ -33,4 +37,7 @@ class ListenerSecurityConfig:
         """
         self.use_separate_interbroker_listener = use_separate_interbroker_listener
         self.client_listener_overrides = client_listener_overrides
-        self.interbroker_listener_overrides = interbroker_listener_overrides
\ No newline at end of file
+        self.interbroker_listener_overrides = interbroker_listener_overrides
+
+    def requires_sasl_mechanism_prefix(self, config):
+        return config in ListenerSecurityConfig.SASL_MECHANISM_PREFIXED_CONFIGS