You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by cm...@apache.org on 2021/03/17 18:02:20 UTC
[kafka] branch 2.8 updated: MINOR: fix failing ZooKeeper system
tests (#10297)
This is an automated email from the ASF dual-hosted git repository.
cmccabe pushed a commit to branch 2.8
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.8 by this push:
new 95ef747 MINOR: fix failing ZooKeeper system tests (#10297)
95ef747 is described below
commit 95ef747c5d4760ee9c743aad80c268f67f23873a
Author: Ron Dagostino <rd...@confluent.io>
AuthorDate: Wed Mar 17 13:58:42 2021 -0400
MINOR: fix failing ZooKeeper system tests (#10297)
ZooKeeper-related system tests in zookeeper_security_upgrade_test.py and
zookeeper_tls_test.py broke due to #10199. That patch changed the logic of
SecurityConfig.enabled_sasl_mechanisms() to only add the inter-broker SASL
mechanism when the inter-broker protocol was SASL_{PLAINTEXT,SSL}. The
inter-broker protocol is left to default to PLAINTEXT for the SecurityConfig
instance associated with Zookeeper since that value doesn't apply to ZooKeeper,
so the default inter-broker SASL mechanism of GSSAPI was not being added into
the set returned by enabled_sasl_mechanisms(). This is actually correct --
GSSAPI shouldn't be added since inter-broker communication is a Kafka concept
and doesn't apply to ZooKeeper. GSSAPI should be added when ZooKeeper uses it,
though -- which is the case in these tests. So the prior patch referred to
above uncovered a bug: we were relying on the default inter-broker SASL
mechanism to signal that Kerberos was being used by ZooKeeper even though the
inter-broker protocol has nothing to do with that determination in such cases.
This patch explicitly includes GSSAPI in the list of enabled SASL mechanisms
when SASL is enabled for use by ZooKeeper.
Reviewers: Colin P. McCabe <cm...@apache.org>
---
tests/kafkatest/services/security/security_config.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tests/kafkatest/services/security/security_config.py b/tests/kafkatest/services/security/security_config.py
index 5be0737..e53d376 100644
--- a/tests/kafkatest/services/security/security_config.py
+++ b/tests/kafkatest/services/security/security_config.py
@@ -372,6 +372,9 @@ class SecurityConfig(TemplateRenderer):
@property
def enabled_sasl_mechanisms(self):
+ """
+ :return: all the SASL mechanisms in use, including for brokers, clients, controllers, and ZooKeeper
+ """
sasl_mechanisms = []
if self.is_sasl(self.security_protocol):
# .csv is supported so be sure to account for that possibility
@@ -382,6 +385,8 @@ class SecurityConfig(TemplateRenderer):
sasl_mechanisms += list(self.serves_raft_sasl)
if self.uses_raft_sasl:
sasl_mechanisms += list(self.uses_raft_sasl)
+ if self.zk_sasl:
+ sasl_mechanisms += [SecurityConfig.SASL_MECHANISM_GSSAPI]
return set(sasl_mechanisms)
@property