You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by cm...@apache.org on 2021/03/17 18:02:20 UTC

[kafka] branch 2.8 updated: MINOR: fix failing ZooKeeper system tests (#10297)

This is an automated email from the ASF dual-hosted git repository.

cmccabe pushed a commit to branch 2.8
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.8 by this push:
     new 95ef747  MINOR: fix failing ZooKeeper system tests (#10297)
95ef747 is described below

commit 95ef747c5d4760ee9c743aad80c268f67f23873a
Author: Ron Dagostino <rd...@confluent.io>
AuthorDate: Wed Mar 17 13:58:42 2021 -0400

    MINOR: fix failing ZooKeeper system tests (#10297)
    
    ZooKeeper-related system tests in zookeeper_security_upgrade_test.py and
    zookeeper_tls_test.py broke due to #10199. That patch changed the logic of
    SecurityConfig.enabled_sasl_mechanisms() to only add the inter-broker SASL
    mechanism when the inter-broker protocol was SASL_{PLAINTEXT,SSL}. The
    inter-broker protocol is left to default to PLAINTEXT for the SecurityConfig
    instance associated with Zookeeper since that value doesn't apply to ZooKeeper,
    so the default inter-broker SASL mechanism of GSSAPI was not being added into
    the set returned by enabled_sasl_mechanisms(). This is actually correct --
    GSSAPI shouldn't be added since inter-broker communication is a Kafka concept
    and doesn't apply to ZooKeeper. GSSAPI should be added when ZooKeeper uses it,
    though -- which is the case in these tests. So the prior patch referred to
    above uncovered a bug: we were relying on the default inter-broker SASL
    mechanism to signal that Kerberos was being used by ZooKeeper even though the
    inter-broker protocol has nothing to do with that determination in such cases.
    This patch explicitly includes GSSAPI in the list of enabled SASL mechanisms
    when SASL is enabled for use by ZooKeeper.
    
    Reviewers: Colin P. McCabe <cm...@apache.org>
---
 tests/kafkatest/services/security/security_config.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/kafkatest/services/security/security_config.py b/tests/kafkatest/services/security/security_config.py
index 5be0737..e53d376 100644
--- a/tests/kafkatest/services/security/security_config.py
+++ b/tests/kafkatest/services/security/security_config.py
@@ -372,6 +372,9 @@ class SecurityConfig(TemplateRenderer):
 
     @property
     def enabled_sasl_mechanisms(self):
+        """
+        :return: all the SASL mechanisms in use, including for brokers, clients, controllers, and ZooKeeper
+        """
         sasl_mechanisms = []
         if self.is_sasl(self.security_protocol):
             # .csv is supported so be sure to account for that possibility
@@ -382,6 +385,8 @@ class SecurityConfig(TemplateRenderer):
             sasl_mechanisms += list(self.serves_raft_sasl)
         if self.uses_raft_sasl:
             sasl_mechanisms += list(self.uses_raft_sasl)
+        if self.zk_sasl:
+            sasl_mechanisms += [SecurityConfig.SASL_MECHANISM_GSSAPI]
         return set(sasl_mechanisms)
 
     @property