You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by or...@apache.org on 2022/12/08 11:59:53 UTC
[camel] 03/03: (chores) camel-kafka: added invalid auth handling tests
This is an automated email from the ASF dual-hosted git repository.
orpiske pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 5fd8af3fe0dcb1019fd3268f58baad59676507b9
Author: Otavio Rodolfo Piske <an...@gmail.com>
AuthorDate: Wed Dec 7 17:27:18 2022 +0100
(chores) camel-kafka: added invalid auth handling tests
---
.../integration/KafkaConsumerAuthInvalidIT.java | 138 ++++++++++++++++
.../KafkaConsumerAuthInvalidWithReconnectIT.java | 184 +++++++++++++++++++++
.../src/test/resources/kafka-jaas-invalid.config | 8 +
3 files changed, 330 insertions(+)
diff --git a/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidIT.java b/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidIT.java
new file mode 100644
index 00000000000..41968af2ad0
--- /dev/null
+++ b/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidIT.java
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.kafka.integration;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.camel.EndpointInject;
+import org.apache.camel.Exchange;
+import org.apache.camel.ExtendedCamelContext;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.kafka.MockConsumerInterceptor;
+import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.test.infra.kafka.services.ContainerLocalAuthKafkaService;
+import org.apache.kafka.clients.admin.ConsumerGroupDescription;
+import org.apache.kafka.common.config.SaslConfigs;
+import org.junit.Assert;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.fail;
+
+@DisabledIfSystemProperty(named = "ci.env.name", matches = "github.com", disabledReason = "Flaky on Github CI")
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+public class KafkaConsumerAuthInvalidIT extends BaseEmbeddedKafkaAuthTestSupport {
+ public static final String TOPIC = "test-auth-invalid-it";
+
+ private static final Logger LOG = LoggerFactory.getLogger(KafkaConsumerAuthInvalidIT.class);
+
+ @EndpointInject("mock:result")
+ private MockEndpoint to;
+
+ @EndpointInject("mock:dlq")
+ private MockEndpoint dlq;
+
+ private org.apache.kafka.clients.producer.KafkaProducer<String, String> producer;
+
+ @BeforeEach
+ public void before() {
+ Properties props = getDefaultProperties();
+ props.put(SaslConfigs.SASL_JAAS_CONFIG,
+ ContainerLocalAuthKafkaService.generateSimpleSaslJaasConfig("camel", "camel-secret"));
+ props.put("security.protocol", "SASL_PLAINTEXT");
+ props.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
+
+ try {
+ producer = new org.apache.kafka.clients.producer.KafkaProducer<>(props);
+ } catch (Exception e) {
+ fail(e.getMessage());
+ }
+
+ MockConsumerInterceptor.recordsCaptured.clear();
+ }
+
+ @AfterEach
+ public void after() {
+ if (producer != null) {
+ producer.close();
+ }
+ // clean all test topics
+ kafkaAdminClient.deleteTopics(Collections.singletonList(TOPIC)).all();
+ }
+
+ @Override
+ protected RouteBuilder createRouteBuilder() {
+ return new RouteBuilder() {
+
+ @Override
+ public void configure() {
+ final String simpleSaslJaasConfig
+ = ContainerLocalAuthKafkaService.generateSimpleSaslJaasConfig("camel", "camel-invalid-secret");
+
+ getCamelContext().adapt(ExtendedCamelContext.class)
+ .setErrorHandlerFactory(
+ deadLetterChannel(dlq));
+
+ fromF("kafka:%s"
+ + "?groupId=%s&autoOffsetReset=earliest&keyDeserializer=org.apache.kafka.common.serialization.StringDeserializer"
+ + "&valueDeserializer=org.apache.kafka.common.serialization.StringDeserializer"
+ + "&autoCommitIntervalMs=1000&pollTimeoutMs=1000&autoCommitEnable=true"
+ + "&saslMechanism=PLAIN&securityProtocol=SASL_PLAINTEXT&saslJaasConfig=%s", TOPIC,
+ "KafkaConsumerAuthInvalidIT", simpleSaslJaasConfig)
+ .process(
+ exchange -> LOG.trace("Captured on the processor: {}", exchange.getMessage().getBody()))
+ .routeId("should-no-work").to(to);
+ }
+ };
+ }
+
+ @DisplayName("Tests that Camel can adequately handle invalid authorizations")
+ @Timeout(30)
+ @Test
+ public void kafkaMessageIsConsumedByCamel() throws InterruptedException {
+ dlq.expectedMessageCount(1);
+ dlq.assertIsSatisfied(3000);
+
+ to.expectedMessageCount(0);
+ to.assertIsSatisfied(3000);
+
+ final Map<String, ConsumerGroupDescription> allGroups
+ = assertDoesNotThrow(() -> getConsumerGroupInfo("KafkaConsumerAuthInvalidIT"));
+ final ConsumerGroupDescription groupInfo = allGroups.get("KafkaConsumerAuthInvalidIT");
+
+ Assert.assertEquals("There should be no members in this group", 0, groupInfo.members().size());
+
+ for (Exchange exchange : dlq.getExchanges()) {
+ Assertions.assertEquals("should-no-work", exchange.getFromRouteId());
+ }
+ }
+
+}
diff --git a/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidWithReconnectIT.java b/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidWithReconnectIT.java
new file mode 100644
index 00000000000..d02fc094865
--- /dev/null
+++ b/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthInvalidWithReconnectIT.java
@@ -0,0 +1,184 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.kafka.integration;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.EndpointInject;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.kafka.MockConsumerInterceptor;
+import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.test.infra.kafka.services.ContainerLocalAuthKafkaService;
+import org.apache.kafka.clients.admin.AdminClient;
+import org.apache.kafka.clients.admin.ConsumerGroupDescription;
+import org.apache.kafka.common.config.SaslConfigs;
+import org.awaitility.Awaitility;
+import org.junit.Assert;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.fail;
+
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+public class KafkaConsumerAuthInvalidWithReconnectIT extends AbstractKafkaTestSupport {
+ public static final String TOPIC = "test-auth-invalid-with-reconnect";
+
+ private static final Logger LOG = LoggerFactory.getLogger(KafkaConsumerAuthInvalidWithReconnectIT.class);
+
+ private static ContainerLocalAuthKafkaService service;
+
+ @EndpointInject("mock:result")
+ private MockEndpoint to;
+
+ @EndpointInject("mock:dlq")
+ private MockEndpoint dlq;
+
+ private org.apache.kafka.clients.producer.KafkaProducer<String, String> producer;
+
+ static {
+ service = new ContainerLocalAuthKafkaService(
+ new ContainerLocalAuthKafkaService.StaticKafkaContainer("/kafka-jaas-invalid.config"));
+ }
+
+ @BeforeAll
+ public static void beforeClass() {
+ service.initialize();
+ AbstractKafkaTestSupport.setServiceProperties(service);
+ }
+
+ protected Properties getDefaultProperties() {
+ return getDefaultProperties(service);
+ }
+
+ @Override
+ protected CamelContext createCamelContext() throws Exception {
+ return createCamelContextFromService(service);
+ }
+
+ protected static String getBootstrapServers() {
+ return service.getBootstrapServers();
+ }
+
+ @BeforeEach
+ public void before() {
+
+ Properties props = getDefaultProperties();
+ props.put(SaslConfigs.SASL_JAAS_CONFIG,
+ ContainerLocalAuthKafkaService.generateSimpleSaslJaasConfig("camel", "camel-secret"));
+ props.put("security.protocol", "SASL_PLAINTEXT");
+ props.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
+
+ try {
+ producer = new org.apache.kafka.clients.producer.KafkaProducer<>(props);
+ } catch (Exception e) {
+ fail(e.getMessage());
+ }
+
+ MockConsumerInterceptor.recordsCaptured.clear();
+ }
+
+ @AfterEach
+ public void after() {
+ if (producer != null) {
+ producer.close();
+ }
+ }
+
+ @Override
+ protected RouteBuilder createRouteBuilder() {
+ return new RouteBuilder() {
+
+ @Override
+ public void configure() {
+ final String simpleSaslJaasConfig
+ = ContainerLocalAuthKafkaService.generateSimpleSaslJaasConfig("camel", "camel-secret");
+
+ fromF("kafka:%s"
+ + "?groupId=%s&autoOffsetReset=earliest&keyDeserializer=org.apache.kafka.common.serialization.StringDeserializer"
+ + "&valueDeserializer=org.apache.kafka.common.serialization.StringDeserializer"
+ + "&autoCommitIntervalMs=1000&pollTimeoutMs=1000&autoCommitEnable=true&pollOnError=RECONNECT"
+ + "&saslMechanism=PLAIN&securityProtocol=SASL_PLAINTEXT&saslJaasConfig=%s", TOPIC,
+ "KafkaConsumerAuthInvalidWithReconnectIT", simpleSaslJaasConfig)
+ .process(
+ exchange -> LOG.trace("Captured on the processor: {}", exchange.getMessage().getBody()))
+ .routeId("full-it").to(to);
+ }
+ };
+ }
+
+ private Map<String, ConsumerGroupDescription> getConsumerGroupInfo(AdminClient adminClient, String groupId)
+ throws InterruptedException, ExecutionException, TimeoutException {
+ return adminClient.describeConsumerGroups(Collections.singletonList(groupId)).all().get(30, TimeUnit.SECONDS);
+ }
+
+ @Test
+ @Order(1)
+ void testIsDisconnected() {
+ AdminClient adminClient = BaseEmbeddedKafkaAuthTestSupport.createAuthAdminClient(service);
+
+ final Map<String, ConsumerGroupDescription> allGroups
+ = assertDoesNotThrow(() -> getConsumerGroupInfo(adminClient, "KafkaConsumerAuthInvalidWithReconnectIT"));
+ final ConsumerGroupDescription groupInfo = allGroups.get("KafkaConsumerAuthInvalidWithReconnectIT");
+
+ Assert.assertEquals("There should be no members in this group", 0, groupInfo.members().size());
+ adminClient.close();
+ }
+
+ @Test
+ @Order(2)
+ void testReconnect() {
+ // Shutdown the instance with the auth config that wouldn't allow it to login
+ service.shutdown();
+
+ // Create a new one with the matching login credentials
+ service = new ContainerLocalAuthKafkaService(
+ new ContainerLocalAuthKafkaService.StaticKafkaContainer("/kafka-jaas.config"));
+
+ service.initialize();
+
+ AdminClient adminClient = BaseEmbeddedKafkaAuthTestSupport.createAuthAdminClient(service);
+ Awaitility.await().atMost(30, TimeUnit.SECONDS).untilAsserted(() -> assertIsConnected(adminClient));
+ adminClient.close();
+ }
+
+ private void assertIsConnected(AdminClient adminClient) {
+ final Map<String, ConsumerGroupDescription> allGroups
+ = assertDoesNotThrow(() -> getConsumerGroupInfo(adminClient, "KafkaConsumerAuthInvalidWithReconnectIT"));
+
+ Assert.assertTrue("There should be at least one group named KafkaConsumerAuthInvalidWithReconnectIT",
+ allGroups.size() >= 1);
+
+ final ConsumerGroupDescription groupInfo = allGroups.get("KafkaConsumerAuthInvalidWithReconnectIT");
+ Assert.assertNotNull("There should be at least one group named KafkaConsumerAuthInvalidWithReconnectIT", groupInfo);
+ }
+}
diff --git a/components/camel-kafka/src/test/resources/kafka-jaas-invalid.config b/components/camel-kafka/src/test/resources/kafka-jaas-invalid.config
new file mode 100644
index 00000000000..6f8d95844e2
--- /dev/null
+++ b/components/camel-kafka/src/test/resources/kafka-jaas-invalid.config
@@ -0,0 +1,8 @@
+KafkaServer {
+ org.apache.kafka.common.security.plain.PlainLoginModule required
+ serviceName="kafka"
+ username="admin"
+ password="admin-secret"
+ user_admin="admin-secret"
+ user_camel="camel-invalid-secret";
+};