You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2023/07/27 07:48:10 UTC
[kafka] branch 3.4 updated: KAFKA-15243: Set decoded user names to DescribeUserScramCredentialsResponse (#14094)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 3.4
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.4 by this push:
new e046a89b9c8 KAFKA-15243: Set decoded user names to DescribeUserScramCredentialsResponse (#14094)
e046a89b9c8 is described below
commit e046a89b9c81f7c813589246dc983d42ab0d9b1e
Author: sciclon2 <74...@users.noreply.github.com>
AuthorDate: Wed Jul 26 15:48:09 2023 +0200
KAFKA-15243: Set decoded user names to DescribeUserScramCredentialsResponse (#14094)
Reviewers: Manikumar Reddy <ma...@gmail.com>
---
.../main/scala/kafka/server/ZkAdminManager.scala | 2 +-
.../AlterUserScramCredentialsRequestTest.scala | 40 ++++++++++++++--------
2 files changed, 27 insertions(+), 15 deletions(-)
diff --git a/core/src/main/scala/kafka/server/ZkAdminManager.scala b/core/src/main/scala/kafka/server/ZkAdminManager.scala
index 1a22024d723..5bf14e344a5 100644
--- a/core/src/main/scala/kafka/server/ZkAdminManager.scala
+++ b/core/src/main/scala/kafka/server/ZkAdminManager.scala
@@ -849,7 +849,7 @@ class ZkAdminManager(val config: KafkaConfig,
try {
if (describingAllUsers)
adminZkClient.fetchAllEntityConfigs(ConfigType.User).foreach {
- case (user, properties) => addToResultsIfHasScramCredential(user, properties) }
+ case (user, properties) => addToResultsIfHasScramCredential(Sanitizer.desanitize(user), properties) }
else {
// describing specific users
val illegalUsers = users.get.filter(_.isEmpty).toSet
diff --git a/core/src/test/scala/unit/kafka/server/AlterUserScramCredentialsRequestTest.scala b/core/src/test/scala/unit/kafka/server/AlterUserScramCredentialsRequestTest.scala
index e0121b17c5d..321c8067a59 100644
--- a/core/src/test/scala/unit/kafka/server/AlterUserScramCredentialsRequestTest.scala
+++ b/core/src/test/scala/unit/kafka/server/AlterUserScramCredentialsRequestTest.scala
@@ -52,6 +52,7 @@ class AlterUserScramCredentialsRequestTest extends BaseRequestTest {
private val saltBytes = "salt".getBytes(StandardCharsets.UTF_8)
private val user1 = "user1"
private val user2 = "user2"
+ private val user3 = "user3@user3.com"
private val unknownUser = "unknownUser"
@Test
@@ -125,21 +126,21 @@ class AlterUserScramCredentialsRequestTest extends BaseRequestTest {
val deletionUnknown1 = new AlterUserScramCredentialsRequestData.ScramCredentialDeletion().setName(user1).setMechanism(ScramMechanism.UNKNOWN.`type`)
val deletionValid1 = new AlterUserScramCredentialsRequestData.ScramCredentialDeletion().setName(user1).setMechanism(ScramMechanism.SCRAM_SHA_256.`type`)
val deletionUnknown2 = new AlterUserScramCredentialsRequestData.ScramCredentialDeletion().setName(user2).setMechanism(10.toByte)
- val user3 = "user3"
- val upsertionUnknown3 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user3).setMechanism(ScramMechanism.UNKNOWN.`type`)
- .setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
- val upsertionValid3 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user3).setMechanism(ScramMechanism.SCRAM_SHA_256.`type`)
- .setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
val user4 = "user4"
- val upsertionUnknown4 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user4).setMechanism(10.toByte)
+ val upsertionUnknown4 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user4).setMechanism(ScramMechanism.UNKNOWN.`type`)
+ .setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
+ val upsertionValid4 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user4).setMechanism(ScramMechanism.SCRAM_SHA_256.`type`)
.setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
val user5 = "user5"
- val upsertionUnknown5 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user5).setMechanism(ScramMechanism.UNKNOWN.`type`)
+ val upsertionUnknown5 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user5).setMechanism(10.toByte)
+ .setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
+ val user6 = "user6"
+ val upsertionUnknown6 = new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion().setName(user6).setMechanism(ScramMechanism.UNKNOWN.`type`)
.setIterations(8192).setSalt(saltBytes).setSaltedPassword(saltedPasswordBytes)
val request = new AlterUserScramCredentialsRequest.Builder(
new AlterUserScramCredentialsRequestData()
.setDeletions(util.Arrays.asList(deletionUnknown1, deletionValid1, deletionUnknown2))
- .setUpsertions(util.Arrays.asList(upsertionUnknown3, upsertionValid3, upsertionUnknown4, upsertionUnknown5))).build()
+ .setUpsertions(util.Arrays.asList(upsertionUnknown4, upsertionValid4, upsertionUnknown5, upsertionUnknown6))).build()
val response = sendAlterUserScramCredentialsRequest(request)
val results = response.data.results
assertEquals(5, results.size)
@@ -226,18 +227,25 @@ class AlterUserScramCredentialsRequestTest extends BaseRequestTest {
.setIterations(8192)
.setSalt(saltBytes)
.setSaltedPassword(saltedPasswordBytes),
+ new AlterUserScramCredentialsRequestData.ScramCredentialUpsertion()
+ .setName(user3).setMechanism(ScramMechanism.SCRAM_SHA_512.`type`)
+ .setIterations(8192)
+ .setSalt(saltBytes)
+ .setSaltedPassword(saltedPasswordBytes),
))).build()
val results1 = sendAlterUserScramCredentialsRequest(request1).data.results
- assertEquals(2, results1.size)
+ assertEquals(3, results1.size)
checkNoErrorsAlteringCredentials(results1)
checkUserAppearsInAlterResults(results1, user1)
checkUserAppearsInAlterResults(results1, user2)
+ checkUserAppearsInAlterResults(results1, user3)
// now describe them all
val results2 = describeAllWithNoTopLevelErrorConfirmed().data.results
- assertEquals(2, results2.size)
+ assertEquals(3, results2.size)
checkUserHasTwoCredentials(results2, user1)
checkForSingleSha512Iterations8192Credential(results2, user2)
+ checkForSingleSha512Iterations8192Credential(results2, user3)
// now describe just one
val request3 = new DescribeUserScramCredentialsRequest.Builder(
@@ -290,22 +298,26 @@ class AlterUserScramCredentialsRequestTest extends BaseRequestTest {
checkUserAppearsInAlterResults(results4, user1)
checkUserAppearsInAlterResults(results4, user2)
- // now describe them all, which should just yield 1 credential
+ // now describe them all, which should just yield 2 credentials
val results5 = describeAllWithNoTopLevelErrorConfirmed().data.results
- assertEquals(1, results5.size)
+ assertEquals(2, results5.size)
checkForSingleSha512Iterations8192Credential(results5, user1)
+ checkForSingleSha512Iterations8192Credential(results5, user3)
- // now delete the last one
+ // now delete user1 and user3
val request6 = new AlterUserScramCredentialsRequest.Builder(
new AlterUserScramCredentialsRequestData()
.setDeletions(util.Arrays.asList(
new AlterUserScramCredentialsRequestData.ScramCredentialDeletion()
.setName(user1).setMechanism(ScramMechanism.SCRAM_SHA_512.`type`),
+ new AlterUserScramCredentialsRequestData.ScramCredentialDeletion()
+ .setName(user3).setMechanism(ScramMechanism.SCRAM_SHA_512.`type`),
))).build()
val results6 = sendAlterUserScramCredentialsRequest(request6).data.results
- assertEquals(1, results6.size)
+ assertEquals(2, results6.size)
checkNoErrorsAlteringCredentials(results6)
checkUserAppearsInAlterResults(results6, user1)
+ checkUserAppearsInAlterResults(results6, user3)
// now describe them all, which should yield 0 credentials
val results7 = describeAllWithNoTopLevelErrorConfirmed().data.results