This repository has been archived by the owner on Jan 10, 2024. It is now read-only.
forked from zendesk/ruby-kafka
-
Notifications
You must be signed in to change notification settings - Fork 1
/
sasl_authenticator_spec.rb
125 lines (103 loc) · 3.16 KB
/
sasl_authenticator_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# frozen_string_literal: true
require 'fake_server'
require 'fake_token_provider'
describe Kafka::SaslAuthenticator do
let(:logger) { LOGGER }
let(:host) { "127.0.0.1" }
let(:server) { TCPServer.new(host, 0) }
let(:port) { server.addr[1] }
let(:connection) {
Kafka::Connection.new(
host: host,
port: port,
client_id: "test",
logger: logger,
instrumenter: Kafka::Instrumenter.new(client_id: "test"),
connect_timeout: 0.1,
socket_timeout: 0.1,
)
}
let!(:fake_server) { FakeServer.start(server) }
let(:sasl_authenticator) {
Kafka::SaslAuthenticator.new(
**{ logger: logger }.merge(auth_options)
)
}
let(:auth_options) {
{
sasl_gssapi_principal: nil,
sasl_gssapi_keytab: nil,
sasl_plain_authzid: nil,
sasl_plain_username: nil,
sasl_plain_password: nil,
sasl_scram_username: nil,
sasl_scram_password: nil,
sasl_scram_mechanism: nil,
sasl_oauth_token_provider: nil,
sasl_aws_msk_iam_access_key_id: nil,
sasl_aws_msk_iam_secret_key_id: nil,
sasl_aws_msk_iam_aws_region: nil
}
}
context "when SASL has not been configured" do
it "still works" do
sasl_authenticator.authenticate!(connection)
end
end
context "when SASL PLAIN has been configured" do
before do
auth_options.update(
sasl_plain_authzid: "",
sasl_plain_username: "spec_username",
sasl_plain_password: "spec_password",
)
end
it "authenticates" do
sasl_authenticator.authenticate!(connection)
end
it "raises Kafka::Error when the username or password is incorrect" do
auth_options[:sasl_plain_password] = "wrong"
expect {
sasl_authenticator.authenticate!(connection)
}.to raise_error(Kafka::Error, /SASL PLAIN authentication failed/)
end
end
context "when SASL SCRAM has been configured" do
before do
auth_options.update(
sasl_scram_username: "spec_username",
sasl_scram_password: "spec_password",
sasl_scram_mechanism: "sha256"
)
end
it "authenticates" do
sasl_authenticator.authenticate!(connection)
end
it "raises Kafka::Error when the username or password is incorrect" do
auth_options[:sasl_scram_password] = "wrong"
expect {
sasl_authenticator.authenticate!(connection)
}.to raise_error(Kafka::FailedScramAuthentication)
end
end
context "when SASL OAuthBearer has been configured" do
before do
auth_options.update(
sasl_oauth_token_provider: FakeTokenProvider.new
)
end
it "authenticates" do
sasl_authenticator.authenticate!(connection)
end
it "authenticates without extensions implemented" do
auth_options[:sasl_oauth_token_provider] = FakeTokenProviderNoExtensions.new
sasl_authenticator.authenticate!(connection)
end
it "raises error when the token provider does not generate a token" do
auth_options[:sasl_oauth_token_provider] = FakeBrokenTokenProvider.new
expect {
sasl_authenticator.authenticate!(connection)
}.to raise_error(Kafka::TokenMethodNotImplementedError)
end
end
end