1package sarama 2 3import ( 4 "errors" 5 "testing" 6 7 krbcfg "github.com/jcmturner/gokrb5/v8/config" 8) 9 10/* 11 * Minimum requirement for client creation 12 * we are not testing the client itself, we only test that the client is created 13 * properly. 14 * 15 */ 16 17const ( 18 krb5cfg = `[libdefaults] 19 default_realm = TEST.GOKRB5 20 dns_lookup_realm = false 21 dns_lookup_kdc = false 22 ticket_lifetime = 24h 23 forwardable = yes 24 default_tkt_enctypes = aes256-cts-hmac-sha1-96 25 default_tgs_enctypes = aes256-cts-hmac-sha1-96 26 noaddresses = false 27[realms] 28 TEST.GOKRB5 = { 29 kdc = 127.0.0.1:88 30 admin_server = 127.0.0.1:749 31 default_domain = test.gokrb5 32 } 33 RESDOM.GOKRB5 = { 34 kdc = 10.80.88.88:188 35 admin_server = 127.0.0.1:749 36 default_domain = resdom.gokrb5 37 } 38 USER.GOKRB5 = { 39 kdc = 192.168.88.100:88 40 admin_server = 192.168.88.100:464 41 default_domain = user.gokrb5 42 } 43 RES.GOKRB5 = { 44 kdc = 192.168.88.101:88 45 admin_server = 192.168.88.101:464 46 default_domain = res.gokrb5 47 } 48[domain_realm] 49 .test.gokrb5 = TEST.GOKRB5 50 test.gokrb5 = TEST.GOKRB5 51 .resdom.gokrb5 = RESDOM.GOKRB5 52 resdom.gokrb5 = RESDOM.GOKRB5 53 .user.gokrb5 = USER.GOKRB5 54 user.gokrb5 = USER.GOKRB5 55 .res.gokrb5 = RES.GOKRB5 56 res.gokrb5 = RES.GOKRB5 57` 58) 59 60func TestFaildToCreateKerberosConfig(t *testing.T) { 61 expectedErr := errors.New("configuration file could not be opened: krb5.conf open krb5.conf: no such file or directory") 62 clientConfig := NewTestConfig() 63 clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI 64 clientConfig.Net.SASL.Enable = true 65 clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka" 66 clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM" 67 clientConfig.Net.SASL.GSSAPI.Username = "client" 68 clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_USER_AUTH 69 clientConfig.Net.SASL.GSSAPI.Password = "qwerty" 70 clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "krb5.conf" 71 _, err := NewKerberosClient(&clientConfig.Net.SASL.GSSAPI) 72 // Expect to create client with password 73 if err.Error() != expectedErr.Error() { 74 t.Errorf("Expected error:%s, got:%s.", err, expectedErr) 75 } 76} 77 78func TestCreateWithPassword(t *testing.T) { 79 kerberosConfig, err := krbcfg.NewFromString(krb5cfg) 80 if err != nil { 81 t.Fatal(err) 82 } 83 expectedDoman := "EXAMPLE.COM" 84 expectedCName := "client" 85 86 clientConfig := NewTestConfig() 87 clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI 88 clientConfig.Net.SASL.Enable = true 89 clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka" 90 clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM" 91 clientConfig.Net.SASL.GSSAPI.Username = "client" 92 clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_USER_AUTH 93 clientConfig.Net.SASL.GSSAPI.Password = "qwerty" 94 clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf" 95 client, _ := createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig) 96 // Expect to create client with password 97 if client == nil { 98 t.Errorf("Expected client not nil") 99 } 100 if client.Domain() != expectedDoman { 101 t.Errorf("Client domain: %s, got: %s", expectedDoman, client.Domain()) 102 } 103 if client.CName().NameString[0] != expectedCName { 104 t.Errorf("Client domain:%s, got: %s", expectedCName, client.CName().NameString[0]) 105 } 106} 107 108func TestCreateWithKeyTab(t *testing.T) { 109 kerberosConfig, err := krbcfg.NewFromString(krb5cfg) 110 if err != nil { 111 t.Fatal(err) 112 } 113 // Expect to try to create a client with keytab and fails with "o such file or directory" error 114 expectedErr := errors.New("open nonexist.keytab: no such file or directory") 115 clientConfig := NewTestConfig() 116 clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI 117 clientConfig.Net.SASL.Enable = true 118 clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka" 119 clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM" 120 clientConfig.Net.SASL.GSSAPI.Username = "client" 121 clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_KEYTAB_AUTH 122 clientConfig.Net.SASL.GSSAPI.KeyTabPath = "nonexist.keytab" 123 clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf" 124 _, err = createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig) 125 if err.Error() != expectedErr.Error() { 126 t.Errorf("Expected error:%s, got:%s.", err, expectedErr) 127 } 128} 129 130func TestCreateWithDisablePAFXFAST(t *testing.T) { 131 kerberosConfig, err := krbcfg.NewFromString(krb5cfg) 132 if err != nil { 133 t.Fatal(err) 134 } 135 // Expect to try to create a client with keytab and fails with "o such file or directory" error 136 expectedErr := errors.New("open nonexist.keytab: no such file or directory") 137 clientConfig := NewTestConfig() 138 clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI 139 clientConfig.Net.SASL.Enable = true 140 clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka" 141 clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM" 142 clientConfig.Net.SASL.GSSAPI.Username = "client" 143 clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_KEYTAB_AUTH 144 clientConfig.Net.SASL.GSSAPI.KeyTabPath = "nonexist.keytab" 145 clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf" 146 clientConfig.Net.SASL.GSSAPI.DisablePAFXFAST = true 147 148 _, err = createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig) 149 if err.Error() != expectedErr.Error() { 150 t.Errorf("Expected error:%s, got:%s.", err, expectedErr) 151 } 152} 153