kerberos_client_test.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. package sarama
  2. import (
  3. "errors"
  4. krbcfg "gopkg.in/jcmturner/gokrb5.v7/config"
  5. "gopkg.in/jcmturner/gokrb5.v7/test/testdata"
  6. "testing"
  7. )
  8. /*
  9. * Minimum requirement for client creation
  10. * we are not testing the client itself, we only test that the client is created
  11. * properly.
  12. *
  13. */
  14. const TEST_KRB5CONF = `
  15. [libdefaults]
  16. default_realm = EXAMPLE.COM
  17. [realms]
  18. EXAMPLE.COM = {
  19. kdc = kerberos.example.com
  20. admin_server = kerberos.example.com
  21. }
  22. [domain_realm]
  23. .example.com = EXAMPLE.COM
  24. example.com = EXAMPLE.COM
  25. `
  26. func TestFaildToCreateKerberosConfig(t *testing.T) {
  27. expectedErr := errors.New("configuration file could not be opened: krb5.conf open krb5.conf: no such file or directory")
  28. clientConfig := NewConfig()
  29. clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI
  30. clientConfig.Net.SASL.Enable = true
  31. clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka"
  32. clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM"
  33. clientConfig.Net.SASL.GSSAPI.Username = "client"
  34. clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_USER_AUTH
  35. clientConfig.Net.SASL.GSSAPI.Password = "qwerty"
  36. clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "krb5.conf"
  37. _, err := NewKerberosClient(&clientConfig.Net.SASL.GSSAPI)
  38. // Expect to create client with password
  39. if err.Error() != expectedErr.Error() {
  40. t.Errorf("Expected error:%s, got:%s.", err, expectedErr)
  41. }
  42. }
  43. func TestCreateWithPassword(t *testing.T) {
  44. kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF)
  45. if err != nil {
  46. t.Fatal(err)
  47. }
  48. expectedDoman := "EXAMPLE.COM"
  49. expectedCName := "client"
  50. clientConfig := NewConfig()
  51. clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI
  52. clientConfig.Net.SASL.Enable = true
  53. clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka"
  54. clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM"
  55. clientConfig.Net.SASL.GSSAPI.Username = "client"
  56. clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_USER_AUTH
  57. clientConfig.Net.SASL.GSSAPI.Password = "qwerty"
  58. clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf"
  59. client, _ := createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig)
  60. // Expect to create client with password
  61. if client == nil {
  62. t.Errorf("Expected client not nil")
  63. }
  64. if client.Domain() != expectedDoman {
  65. t.Errorf("Client domain: %s, got: %s", expectedDoman, client.Domain())
  66. }
  67. if client.CName().NameString[0] != expectedCName {
  68. t.Errorf("Client domain:%s, got: %s", expectedCName, client.CName().NameString[0])
  69. }
  70. }
  71. func TestCreateWithKeyTab(t *testing.T) {
  72. kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF)
  73. if err != nil {
  74. t.Fatal(err)
  75. }
  76. // Expect to try to create a client with keytab and fails with "o such file or directory" error
  77. expectedErr := errors.New("open nonexist.keytab: no such file or directory")
  78. clientConfig := NewConfig()
  79. clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI
  80. clientConfig.Net.SASL.Enable = true
  81. clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka"
  82. clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM"
  83. clientConfig.Net.SASL.GSSAPI.Username = "client"
  84. clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_KEYTAB_AUTH
  85. clientConfig.Net.SASL.GSSAPI.KeyTabPath = "nonexist.keytab"
  86. clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf"
  87. _, err = createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig)
  88. if err.Error() != expectedErr.Error() {
  89. t.Errorf("Expected error:%s, got:%s.", err, expectedErr)
  90. }
  91. }