From 4d3f4933dede6c49260ebe0e54f01bab6a88c729 Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:33:03 -0400 Subject: [PATCH 1/9] Implement integration tests for oauth token methods * Fix seg fault in oauthbearerSetToken definition in rdkafka.c when not passing value for extension * Fix issue with oauthbearer_token_refresh not persisting (was not included in kafka_conf_callbacks_copy) * Modify start-kafka.sh to start kafka container with oauth2 configuration * Implement oauth2 integration tests --- .github/workflows/test/start-kafka.sh | 64 +++++++++-- conf.c | 1 + rdkafka.c | 4 +- rdkafka.stub.php | 4 +- tests/oauthbearer_integration.phpt | 151 ++++++++++++++++++++++++++ tests/test_env.php.sample | 4 + 6 files changed, 214 insertions(+), 14 deletions(-) create mode 100644 tests/oauthbearer_integration.phpt diff --git a/.github/workflows/test/start-kafka.sh b/.github/workflows/test/start-kafka.sh index 4413c48a..bf2eefcc 100755 --- a/.github/workflows/test/start-kafka.sh +++ b/.github/workflows/test/start-kafka.sh @@ -1,20 +1,64 @@ #!/bin/sh docker network create kafka_network -docker pull wurstmeister/zookeeper:3.4.6 -docker run -d --network kafka_network --name zookeeper wurstmeister/zookeeper:3.4.6 -docker pull wurstmeister/kafka:2.13-2.6.0 -docker run -d -p 9092:9092 --network kafka_network -e "KAFKA_AUTO_CREATE_TOPICS_ENABLE=true" -e "KAFKA_CREATE_TOPICS=test-topic:1:1:compact" -e "KAFKA_ADVERTISED_HOST_NAME=kafka" -e "KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181" -e "KAFKA_ADVERTISED_PORT=9092" --name kafka wurstmeister/kafka:2.13-2.6.0 -printf "\n127.0.0.1 kafka\n"|sudo tee /etc/hosts >/dev/null +docker pull wurstmeister/zookeeper:latest +docker run -d --network kafka_network --name zookeeper wurstmeister/zookeeper:latest +docker pull wurstmeister/kafka:latest +docker run -d -p 9092:9092 --network kafka_network \ + -e "KAFKA_AUTO_CREATE_TOPICS_ENABLE=true" \ + -e "KAFKA_CREATE_TOPICS=test-topic:1:1:compact" \ + -e "KAFKA_BROKER_ID=1" \ + -e "KAFKA_ADVERTISED_HOST_NAME=kafka" \ + -e "KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181/kafka" \ + -e "KAFKA_ADVERTISED_PORT=9092" \ + --name kafka wurstmeister/kafka:latest -echo "Waiting for Kafka to be ready" +docker run -d -p 29092:29092 --network kafka_network \ + -e "KAFKA_AUTO_CREATE_TOPICS_ENABLE=true" \ + -e "KAFKA_CREATE_TOPICS=test-topic:1:1:compact" \ + -e "KAFKA_ADVERTISED_HOST_NAME=kafka_oauth2" \ + -e "KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181/kafka_oauth2" \ + -e "KAFKA_ADVERTISED_PORT=29092" \ + -e "KAFKA_BROKER_ID=2" \ + -e "KAFKA_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ + -e "KAFKA_ADVERTISED_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ + -e "KAFKA_LISTENER_NAME_SASLPLAINTEXT_OAUTHBEARER_SASL_JAAS_CONFIG=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredValidatorRequiredScope=\"required-scope\" unsecuredLoginStringClaim_scope=\"required-scope\" unsecuredLoginStringClaim_sub=\"admin\";" \ + -e "KAFKA_INTER_BROKER_LISTENER_NAME=SASLPLAINTEXT" \ + -e "KAFKA_SASL_ENABLED_MECHANISMS=OAUTHBEARER" \ + -e "KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=SASLPLAINTEXT:SASL_PLAINTEXT" \ + -e "KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL=OAUTHBEARER" \ + --name kafka_oauth2 wurstmeister/kafka:latest + +printf "\n127.0.0.1 kafka\n127.0.0.1 kafka_oauth2\n"|sudo tee /etc/hosts >/dev/null + +echo "Waiting for Kafka services to be ready" + +kakfa_ready=0 +kafka_oauth2_ready=0 for i in $(seq 1 20); do - if kafkacat -b 127.0.0.1 -L; then - echo "Kafka is ready" - exit 0 + if [ $kafka_ready -eq 0 ]; then + if kafkacat -b 127.0.0.1 -L; then + kafka_ready=1 + echo "Kafka is ready" + fi + fi + if [ $kafka_oauth2_ready -eq 0 ]; then + if kafkacat -b kafka_oauth2:29092 \ + -X security.protocol=SASL_PLAINTEXT \ + -X sasl.mechanisms=OAUTHBEARER \ + -X enable.sasl.oauthbearer.unsecure.jwt="true" \ + -X sasl.oauthbearer.config="principal=admin scope=required-scope" -L + then + kafka_oauth2_ready=1 + echo "Kafka OAuth2 is ready" + fi + fi + + if [ $kafka_ready -eq 1 ] && [ $kafka_oauth2_ready -eq 1 ]; then + exit 0 fi done -echo "Timedout waiting for Kafka to be ready" +echo "Timedout waiting for Kafka services to be ready" exit 1 diff --git a/conf.c b/conf.c index e438e5fa..9aa8132f 100644 --- a/conf.c +++ b/conf.c @@ -81,6 +81,7 @@ static void kafka_conf_callback_copy(kafka_conf_callback **to, kafka_conf_callba void kafka_conf_callbacks_copy(kafka_conf_callbacks *to, kafka_conf_callbacks *from) /* {{{ */ { + kafka_conf_callback_copy(&to->oauthbearer_token_refresh, from->oauthbearer_token_refresh); kafka_conf_callback_copy(&to->error, from->error); kafka_conf_callback_copy(&to->rebalance, from->rebalance); kafka_conf_callback_copy(&to->dr_msg, from->dr_msg); diff --git a/rdkafka.c b/rdkafka.c index 61c28eeb..bb2e7aa4 100644 --- a/rdkafka.c +++ b/rdkafka.c @@ -445,8 +445,8 @@ PHP_METHOD(RdKafka, oauthbearerSetToken) } errstr[0] = '\0'; - - int extensions_size; + + int extensions_size = 0; char **extensions = NULL; if (extensions_hash != NULL) { diff --git a/rdkafka.stub.php b/rdkafka.stub.php index d877b5b2..8d029b72 100644 --- a/rdkafka.stub.php +++ b/rdkafka.stub.php @@ -77,10 +77,10 @@ public function resumePartitions(array $topic_partitions): array {} #ifdef HAS_RD_KAFKA_OAUTHBEARER /** @tentative-return-type */ - public function oauthbearerSetToken(string $token_value, int $lifetime_ms, string $principal_name, array $extensions = []): void; + public function oauthbearerSetToken(string $token_value, int $lifetime_ms, string $principal_name, array $extensions = []): void {} /** @tentative-return-type */ - public function oauthbearerSetTokenFailure(string $error): void; + public function oauthbearerSetTokenFailure(string $error): void {} #endif } } diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt new file mode 100644 index 00000000..e10bcf40 --- /dev/null +++ b/tests/oauthbearer_integration.phpt @@ -0,0 +1,151 @@ +--TEST-- +Produce, consume, oauth +--SKIPIF-- + +--FILE-- + $principal, + 'exp' => $expirySeconds, + 'iat' => $nowSeconds - 10, + 'scope' => $scope, + ]; + + $headerJwsSegment = 'eyJhbGciOiJub25lIn0'; + $claimsJwsSegment = base64_encode(json_encode($claims)); + $claimsJwsSegment = rtrim(strtr($claimsJwsSegment, '+/', '-_'), '='); + + $jws = sprintf('%s.%s.', $headerJwsSegment, $claimsJwsSegment); + + return [ + 'value' => $jws, + 'principal' => $principal, + 'expiryMs' => $expiryMs, + ]; +} + +// Set up tests +$conf = new RdKafka\Conf(); +if (RD_KAFKA_VERSION >= 0x090000 && false !== getenv('TEST_KAFKA_BROKER_VERSION')) { + $conf->set('broker.version.fallback', getenv('TEST_KAFKA_BROKER_VERSION')); +} +$conf->set('metadata.broker.list', getenv('TEST_KAFKA_OAUTH_BROKERS')); +$conf->set('security.protocol', 'SASL_PLAINTEXT'); +$conf->set('sasl.mechanisms', 'OAUTHBEARER'); +$conf->set('sasl.oauthbearer.config', 'principal=admin'); +$conf->setLogCb(function ($kafka, $level, $facility, $message) {}); +$conf->setErrorCb(function ($producer, $err, $errstr) { + printf("%s: %s\n", rd_kafka_err2str($err), $errstr); +}); + +// Test that refresh token with setting token accurately will succeed when getting metadata +$conf->setOauthbearerTokenRefreshCb(function ($producer) { + echo "Refreshing token and succeeding\n"; + $token = generateJws(); + $producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal']); +}); +$producer = new \RdKafka\Producer($conf); +$producer->poll(0); +$topicName = sprintf("test_rdkafka_%s", uniqid()); +$topic = $producer->newTopic($topicName); + +try { + $producer->getMetadata(false, $topic, 10*1000); + echo "Metadata retrieved successfully when refresh callback set token\n"; +} catch (\RdKafka\Exception $e) { + echo "FAIL: Caught exception when getting metadata after successfully refreshing any token\n"; +} + +// Test that refresh token with setting token failure will fail when getting metadata +$conf->setOauthbearerTokenRefreshCb(function ($producer) { + echo "Setting token failure in refresh cb\n"; + $producer->oauthbearerSetTokenFailure('Token failure before getting metadata'); + $producer->poll(0); +}); +$producer = new \RdKafka\Producer($conf); +$producer->poll(0); +$topicName = sprintf("test_rdkafka_%s", uniqid()); +$topic = $producer->newTopic($topicName); +try { + $producer->getMetadata(false, $topic, 10*1000); + echo "FAIL: Did not catch exception after not setting or refreshing any token\n"; +} catch (\RdKafka\Exception $e) { + echo "Caught exception when getting metadata after not setting or refreshing any token\n"; +} + +// Test that setting token without refreshing will get metadata successfully +$conf->setOauthbearerTokenRefreshCb(function ($producer) {}); +$producer = new \RdKafka\Producer($conf); +$token = generateJws(); +$producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal']); +$topicName = sprintf("test_rdkafka_%s", uniqid()); +$topic = $producer->newTopic($topicName); +try { + $producer->getMetadata(false, $topic, 10*1000); + echo "Got metadata successfully\n"; +} catch (\RdKafka\Exception $e) { + echo "FAIL: Set token but still got exception \n"; + exit; +} + +// Test that token refresh is called after token expires +$conf->setOauthbearerTokenRefreshCb(function ($producer) { + echo "Refreshing token\n"; +}); +$producer = new \RdKafka\Producer($conf); +$token = generateJws(expiresInSeconds: 5); +$producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal']); +$producer->poll(0); +echo "Polled with refresh\n"; +sleep(1); +$producer->poll(0); +echo "Polled without refresh\n"; +sleep(4); +$producer->poll(0); +echo "Polled with refresh\n"; + +// Test that tokens without required scope fail +$producer = new \RdKafka\Producer($conf); +$token = generateJws('not-required-scope'); +$producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal']); +$topicName = sprintf("test_rdkafka_%s", uniqid()); +$topic = $producer->newTopic($topicName); +try { + $producer->getMetadata(false, $topic, 10*1000); + echo "FAIL: Exception not thrown as expected when using insufficient scope\n"; + exit; +} catch (\RdKafka\Exception $e) { + echo "Caught expected exception with insufficient_scope\n"; +} + +// Test that setting token with extensions succeeds +$conf->setOauthbearerTokenRefreshCb(function ($producer) {}); +$producer = new \RdKafka\Producer($conf); +$token = generateJws(); +$producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal'], ['testExtensionKey' => 'Test extension value']); +$producer->poll(0); + +--EXPECT-- +Refreshing token and succeeding +Metadata retrieved successfully when refresh callback set token +Setting token failure in refresh cb +Local: Authentication failure: Failed to acquire SASL OAUTHBEARER token: Token failure before getting metadata +Caught exception when getting metadata after not setting or refreshing any token +Got metadata successfully +Refreshing token +Polled with refresh +Polled without refresh +Refreshing token +Polled with refresh +Caught expected exception with insufficient_scope \ No newline at end of file diff --git a/tests/test_env.php.sample b/tests/test_env.php.sample index e43476aa..0d6be87a 100644 --- a/tests/test_env.php.sample +++ b/tests/test_env.php.sample @@ -4,6 +4,10 @@ if (false === getenv('TEST_KAFKA_BROKERS')) { putenv('TEST_KAFKA_BROKERS=localhost:9092'); } +if (false === getenv('TEST_KAFKA_OAUTH_BROKERS')) { + putenv('TEST_KAFKA_OAUTH_BROKERS=kafka_oauth2:29092'); +} + if (false === getenv('TEST_KAFKA_BROKER_VERSION')) { putenv('TEST_KAFKA_BROKER_VERSION=2.3'); } From edead1c29de7760081c7c29dd610711d57d8dd48 Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Sun, 13 Oct 2024 11:41:15 -0400 Subject: [PATCH 2/9] Fix typo in kafka_ready --- .github/workflows/test/start-kafka.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test/start-kafka.sh b/.github/workflows/test/start-kafka.sh index bf2eefcc..b41035ff 100755 --- a/.github/workflows/test/start-kafka.sh +++ b/.github/workflows/test/start-kafka.sh @@ -33,7 +33,7 @@ printf "\n127.0.0.1 kafka\n127.0.0.1 kafka_oauth2\n"|sudo tee /etc/hosts >/dev echo "Waiting for Kafka services to be ready" -kakfa_ready=0 +kafka_ready=0 kafka_oauth2_ready=0 for i in $(seq 1 20); do From b92336be6d7791834009194faa622290409e3977 Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Sun, 13 Oct 2024 19:49:03 -0400 Subject: [PATCH 3/9] Skip oauthbearer tests and setup steps if librdkafka version does not support it * Add new test env var SKIP_OAUTH based on matrix.skipoauth * Set matrix.skipoauth on all librdkafka versions below v1.1.0 * Don't set up kafka_oauth2 container if SKIP_OAUTH is 1 * Skip tests in oauthbearer_integration.phpt if RD_KAFKA_VERSION is below 0x010100 --- .github/workflows/test.yml | 12 +++++++++ .github/workflows/test/start-kafka.sh | 36 ++++++++++++++------------- tests/oauthbearer_integration.phpt | 2 +- 3 files changed, 32 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 97365c07..c38a9969 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -108,28 +108,39 @@ jobs: # librdkafka 1.0.1 - php: '8.1.0' librdkafka: 'v1.0.1' + skipoauth: '1' - php: '8.0.0' librdkafka: 'v1.0.1' + skipoauth: '1' - php: '7.4.0' librdkafka: 'v1.0.1' + skipoauth: '1' - php: '7.3.0' librdkafka: 'v1.0.1' + skipoauth: '1' # librdkafka 0.11.6 - php: '8.1.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '8.0.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '7.4.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '7.3.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '7.2.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '7.1.0' librdkafka: 'v0.11.6' + skipoauth: '1' - php: '7.0.0' librdkafka: 'v0.11.6' + skipoauth: '1' # librdkafka master (experimental, does not block PRs) - php: '8.3.0' @@ -157,6 +168,7 @@ jobs: PHP_VERSION: ${{ matrix.php }} LIBRDKAFKA_VERSION: ${{ matrix.librdkafka }} MEMORY_CHECK: ${{ matrix.memcheck }} + SKIP_OAUTH: ${{ matrix.skipoauth }} TEST_KAFKA_BROKERS: kafka:9092 TEST_KAFKA_BROKER_VERSION: 2.6 steps: diff --git a/.github/workflows/test/start-kafka.sh b/.github/workflows/test/start-kafka.sh index b41035ff..b8949a90 100755 --- a/.github/workflows/test/start-kafka.sh +++ b/.github/workflows/test/start-kafka.sh @@ -13,21 +13,23 @@ docker run -d -p 9092:9092 --network kafka_network \ -e "KAFKA_ADVERTISED_PORT=9092" \ --name kafka wurstmeister/kafka:latest -docker run -d -p 29092:29092 --network kafka_network \ - -e "KAFKA_AUTO_CREATE_TOPICS_ENABLE=true" \ - -e "KAFKA_CREATE_TOPICS=test-topic:1:1:compact" \ - -e "KAFKA_ADVERTISED_HOST_NAME=kafka_oauth2" \ - -e "KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181/kafka_oauth2" \ - -e "KAFKA_ADVERTISED_PORT=29092" \ - -e "KAFKA_BROKER_ID=2" \ - -e "KAFKA_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ - -e "KAFKA_ADVERTISED_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ - -e "KAFKA_LISTENER_NAME_SASLPLAINTEXT_OAUTHBEARER_SASL_JAAS_CONFIG=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredValidatorRequiredScope=\"required-scope\" unsecuredLoginStringClaim_scope=\"required-scope\" unsecuredLoginStringClaim_sub=\"admin\";" \ - -e "KAFKA_INTER_BROKER_LISTENER_NAME=SASLPLAINTEXT" \ - -e "KAFKA_SASL_ENABLED_MECHANISMS=OAUTHBEARER" \ - -e "KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=SASLPLAINTEXT:SASL_PLAINTEXT" \ - -e "KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL=OAUTHBEARER" \ - --name kafka_oauth2 wurstmeister/kafka:latest +if [ ${SKIP_OAUTH:-0} -ne 1 ]; then + docker run -d -p 29092:29092 --network kafka_network \ + -e "KAFKA_AUTO_CREATE_TOPICS_ENABLE=true" \ + -e "KAFKA_CREATE_TOPICS=test-topic:1:1:compact" \ + -e "KAFKA_ADVERTISED_HOST_NAME=kafka_oauth2" \ + -e "KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181/kafka_oauth2" \ + -e "KAFKA_ADVERTISED_PORT=29092" \ + -e "KAFKA_BROKER_ID=2" \ + -e "KAFKA_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ + -e "KAFKA_ADVERTISED_LISTENERS=SASLPLAINTEXT://kafka_oauth2:29092" \ + -e "KAFKA_LISTENER_NAME_SASLPLAINTEXT_OAUTHBEARER_SASL_JAAS_CONFIG=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredValidatorRequiredScope=\"required-scope\" unsecuredLoginStringClaim_scope=\"required-scope\" unsecuredLoginStringClaim_sub=\"admin\";" \ + -e "KAFKA_INTER_BROKER_LISTENER_NAME=SASLPLAINTEXT" \ + -e "KAFKA_SASL_ENABLED_MECHANISMS=OAUTHBEARER" \ + -e "KAFKA_LISTENER_SECURITY_PROTOCOL_MAP=SASLPLAINTEXT:SASL_PLAINTEXT" \ + -e "KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL=OAUTHBEARER" \ + --name kafka_oauth2 wurstmeister/kafka:latest +fi printf "\n127.0.0.1 kafka\n127.0.0.1 kafka_oauth2\n"|sudo tee /etc/hosts >/dev/null @@ -43,7 +45,7 @@ for i in $(seq 1 20); do echo "Kafka is ready" fi fi - if [ $kafka_oauth2_ready -eq 0 ]; then + if [ $kafka_oauth2_ready -eq 0 ] && [ ${SKIP_OAUTH:-0} -ne 1 ]; then if kafkacat -b kafka_oauth2:29092 \ -X security.protocol=SASL_PLAINTEXT \ -X sasl.mechanisms=OAUTHBEARER \ @@ -55,7 +57,7 @@ for i in $(seq 1 20); do fi fi - if [ $kafka_ready -eq 1 ] && [ $kafka_oauth2_ready -eq 1 ]; then + if [ $kafka_ready -eq 1 ] && ( [ $kafka_oauth2_ready -eq 1 ] || [ ${SKIP_OAUTH:-0} -eq 1 ] ); then exit 0 fi done diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index e10bcf40..40b74944 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -3,7 +3,7 @@ Produce, consume, oauth --SKIPIF-- +RD_KAFKA_VERSION >= 0x010100 || die("skip librdkafka too old does not support oauthbearer"); --FILE-- Date: Sun, 13 Oct 2024 19:57:48 -0400 Subject: [PATCH 4/9] Ensure tests compatible with all php versions --- tests/oauthbearer_integration.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index 40b74944..221b8a07 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -8,7 +8,7 @@ RD_KAFKA_VERSION >= 0x010100 || die("skip librdkafka too old does not support oa setOauthbearerTokenRefreshCb(function ($producer) { echo "Refreshing token\n"; }); $producer = new \RdKafka\Producer($conf); -$token = generateJws(expiresInSeconds: 5); +$token = generateJws('required-scope', 5); $producer->oauthbearerSetToken($token['value'], $token['expiryMs'], $token['principal']); $producer->poll(0); echo "Polled with refresh\n"; From 42d3110b99f8d5caa9e74c633984d87e63853a9b Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Sun, 13 Oct 2024 20:10:27 -0400 Subject: [PATCH 5/9] Fix RD_KAFKA_VERSION comparison --- tests/oauthbearer_integration.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index 221b8a07..b43349f3 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -3,7 +3,7 @@ Produce, consume, oauth --SKIPIF-- = 0x010100 || die("skip librdkafka too old does not support oauthbearer"); +RD_KAFKA_VERSION >= 0x01010000 || die("skip librdkafka too old does not support oauthbearer"); --FILE-- Date: Sun, 13 Oct 2024 20:27:58 -0400 Subject: [PATCH 6/9] Remove usage of json_encode as we don't have access to json extension --- tests/oauthbearer_integration.phpt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index b43349f3..38812574 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -15,15 +15,15 @@ function generateJws($scope = 'required-scope', $expiresInSeconds = 60) $expiryMs = $expirySeconds * 1000; $principal = 'admin'; - $claims = [ - 'sub' => $principal, - 'exp' => $expirySeconds, - 'iat' => $nowSeconds - 10, - 'scope' => $scope, - ]; - + $claimsJson = sprintf( + '{"sub": "%s", "exp": %d, "iat": %d, "scope": "%s"}', + $principal, + $expirySeconds, + $nowSeconds - 10, + $scope, + ); $headerJwsSegment = 'eyJhbGciOiJub25lIn0'; - $claimsJwsSegment = base64_encode(json_encode($claims)); + $claimsJwsSegment = base64_encode($claimsJson); $claimsJwsSegment = rtrim(strtr($claimsJwsSegment, '+/', '-_'), '='); $jws = sprintf('%s.%s.', $headerJwsSegment, $claimsJwsSegment); From 28cc1ccdfa4930a51df80d4abbd9c41c0bd9892a Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Sun, 13 Oct 2024 21:33:22 -0400 Subject: [PATCH 7/9] Add newline to end of test file --- tests/oauthbearer_integration.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index 38812574..0b14edf8 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -148,4 +148,4 @@ Polled with refresh Polled without refresh Refreshing token Polled with refresh -Caught expected exception with insufficient_scope \ No newline at end of file +Caught expected exception with insufficient_scope From 2b859d6d3dcf77d502c56ff5114408d5dda6cc8a Mon Sep 17 00:00:00 2001 From: Sarina Corrigan <26685104+scorgn@users.noreply.github.com> Date: Mon, 14 Oct 2024 16:47:51 -0400 Subject: [PATCH 8/9] Change test name to match contents --- tests/oauthbearer_integration.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index 0b14edf8..a016bfdd 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -1,5 +1,5 @@ --TEST-- -Produce, consume, oauth +oauthbearer, metadata --SKIPIF-- Date: Mon, 14 Oct 2024 16:51:05 -0400 Subject: [PATCH 9/9] Change test name to match contents --- tests/oauthbearer_integration.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/oauthbearer_integration.phpt b/tests/oauthbearer_integration.phpt index a016bfdd..b95de0f6 100644 --- a/tests/oauthbearer_integration.phpt +++ b/tests/oauthbearer_integration.phpt @@ -1,5 +1,5 @@ --TEST-- -oauthbearer, metadata +Oauthbearer --SKIPIF--