KAFKA-3070: SASL unit tests dont work with IBM JDK

Use IBM Kerberos module for SASL tests if running on IBM JDK Developed with @edoardocomar Based on apache#738 by @rajinisivaram
mimaison · May 12, 2017 · 5c02023 · 5c02023
1 parent 911c768
commit 5c02023
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 21 deletions.
diff --git a/core/src/test/scala/unit/kafka/utils/JaasTestUtils.scala b/core/src/test/scala/unit/kafka/utils/JaasTestUtils.scala
@@ -17,6 +17,8 @@
 package kafka.utils
 
 import java.io.{File, BufferedWriter, FileWriter}
+import java.util.Properties
+import kafka.server.KafkaConfig
 
 object JaasTestUtils {
 
@@ -26,16 +28,30 @@ object JaasTestUtils {
                              principal: String,
                              debug: Boolean,
                              serviceName: Option[String]) extends JaasModule {
-
-    def name = "com.sun.security.auth.module.Krb5LoginModule"
-
-    def entries: Map[String, String] = Map(
-      "useKeyTab" -> useKeyTab.toString,
-      "storeKey" -> storeKey.toString,
-      "keyTab" -> keyTab,
-      "principal" -> principal
-    ) ++ serviceName.map(s => Map("serviceName" -> s)).getOrElse(Map.empty)
-
+    def toJaasModule: JaasModule = {
+      if (isIBMJdk) {
+        JaasModule(
+          "com.ibm.security.auth.module.Krb5LoginModule",
+          debug = debug,
+          entries =  Map(
+            "principal" -> principal,
+            "credsType" -> "both"
+          ) ++ (if (useKeyTab) Map("useKeytab" -> s"file:$keyTab") else Map.empty)
+        )
+      } else {
+        JaasModule(
+          "com.sun.security.auth.module.Krb5LoginModule",
+          debug = debug,
+          entries = Map(
+            "useKeyTab" -> useKeyTab.toString,
+            "storeKey" -> storeKey.toString,
+            "keyTab" -> keyTab,
+            "principal" -> principal,
+            "serviceName" -> serviceName
+          )
+        )
+      }
+    }
   }
 
   case class PlainLoginModule(username: String,
@@ -120,6 +136,19 @@ object JaasTestUtils {
   val KafkaScramAdmin = "scram-admin"
   val KafkaScramAdminPassword = "scram-admin-secret"
 
+  val isIBMJdk = System.getProperty("java.vendor").contains("IBM")
+  val serviceName = "kafka"
+
+  def saslConfigs(saslProperties: Option[Properties]): Properties = {
+    val result = saslProperties match {
+      case Some(properties) => properties
+      case None => new Properties
+    }
+    if (isIBMJdk)
+      result.put(KafkaConfig.SaslKerberosServiceNameProp, JaasTestUtils.serviceName)
+    result
+  }
+
   def writeJaasContextsToFile(jaasSections: Seq[JaasSection]): File = {
     val jaasFile = TestUtils.tempFile()
     writeToFile(jaasFile, jaasSections)
@@ -146,7 +175,7 @@ object JaasTestUtils {
           keyTab = keytabLocation.getOrElse(throw new IllegalArgumentException("Keytab location not specified for GSSAPI")).getAbsolutePath,
           principal = KafkaServerPrincipal,
           debug = true,
-          serviceName = Some("kafka"))
+          serviceName = serviceName)
       case "PLAIN" =>
         PlainLoginModule(
           KafkaPlainAdmin,
@@ -180,7 +209,7 @@ object JaasTestUtils {
           keyTab = keytabLocation.getOrElse(throw new IllegalArgumentException("Keytab location not specified for GSSAPI")).getAbsolutePath,
           principal = clientPrincipal,
           debug = true,
-          serviceName = Some("kafka")
+          serviceName = serviceName
         )
       case "PLAIN" =>
         PlainLoginModule(

diff --git a/core/src/test/scala/unit/kafka/utils/TestUtils.scala b/core/src/test/scala/unit/kafka/utils/TestUtils.scala
@@ -238,7 +238,7 @@ object TestUtils extends Logging {
       props.putAll(sslConfigs(Mode.SERVER, false, trustStoreFile, s"server$nodeId"))
 
     if (protocolAndPorts.exists { case (protocol, _) => usesSaslAuthentication(protocol) })
-      props.putAll(saslConfigs(saslProperties))
+      props.putAll(JaasTestUtils.saslConfigs(saslProperties))
 
     interBrokerSecurityProtocol.foreach { protocol =>
       props.put(KafkaConfig.InterBrokerSecurityProtocolProp, protocol.name)
@@ -502,8 +502,9 @@ object TestUtils extends Logging {
     val props = new Properties
     if (usesSslTransportLayer(securityProtocol))
       props.putAll(sslConfigs(mode, securityProtocol == SecurityProtocol.SSL, trustStoreFile, certAlias))
+
     if (usesSaslAuthentication(securityProtocol))
-      props.putAll(saslConfigs(saslProperties))
+      props.putAll(JaasTestUtils.saslConfigs(saslProperties))
     props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, securityProtocol.name)
     props
   }
@@ -1167,13 +1168,6 @@ object TestUtils extends Logging {
     sslProps
   }
 
-  def saslConfigs(saslProperties: Option[Properties]): Properties = {
-    saslProperties match {
-      case Some(properties) => properties
-      case None => new Properties
-    }
-  }
-
   // a X509TrustManager to trust self-signed certs for unit tests.
   def trustAllCerts: X509TrustManager = {
     val trustManager = new X509TrustManager() {