Oauthbearer support #680
Oauthbearer support #680
Conversation
|
I wrote a test using for OAUTHBEARER login, but the problem is that Kafka fails to start with exception Unfortunately i found other users having the same issue, by looking at the Java class at https://github.com/apache/kafka/blob/b8651d4e82d45463d2c71798bd5852f8a605b440/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/unsecured/OAuthBearerUnsecuredValidatorCallbackHandler.java it looks like it doesn't properly lookup the JAAS entry but just checks that there's only one and pick it, so it gets confused by PLAN and SCRAM entries. I also tried declaring a dedicated listener for the test but it still refuse to start with the same error. I opened a branch In the meantime i added the docs. |
|
Do you have any plan for merging the PR and having the funcionality available in GA releases? |
uwburn
force-pushed
the
oauthbearer-support
branch
from
758d783
to
2d7e1f9
Compare
|
Rebased. |
Sorry about the delay. It seems all the maintainers, including myself, are busy with life and work lately.
I think that sounds good, but rather than commenting it out, let's do what we do for running tests with different versions of Kafka: Lines 193 to 199 in b13567d So something like: const testIfEnv = (key, value) => (description, callback, testFn = test) => {
return value === process.env[key]
? testFn(description, callback)
: test.skip(description, callback)
}
/**
* <Explanation why oauthbearer is conditionally enabled and how to enable it>
*/
const testIfOauthbearerEnabled = testIfEnv('OAUTHBEARER_ENABLED', '1')Then you test would be just the following, and it would run if |
Sorry, i was not meaning to be harsh, i am about to start a project in the company where i work that would include kafkajs, so i'm looking forward to avoid using git npm dependencies, but that's not really an issue. Anyway, i followed your suggestion, also i rearranged a bit SASL tests to avoid code duplications. By looking at it i noted that probably some other conditional tests about 1.1 and 0.11 must be rechecked, if i have some time to spare eventually i will submit another PR about that. |
Co-authored-by: Tommy Brunn <tommy.brunn@gmail.com>
uwburn
force-pushed
the
oauthbearer-support
branch
from
bb0deec
to
0226942
Compare
Not ideal, but because we have to scan for matching test names, the job ends up taking 5+ minutes in CI. The tests could be reorganized to instead move all OauthBearer tests into a single spec (or specs with a specific name) to be able to use `testPathPattern` instead of `testNamePattern`, at which point we could probably enable this again.
|
I added a job to the pipeline that runs the Oauthbearer tests. It's configured to only run in master, as it takes more than 5 minutes to search through all tests for the SASL OAUTHBEARER ones. Not great, and could be fixed by reorganizing the tests so that all the oauthbearer ones are in files with a certain suffix or something, but I'm not gonna do that right now. I did run the job through CI once, and it passed. |
#674
Implemented the SASL OAUTHBEARER request, the reauthentication mechanism seems to be handled automatically by already present
isConnected()check insrc/broker/index.js, as it evalueates the sessionLifetime that is replied back from Kafka when proper options (connections.max.reauth.ms) are configured in the broker.A base spec ha been introduced to check the most obvious errors, more elaborate testing seems difficult to set up, as requires plenty of configuration on the broker.
Some tests are failing, but they do seem unrelated.
Updates to the documentation are missing at the moment.