root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MINOR: Update unit/integration tests to work with the IBM Semeru JDK (#12343) 

The IBM Semeru JDK use the OpenJDK security providers instead of the IBM security providers so test for the OpenJDK classes first where possible and test for Semeru in the java.runtime.name system property otherwise.

Reviewers: Mickael Maison <mickael.maison@gmail.com>, Bruno Cadonna <cadonna@apache.org>
This commit is contained in:
Jonathan Albrecht 2022-12-01 10:22:00 -05:00 committed by GitHub
parent 52bb677bbe
commit b56e71faee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 41 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clients/src/main/java/org/apache/kafka/common/utils/Java.java
View File

@ -44,6 +44,10 @@ public final class Java {
return System.getProperty("java.vendor").contains("IBM");
}
public static boolean isIbmJdkSemeru() {
return isIbmJdk() && System.getProperty("java.runtime.name", "").contains("Semeru");
}
// Package private for testing
static class Version {
public final int majorVersion;

18
clients/src/test/java/org/apache/kafka/common/utils/JavaTest.java
View File

@ -27,15 +27,18 @@ import org.junit.jupiter.api.Test;
public class JavaTest {
private String javaVendor;
private String javaRuntimeName;
@BeforeEach
public void before() {
javaVendor = System.getProperty("java.vendor");
javaRuntimeName = System.getProperty("java.runtime.name");
}
@AfterEach
public void after() {
System.setProperty("java.vendor", javaVendor);
System.setProperty("java.runtime.name", javaRuntimeName);
}
@Test
@ -46,9 +49,22 @@ public class JavaTest {
assertTrue(Java.isIbmJdk());
}
@Test
public void testIsIBMJdkSemeru() {
System.setProperty("java.vendor", "Oracle Corporation");
assertFalse(Java.isIbmJdkSemeru());
System.setProperty("java.vendor", "IBM Corporation");
System.setProperty("java.runtime.name", "Java(TM) SE Runtime Environment");
assertFalse(Java.isIbmJdkSemeru());
System.setProperty("java.vendor", "IBM Corporation");
System.setProperty("java.runtime.name", "IBM Semeru Runtime Certified Edition");
assertTrue(Java.isIbmJdkSemeru());
}
@Test
public void testLoadKerberosLoginModule() throws ClassNotFoundException {
String clazz = Java.isIbmJdk()
// IBM Semeru JDKs use the OpenJDK security providers
String clazz = Java.isIbmJdk() && !Java.isIbmJdkSemeru()
? "com.ibm.security.auth.module.Krb5LoginModule"
: "com.sun.security.auth.module.Krb5LoginModule";
Class.forName(clazz);

2
core/src/test/scala/kafka/security/minikdc/MiniKdc.scala
View File

@ -261,7 +261,7 @@ class MiniKdc(config: Properties, workDir: File) extends Logging {
private def refreshJvmKerberosConfig(): Unit = {
val klass =
if (Java.isIbmJdk)
if (Java.isIbmJdk && !Java.isIbmJdkSemeru)
Class.forName("com.ibm.security.krb5.internal.Config")
else
Class.forName("sun.security.krb5.Config")

17
core/src/test/scala/unit/kafka/utils/JaasTestUtils.scala
View File

@ -31,16 +31,17 @@ object JaasTestUtils {
keyTab: String,
principal: String,
debug: Boolean,
serviceName: Option[String]) extends JaasModule {
serviceName: Option[String],
isIbmSecurity: Boolean) extends JaasModule {
def name =
if (Java.isIbmJdk)
if (isIbmSecurity)
"com.ibm.security.auth.module.Krb5LoginModule"
else
"com.sun.security.auth.module.Krb5LoginModule"
def entries: Map[String, String] =
if (Java.isIbmJdk)
if (isIbmSecurity)
Map(
"principal" -> principal,
"credsType" -> "both"
@ -119,6 +120,8 @@ object JaasTestUtils {
}
}
private val isIbmSecurity = Java.isIbmJdk && !Java.isIbmJdkSemeru
private val ZkServerContextName = "Server"
private val ZkClientContextName = "Client"
private val ZkUserSuperPasswd = "adminpasswd"
@ -158,7 +161,7 @@ object JaasTestUtils {
val result = saslProperties.getOrElse(new Properties)
// IBM Kerberos module doesn't support the serviceName JAAS property, hence it needs to be
// passed as a Kafka property
if (Java.isIbmJdk && !result.contains(KafkaConfig.SaslKerberosServiceNameProp))
if (isIbmSecurity && !result.contains(KafkaConfig.SaslKerberosServiceNameProp))
result.put(KafkaConfig.SaslKerberosServiceNameProp, serviceName)
result
}
@ -215,7 +218,8 @@ object JaasTestUtils {
keyTab = keytabLocation.getOrElse(throw new IllegalArgumentException("Keytab location not specified for GSSAPI")).getAbsolutePath,
principal = KafkaServerPrincipal,
debug = true,
serviceName = Some(serviceName))
serviceName = Some(serviceName),
isIbmSecurity)
case "PLAIN" =>
PlainLoginModule(
KafkaPlainAdmin,
@ -256,7 +260,8 @@ object JaasTestUtils {
keyTab = keytabLocation.getOrElse(throw new IllegalArgumentException("Keytab location not specified for GSSAPI")).getAbsolutePath,
principal = clientPrincipal,
debug = true,
serviceName = Some(serviceName)
serviceName = Some(serviceName),
isIbmSecurity
)
case "PLAIN" =>
PlainLoginModule(

5
tests/kafkatest/services/security/security_config.py
View File

@ -276,6 +276,7 @@ class SecurityConfig(TemplateRenderer):
node.account.ssh("mkdir -p %s" % SecurityConfig.CONFIG_DIR, allow_fail=False)
jaas_conf_file = "jaas.conf"
java_version = node.account.ssh_capture("java -version")
is_ibm_security = any('IBM' in line for line in java_version) and not any('Semeru' in line for line in java_version)
jaas_conf = None
if 'sasl.jaas.config' not in self.properties:
@ -283,7 +284,7 @@ class SecurityConfig(TemplateRenderer):
jaas_conf_file,
{
'node': node,
'is_ibm_jdk': any('IBM' in line for line in java_version),
'is_ibm_security': is_ibm_security,
'SecurityConfig': SecurityConfig,
'client_sasl_mechanism': self.client_sasl_mechanism,
'enabled_sasl_mechanisms': self.enabled_sasl_mechanisms
@ -299,7 +300,7 @@ class SecurityConfig(TemplateRenderer):
"admin_client_as_broker_jaas.conf",
{
'node': node,
'is_ibm_jdk': any('IBM' in line for line in java_version),
'is_ibm_security': is_ibm_security,
'SecurityConfig': SecurityConfig,
'client_sasl_mechanism': self.client_sasl_mechanism,
'enabled_sasl_mechanisms': self.enabled_sasl_mechanisms

2
tests/kafkatest/services/security/templates/admin_client_as_broker_jaas.conf
View File

@ -14,7 +14,7 @@
KafkaClient {
{% if "GSSAPI" in enabled_sasl_mechanisms %}
{% if is_ibm_jdk %}
{% if is_ibm_security %}
com.ibm.security.auth.module.Krb5LoginModule required debug=false
credsType=both
useKeytab="file:/mnt/security/keytab"

8
tests/kafkatest/services/security/templates/jaas.conf
View File

@ -16,7 +16,7 @@
KafkaClient {
{% endif %}
{% if "GSSAPI" in client_sasl_mechanism %}
{% if is_ibm_jdk %}
{% if is_ibm_security %}
com.ibm.security.auth.module.Krb5LoginModule required debug=false
credsType=both
useKeytab="file:/mnt/security/keytab"
@ -44,7 +44,7 @@ KafkaClient {
KafkaServer {
{% if "GSSAPI" in enabled_sasl_mechanisms %}
{% if is_ibm_jdk %}
{% if is_ibm_security %}
com.ibm.security.auth.module.Krb5LoginModule required debug=false
credsType=both
useKeytab="file:/mnt/security/keytab"
@ -74,7 +74,7 @@ KafkaServer {
{% if zk_sasl %}
Client {
{% if is_ibm_jdk %}
{% if is_ibm_security %}
com.ibm.security.auth.module.Krb5LoginModule required debug=false
credsType=both
useKeytab="file:/mnt/security/keytab"
@ -90,7 +90,7 @@ Client {
};
Server {
{% if is_ibm_jdk %}
{% if is_ibm_security %}
com.ibm.security.auth.module.Krb5LoginModule required debug=false
credsType=both
useKeyTab="file:/mnt/security/keytab"