Skip to content

Commit

Permalink
Merge pull request #282 from gojek/feat/acl-client-changes
Browse files Browse the repository at this point in the history
added support for acl auth
  • Loading branch information
Vruttant1403 authored Jun 17, 2024
2 parents 7370b30 + 61c3418 commit 4177d85
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 16 deletions.
69 changes: 56 additions & 13 deletions src/ziggurat/config.clj
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
[mount.core :refer [defstate]]
[ziggurat.util.java-util :as util])
(:import (java.util Properties)
[org.apache.kafka.common.config SaslConfigs])
[org.apache.kafka.common.config SaslConfigs]
[org.apache.kafka.clients CommonClientConfigs])
(:gen-class
:methods
[^{:static true} [get [String] Object]
Expand Down Expand Up @@ -95,6 +96,9 @@
(defn ssl-config []
(get-in config [:ziggurat :ssl]))

(defn sasl-config []
(get-in config [:ziggurat :sasl]))

(defn rabbitmq-config []
(get (ziggurat-config) :rabbit-mq))

Expand Down Expand Up @@ -197,24 +201,27 @@
(.setProperty p sk nv))))
p)

(def jaas-template
{"PLAIN" "org.apache.kafka.common.security.plain.PlainLoginModule"
"SCRAM-SHA-512" "org.apache.kafka.common.security.scram.ScramLoginModule"})

(defn create-jaas-properties
[user-name password mechanism]
(let [jaas-template (get jaas-template mechanism)]
(format "%s required username=\"%s\" password=\"%s\";" jaas-template user-name password)))
[user-name password login-module]
(format "%s required username=\"%s\" password=\"%s\";" login-module user-name password))

(defn- add-jaas-properties
[properties jaas-config]
(if (some? jaas-config)
(let [username (get jaas-config :username)
password (get jaas-config :password)
mechanism (get jaas-config :mechanism)]
login-module (get jaas-config :login-module)
jaas_props (create-jaas-properties username password login-module)]
(doto properties
(.put SaslConfigs/SASL_JAAS_CONFIG
(create-jaas-properties username password mechanism))))
(.put SaslConfigs/SASL_JAAS_CONFIG jaas_props)))
properties))

(defn- add-sasl-properties
[properties mechanism protocol]
(if (and (some? mechanism) (some? protocol))
(doto properties
(.put SaslConfigs/SASL_MECHANISM mechanism)
(.put CommonClientConfigs/SECURITY_PROTOCOL_CONFIG protocol))
properties))

(defn build-ssl-properties
Expand All @@ -232,18 +239,53 @@
{:enabled true
:ssl-keystore-location <>
:ssl-keystore-password <>
:mechanism <>
:protocol <>
{:jaas {:username <>
:password <>
:mechanism <>}}}
:login-module <>}}}
"
(let [ssl-configs-enabled (:enabled ssl-config-map)
jaas-config (get ssl-config-map :jaas)]
jaas-config (get ssl-config-map :jaas)
mechanism (get ssl-config-map :mechanism)
protocol (get ssl-config-map :protocol)]
(if (true? ssl-configs-enabled)
(as-> properties pr
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol)
(reduce-kv set-property-fn pr ssl-config-map))
properties)))

(defn build-sasl-properties
[properties set-property-fn sasl-config-map]
"Builds SASL properties from sasl-config-map which is a map where keys are
Clojure keywords in kebab case. These keys are converted to Kafka properties by set-property-fn.
SASL properties are only set if [:ziggurat :sasl :enabled] returns true.
Creates JAAS template if values are provided in the map provided against this key sequence
[:ziggurat :sasl :jaas].
Example of sasl-config-map
{:enabled true
:protocol <>
:mechanism <>
{:jaas
{:username <>
:password <>
:login-module <>}}}
"
(let [sasl-configs-enabled (:enabled sasl-config-map)
jaas-config (get sasl-config-map :jaas)
mechanism (get sasl-config-map :mechanism)
protocol (get sasl-config-map :protocol)]
(if (true? sasl-configs-enabled)
(as-> properties pr
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol)
(reduce-kv set-property-fn pr sasl-config-map))
properties)))

(defn build-properties
"Builds Properties object from the provided config-map which is a map where keys are
Clojure keywords in kebab case. These keys are converted to Kafka properties by set-property-fn.
Expand All @@ -265,6 +307,7 @@
[set-property-fn config-map]
(as-> (Properties.) pr
(build-ssl-properties pr set-property-fn (ssl-config))
(build-sasl-properties pr set-property-fn (sasl-config))
(reduce-kv set-property-fn pr config-map)))

(def build-consumer-config-properties
Expand Down
24 changes: 21 additions & 3 deletions test/ziggurat/config_test.clj
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
statsd-config
ziggurat-config
ssl-config
sasl-config
create-jaas-properties]]
[ziggurat.fixtures :as f])
(:import (java.util ArrayList Properties)))
Expand Down Expand Up @@ -321,9 +322,10 @@
(with-redefs [ssl-config (constantly {:enabled true
:ssl-keystore-location "/some/location"
:ssl-keystore-password "some-password"
:mechanism "SCRAM-SHA-512"
:jaas {:username "myuser"
:password "mypassword"
:mechanism "SCRAM-SHA-512"}})]
:login-module "org.apache.kafka.common.security.scram.ScramLoginModule"}})]
(let [streams-config-map {:auto-offset-reset :latest}
props (build-streams-config-properties streams-config-map)
auto-offset-reset (.getProperty props "auto.offset.reset")
Expand All @@ -333,7 +335,7 @@
(is (= auto-offset-reset "latest"))
(is (= ssl-ks-location "/some/location"))
(is (= ssl-ks-password "some-password"))
(is (= sasl-jaas-config (create-jaas-properties "myuser" "mypassword" "SCRAM-SHA-512"))))))
(is (= sasl-jaas-config (create-jaas-properties "myuser" "mypassword" "org.apache.kafka.common.security.scram.ScramLoginModule"))))))
(testing "ssl properties DO NOT create jaas template if no value is provided for key sequence [:ziggurat :ssl :jaas]"
(with-redefs [ssl-config (constantly {:enabled true
:ssl-keystore-location "/some/location"
Expand All @@ -347,7 +349,23 @@
(is (= auto-offset-reset "latest"))
(is (= ssl-ks-location "/some/location"))
(is (= ssl-ks-password "some-password"))
(is (nil? sasl-jaas-config)))))))
(is (nil? sasl-jaas-config)))))
(testing "sasl properties create jaas template from the map provided in [:ziggurat :sasl :jaas]"
(with-redefs [sasl-config (constantly {:enabled true
:protocol "SASL_PLAINTEXT"
:mechanism "SCRAM-SHA-256"
:jaas {:username "myuser"
:password "mypassword"
:login-module "org.apache.kafka.common.security.scram.ScramLoginModule"}})]
(let [streams-config-map {:auto-offset-reset :latest}
props (build-streams-config-properties streams-config-map)
auto-offset-reset (.getProperty props "auto.offset.reset")
sasl-jaas-config (.getProperty props "sasl.jaas.config")
sasl-protocol (.getProperty props "security.protocol")
sasl-mechanism (.getProperty props "sasl.mechanism")]
(is (= auto-offset-reset "latest"))
(is (= sasl-protocol "SASL_PLAINTEXT"))
(is (= sasl-jaas-config (create-jaas-properties "myuser" "mypassword" "org.apache.kafka.common.security.scram.ScramLoginModule"))))))))

(deftest test-set-property
(testing "set-property with empty (with spaces) value"
Expand Down

0 comments on commit 4177d85

Please sign in to comment.