From ec6b67b4fd9dedd94039cb6aba7c68985c5318d5 Mon Sep 17 00:00:00 2001 From: Ruben Date: Mon, 20 Apr 2020 16:46:49 -0500 Subject: [PATCH] Formar NewKerberosClient comments acording to golang standad, added test for DisablePAFXFast Signed-off-by: Ruben --- kerberos_client.go | 11 +++-------- kerberos_client_test.go | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/kerberos_client.go b/kerberos_client.go index 0394182da2..ebc1141798 100644 --- a/kerberos_client.go +++ b/kerberos_client.go @@ -19,14 +19,9 @@ func (c *KerberosGoKrb5Client) CName() types.PrincipalName { return c.Credentials.CName() } -/* -* -* Create kerberos client used to obtain TGT and TGS tokens -* used gokrb5 library, which is a pure go kerberos client with -* some GSS-API capabilities, and SPNEGO support. Kafka does not use SPNEGO -* it uses pure Kerberos 5 solution (RFC-4121 and RFC-4120). -* - */ +// NewKerberosClient creates kerberos client used to obtain TGT and TGS tokens. +// It uses pure go Kerberos 5 solution (RFC-4121 and RFC-4120). +// uses gokrb5 library underlying which is a pure go kerberos client with some GSS-API capabilities. func NewKerberosClient(config *GSSAPIConfig) (KerberosClient, error) { cfg, err := krb5config.Load(config.KerberosConfigPath) if err != nil { diff --git a/kerberos_client_test.go b/kerberos_client_test.go index 8af0e17ca0..e52a6ece5a 100644 --- a/kerberos_client_test.go +++ b/kerberos_client_test.go @@ -84,3 +84,28 @@ func TestCreateWithKeyTab(t *testing.T) { t.Errorf("Expected error:%s, got:%s.", err, expectedErr) } } + +func TestCreateWithDisablePAFXFAST(t *testing.T) { + kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF) + if err != nil { + t.Fatal(err) + } + // Expect to try to create a client with keytab and fails with "o such file or directory" error + expectedErr := errors.New("open nonexist.keytab: no such file or directory") + clientConfig := NewConfig() + clientConfig.Net.SASL.Mechanism = SASLTypeGSSAPI + clientConfig.Net.SASL.Enable = true + clientConfig.Net.SASL.GSSAPI.ServiceName = "kafka" + clientConfig.Net.SASL.GSSAPI.Realm = "EXAMPLE.COM" + clientConfig.Net.SASL.GSSAPI.Username = "client" + clientConfig.Net.SASL.GSSAPI.AuthType = KRB5_KEYTAB_AUTH + clientConfig.Net.SASL.GSSAPI.KeyTabPath = "nonexist.keytab" + clientConfig.Net.SASL.GSSAPI.KerberosConfigPath = "/etc/krb5.conf" + clientConfig.Net.SASL.GSSAPI.DisablePAFXFAST = true + + _, err = createClient(&clientConfig.Net.SASL.GSSAPI, kerberosConfig) + if err.Error() != expectedErr.Error() { + t.Errorf("Expected error:%s, got:%s.", err, expectedErr) + } + +}