(t *testing.T)
| 806 | } |
| 807 | |
| 808 | func TestGSSAPIKerberosAuth_Authorize(t *testing.T) { |
| 809 | testTable := []struct { |
| 810 | name string |
| 811 | error error |
| 812 | mockKerberosClient bool |
| 813 | errorStage string |
| 814 | badResponse bool |
| 815 | badKeyChecksum bool |
| 816 | }{ |
| 817 | { |
| 818 | name: "Kerberos authentication success", |
| 819 | error: nil, |
| 820 | mockKerberosClient: true, |
| 821 | }, |
| 822 | { |
| 823 | name: "Kerberos login fails", |
| 824 | error: krberror.NewErrorf(krberror.KDCError, "KDC_Error: AS Exchange Error: "+ |
| 825 | "kerberos error response from KDC: KRB Error: (24) KDC_ERR_PREAUTH_FAILED Pre-authenti"+ |
| 826 | "cation information was invalid - PREAUTH_FAILED"), |
| 827 | mockKerberosClient: true, |
| 828 | errorStage: "login", |
| 829 | }, |
| 830 | { |
| 831 | name: "Kerberos service ticket fails", |
| 832 | error: krberror.NewErrorf(krberror.KDCError, "KDC_Error: AS Exchange Error: "+ |
| 833 | "kerberos error response from KDC: KRB Error: (24) KDC_ERR_PREAUTH_FAILED Pre-authenti"+ |
| 834 | "cation information was invalid - PREAUTH_FAILED"), |
| 835 | mockKerberosClient: true, |
| 836 | errorStage: "service_ticket", |
| 837 | }, |
| 838 | { |
| 839 | name: "Kerberos client creation fails", |
| 840 | error: errors.New("configuration file could not be opened: testdata/krb5.conf open testdata/krb5.conf: no such file or directory"), |
| 841 | }, |
| 842 | { |
| 843 | name: "Bad server response, unmarshall key error", |
| 844 | error: errors.New("bytes shorter than header length"), |
| 845 | badResponse: true, |
| 846 | mockKerberosClient: true, |
| 847 | }, |
| 848 | { |
| 849 | name: "Bad token checksum", |
| 850 | error: errors.New("checksum mismatch. Computed: 39feb88ac2459f2b77738493, Contained in token: ffffffffffffffff00000000"), |
| 851 | badResponse: false, |
| 852 | badKeyChecksum: true, |
| 853 | mockKerberosClient: true, |
| 854 | }, |
| 855 | } |
| 856 | for i, test := range testTable { |
| 857 | t.Run(test.name, func(t *testing.T) { |
| 858 | mockBroker := NewMockBroker(t, 0) |
| 859 | // broker executes SASL requests against mockBroker |
| 860 | |
| 861 | mockBroker.SetGSSAPIHandler(func(bytes []byte) []byte { |
| 862 | return nil |
| 863 | }) |
| 864 | broker := NewBroker(mockBroker.Addr()) |
| 865 | broker.requestRate = metrics.NilMeter{} |
nothing calls this directly
no test coverage detected