(t *testing.T)
| 386 | } |
| 387 | |
| 388 | func TestSASLOAuthBearer(t *testing.T) { |
| 389 | testTable := []struct { |
| 390 | name string |
| 391 | authidentity string |
| 392 | mockSASLHandshakeResponse MockResponse // Mock SaslHandshakeRequest response from broker |
| 393 | mockSASLAuthResponse MockResponse // Mock SaslAuthenticateRequest response from broker |
| 394 | expectClientErr bool // Expect an internal client-side error |
| 395 | expectedBrokerError KError // Expected Kafka error returned by client |
| 396 | tokProvider *TokenProvider |
| 397 | }{ |
| 398 | { |
| 399 | name: "SASL/OAUTHBEARER OK server response", |
| 400 | mockSASLHandshakeResponse: NewMockSaslHandshakeResponse(t). |
| 401 | SetEnabledMechanisms([]string{SASLTypeOAuth}), |
| 402 | mockSASLAuthResponse: NewMockSaslAuthenticateResponse(t), |
| 403 | expectClientErr: false, |
| 404 | expectedBrokerError: ErrNoError, |
| 405 | tokProvider: newTokenProvider(&AccessToken{Token: "access-token-123"}, nil), |
| 406 | }, |
| 407 | { |
| 408 | name: "SASL/OAUTHBEARER authentication failure response", |
| 409 | mockSASLHandshakeResponse: NewMockSaslHandshakeResponse(t). |
| 410 | SetEnabledMechanisms([]string{SASLTypeOAuth}), |
| 411 | mockSASLAuthResponse: NewMockSequence( |
| 412 | // First, the broker response with a challenge |
| 413 | NewMockSaslAuthenticateResponse(t). |
| 414 | SetAuthBytes([]byte(`{"status":"invalid_request1"}`)), |
| 415 | // Next, the client terminates the token exchange. Finally, the |
| 416 | // broker responds with an error message. |
| 417 | NewMockSaslAuthenticateResponse(t). |
| 418 | SetAuthBytes([]byte(`{"status":"invalid_request2"}`)). |
| 419 | SetError(ErrSASLAuthenticationFailed), |
| 420 | ), |
| 421 | expectClientErr: true, |
| 422 | expectedBrokerError: ErrSASLAuthenticationFailed, |
| 423 | tokProvider: newTokenProvider(&AccessToken{Token: "access-token-123"}, nil), |
| 424 | }, |
| 425 | { |
| 426 | name: "SASL/OAUTHBEARER handshake failure response", |
| 427 | mockSASLHandshakeResponse: NewMockSaslHandshakeResponse(t). |
| 428 | SetEnabledMechanisms([]string{SASLTypeOAuth}). |
| 429 | SetError(ErrSASLAuthenticationFailed), |
| 430 | mockSASLAuthResponse: NewMockSaslAuthenticateResponse(t), |
| 431 | expectClientErr: true, |
| 432 | expectedBrokerError: ErrSASLAuthenticationFailed, |
| 433 | tokProvider: newTokenProvider(&AccessToken{Token: "access-token-123"}, nil), |
| 434 | }, |
| 435 | { |
| 436 | name: "SASL/OAUTHBEARER token generation error", |
| 437 | mockSASLHandshakeResponse: NewMockSaslHandshakeResponse(t). |
| 438 | SetEnabledMechanisms([]string{SASLTypeOAuth}), |
| 439 | mockSASLAuthResponse: NewMockSaslAuthenticateResponse(t), |
| 440 | expectClientErr: true, |
| 441 | expectedBrokerError: ErrNoError, |
| 442 | tokProvider: newTokenProvider(&AccessToken{Token: "access-token-123"}, ErrTokenFailure), |
| 443 | }, |
| 444 | { |
| 445 | name: "SASL/OAUTHBEARER invalid extension", |
nothing calls this directly
no test coverage detected