[
https://issues.apache.org/jira/browse/KAFKA-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14935462#comment-14935462
]
Geoff Anderson commented on KAFKA-2417:
---------------------------------------
[~rsivaram] Thanks for offering to help, this would be tremendously useful. I
spoke yesterday with [~junrao] about what might be a good minimum test set
here, and we concluded that we could adapt and reuse the existing ducktape
replication test(s), but with ssl enabled on the clients-broker communication.
These replication tests introduce various broker failures while producing and
consuming in the background, and then validate consumed messages against
acknowledged messages.
Updating would involve a couple steps:
- Some helper python logic for setting up trust store etc
- Update kafka.py, verifiable_producer.py, and console_consumer.py to add hooks
for enabling ssl
- We can reuse replication_test.py by either a) parametrizing the test itself
with the ducktape @parameterize or @matrix decorator, and/or b) using the
common base test class called ProduceConsumeValidateTest introduced in
https://github.com/apache/kafka/pull/229
[~ijuma] [~junrao] What do you think?
> Ducktape tests for SSL/TLS
> --------------------------
>
> Key: KAFKA-2417
> URL: https://issues.apache.org/jira/browse/KAFKA-2417
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Ismael Juma
> Assignee: Geoff Anderson
> Priority: Blocker
> Fix For: 0.9.0.0
>
>
> The tests should be complementary to the unit/integration tests written as
> part of KAFKA-1685.
> Things to consider:
> * Upgrade/downgrade to turning on/off SSL
> * Failure testing
> * Expired/revoked certificates
> * Renegotiation
> Some changes to ducktape may be required for upgrade scenarios.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
