use of io.strimzi.api.kafka.model.AclRule in project strimzi by strimzi.
the class SimpleAclRuleTest method testFromCrdToKafkaAclBinding.
@Test
public void testFromCrdToKafkaAclBinding() {
AclRule rule = new AclRuleBuilder().withType(AclRuleType.ALLOW).withResource(aclRuleTopicResource).withHost("127.0.0.1").withOperation(AclOperation.READ).build();
AclBinding expectedKafkaAclBinding = new AclBinding(kafkaResourcePattern, new AccessControlEntry(kafkaPrincipal.toString(), "127.0.0.1", org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
assertThat(SimpleAclRule.fromCrd(rule).toKafkaAclBinding(kafkaPrincipal), is(expectedKafkaAclBinding));
}
use of io.strimzi.api.kafka.model.AclRule in project strimzi-kafka-operator by strimzi.
the class UserST method testTlsExternalUser.
@ParallelNamespaceTest
void testTlsExternalUser(ExtensionContext extensionContext) {
final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
final AclRule writeRule = new AclRuleBuilder().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.WRITE).build();
final AclRule describeRule = new AclRuleBuilder().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.DESCRIBE).build();
// exercise (a) - create Kafka cluster with support for authorization
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 1, 1).editSpec().editKafka().withNewKafkaAuthorizationSimple().endKafkaAuthorizationSimple().endKafka().endSpec().build());
// quotas configuration
final int prodRate = 1212;
final int consRate = 2121;
final int requestPerc = 21;
final double mutRate = 5d;
final KafkaUser tlsExternalUserWithQuotasAndAcls = KafkaUserTemplates.tlsExternalUser(namespaceName, clusterName, userName).editSpec().withNewKafkaUserAuthorizationSimple().addToAcls(writeRule, describeRule).endKafkaUserAuthorizationSimple().withNewQuotas().withConsumerByteRate(consRate).withProducerByteRate(prodRate).withRequestPercentage(requestPerc).withControllerMutationRate(mutRate).endQuotas().endSpec().build();
// exercise (b) - create the KafkaUser with tls external client authentication
resourceManager.createResource(extensionContext, tlsExternalUserWithQuotasAndAcls);
// verify (a) - that secrets are not generated and KafkaUser is created
KafkaUserUtils.waitForKafkaUserReady(namespaceName, userName);
assertThat(kubeClient().getSecret(namespaceName, userName), nullValue());
// verify (b) - if the operator has the right username in the status, that is what it also used in the ACLs and Quotas
KafkaUser user = KafkaUserResource.kafkaUserClient().inNamespace(namespaceName).withName(userName).get();
assertThat(user.getStatus().getUsername(), is("CN=" + userName));
}
use of io.strimzi.api.kafka.model.AclRule in project strimzi-kafka-operator by strimzi.
the class KafkaUserModel method setSimpleAclRules.
/**
* Sets the list of ACL rules for Simple authorization.
*
* @param rules List of ACL rules which should be applied to this user.
*/
public void setSimpleAclRules(List<AclRule> rules) {
Set<SimpleAclRule> simpleAclRules = new HashSet<>();
for (AclRule rule : rules) {
simpleAclRules.add(SimpleAclRule.fromCrd(rule));
}
this.simpleAclRules = simpleAclRules;
}
Aggregations