Search in sources :

Example 6 with AclRule

use of io.strimzi.api.kafka.model.AclRule in project strimzi by strimzi.

the class SimpleAclRuleTest method testFromCrdToKafkaAclBinding.

@Test
public void testFromCrdToKafkaAclBinding() {
    AclRule rule = new AclRuleBuilder().withType(AclRuleType.ALLOW).withResource(aclRuleTopicResource).withHost("127.0.0.1").withOperation(AclOperation.READ).build();
    AclBinding expectedKafkaAclBinding = new AclBinding(kafkaResourcePattern, new AccessControlEntry(kafkaPrincipal.toString(), "127.0.0.1", org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
    assertThat(SimpleAclRule.fromCrd(rule).toKafkaAclBinding(kafkaPrincipal), is(expectedKafkaAclBinding));
}
Also used : AclRuleBuilder(io.strimzi.api.kafka.model.AclRuleBuilder) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) AclRule(io.strimzi.api.kafka.model.AclRule) AclBinding(org.apache.kafka.common.acl.AclBinding) Test(org.junit.jupiter.api.Test)

Example 7 with AclRule

use of io.strimzi.api.kafka.model.AclRule in project strimzi-kafka-operator by strimzi.

the class UserST method testTlsExternalUser.

@ParallelNamespaceTest
void testTlsExternalUser(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final AclRule writeRule = new AclRuleBuilder().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.WRITE).build();
    final AclRule describeRule = new AclRuleBuilder().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.DESCRIBE).build();
    // exercise (a) - create Kafka cluster with support for authorization
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 1, 1).editSpec().editKafka().withNewKafkaAuthorizationSimple().endKafkaAuthorizationSimple().endKafka().endSpec().build());
    // quotas configuration
    final int prodRate = 1212;
    final int consRate = 2121;
    final int requestPerc = 21;
    final double mutRate = 5d;
    final KafkaUser tlsExternalUserWithQuotasAndAcls = KafkaUserTemplates.tlsExternalUser(namespaceName, clusterName, userName).editSpec().withNewKafkaUserAuthorizationSimple().addToAcls(writeRule, describeRule).endKafkaUserAuthorizationSimple().withNewQuotas().withConsumerByteRate(consRate).withProducerByteRate(prodRate).withRequestPercentage(requestPerc).withControllerMutationRate(mutRate).endQuotas().endSpec().build();
    // exercise (b) - create the KafkaUser with tls external client authentication
    resourceManager.createResource(extensionContext, tlsExternalUserWithQuotasAndAcls);
    // verify (a) - that secrets are not generated and KafkaUser is created
    KafkaUserUtils.waitForKafkaUserReady(namespaceName, userName);
    assertThat(kubeClient().getSecret(namespaceName, userName), nullValue());
    // verify (b) -  if the operator has the right username in the status, that is what it also used in the ACLs and Quotas
    KafkaUser user = KafkaUserResource.kafkaUserClient().inNamespace(namespaceName).withName(userName).get();
    assertThat(user.getStatus().getUsername(), is("CN=" + userName));
}
Also used : AclRuleBuilder(io.strimzi.api.kafka.model.AclRuleBuilder) AclRule(io.strimzi.api.kafka.model.AclRule) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)

Example 8 with AclRule

use of io.strimzi.api.kafka.model.AclRule in project strimzi-kafka-operator by strimzi.

the class KafkaUserModel method setSimpleAclRules.

/**
 * Sets the list of ACL rules for Simple authorization.
 *
 * @param rules List of ACL rules which should be applied to this user.
 */
public void setSimpleAclRules(List<AclRule> rules) {
    Set<SimpleAclRule> simpleAclRules = new HashSet<>();
    for (AclRule rule : rules) {
        simpleAclRules.add(SimpleAclRule.fromCrd(rule));
    }
    this.simpleAclRules = simpleAclRules;
}
Also used : SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) AclRule(io.strimzi.api.kafka.model.AclRule) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) HashSet(java.util.HashSet)

Aggregations

AclRule (io.strimzi.api.kafka.model.AclRule)8 AclRuleBuilder (io.strimzi.api.kafka.model.AclRuleBuilder)6 Test (org.junit.jupiter.api.Test)4 KafkaUser (io.strimzi.api.kafka.model.KafkaUser)2 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)2 ParallelNamespaceTest (io.strimzi.systemtest.annotations.ParallelNamespaceTest)2 HashSet (java.util.HashSet)2 AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)2 AclBinding (org.apache.kafka.common.acl.AclBinding)2