Example 46 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi by strimzi.
the class KafkaClusterTest method testGenerateDeploymentWithOAuthEverywhere.
@ParallelTest
public void testGenerateDeploymentWithOAuthEverywhere() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build(), new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build(), new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build()).endKafka().endSpec().build();
KafkaCluster kc = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
StatefulSet sts = kc.generateStatefulSet(true, null, null, null);
Container cont = sts.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_TLS_9093_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_TLS_9093_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_EXTERNAL_9094_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_EXTERNAL_9094_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/first-certificate-2"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-tls-9093-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-tls-9093-certs/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-tls-9093-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-tls-9093-certs/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-tls-9093-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-tls-9093-certs/first-certificate-2"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-external-9094-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-external-9094-certs/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-external-9094-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-external-9094-certs/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-external-9094-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-external-9094-certs/first-certificate-2"));
// Volumes
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-tls-9093-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-external-9094-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used :
Quantity(io.fabric8.kubernetes.api.model.Quantity)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy)
PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources)
Rack(io.strimzi.api.kafka.model.Rack)
GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder)
SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Arrays.asList(java.util.Arrays.asList)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder)
Matchers.allOf(org.hamcrest.Matchers.allOf)
Set(java.util.Set)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
ZoneId(java.time.ZoneId)
GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.contains(org.hamcrest.Matchers.contains)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
IpFamily(io.strimzi.api.kafka.model.template.IpFamily)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArrayList(java.util.ArrayList)
Matchers.hasProperty(org.hamcrest.Matchers.hasProperty)
PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder)
GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker)
SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
PodSpec(io.fabric8.kubernetes.api.model.PodSpec)
KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder)
IOException(java.io.IOException)
StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Util(io.strimzi.operator.common.Util)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder)
ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)
NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
CoreMatchers(org.hamcrest.CoreMatchers)
CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem)
Storage(io.strimzi.api.kafka.model.storage.Storage)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
Matchers.hasKey(org.hamcrest.Matchers.hasKey)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)
Route(io.fabric8.openshift.api.model.Route)
SystemProperty(io.strimzi.api.kafka.model.SystemProperty)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder)
IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Collections.emptyList(java.util.Collections.emptyList)
Collectors(java.util.stream.Collectors)
CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType)
RackBuilder(io.strimzi.api.kafka.model.RackBuilder)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress)
Secret(io.fabric8.kubernetes.api.model.Secret)
TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder)
NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)
Uuid(org.apache.kafka.common.Uuid)
PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm)
EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder)
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap)
MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging)
HashSet(java.util.HashSet)
HostAlias(io.fabric8.kubernetes.api.model.HostAlias)
JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics)
JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)
InlineLogging(io.strimzi.api.kafka.model.InlineLogging)
MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy)
Volume(io.fabric8.kubernetes.api.model.Volume)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters)
Collections.emptyMap(java.util.Collections.emptyMap)
TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint)
Matchers(org.hamcrest.Matchers)
TestUtils.set(io.strimzi.test.TestUtils.set)
LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Kafka(io.strimzi.api.kafka.model.Kafka)
Collections(java.util.Collections)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
Kafka(io.strimzi.api.kafka.model.Kafka)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 47 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi by strimzi.
the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithProducerOAuthWithTls.
@ParallelTest
public void testGenerateDeploymentWithProducerOAuthWithTls() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editProducer().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).endProducer().endSpec().build();
KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_SASL_MECHANISM_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CONFIG_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-2"));
// Volumes
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used :
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
KafkaMirrorMakerProducerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpecBuilder)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker)
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
KafkaMirrorMakerConsumerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpecBuilder)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder)
LINE_SEPARATOR(io.strimzi.test.TestUtils.LINE_SEPARATOR)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
KafkaMirrorMakerConsumerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpec)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)
HashMap(java.util.HashMap)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging)
ArrayList(java.util.ArrayList)
HostAlias(io.fabric8.kubernetes.api.model.HostAlias)
JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics)
JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig)
KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder)
KafkaMirrorMakerProducerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpec)
TestUtils(io.strimzi.test.TestUtils)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
Probe(io.fabric8.kubernetes.api.model.Probe)
Collections.emptyMap(java.util.Collections.emptyMap)
ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
Reconciliation(io.strimzi.operator.common.Reconciliation)
ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
Collections(java.util.Collections)
KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 48 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi by strimzi.
the class KafkaClusterTest method testGenerateDeploymentWithOAuthWithClientSecretAndTls.
@ParallelTest
public void testGenerateDeploymentWithOAuthWithClientSecretAndTls() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build()).endKafka().endSpec().build();
KafkaCluster kc = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
StatefulSet sts = kc.generateStatefulSet(true, null, null, null);
Container cont = sts.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-plain-9092-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-plain-9092-certs/first-certificate-2"));
// Volumes
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-plain-9092-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used :
Quantity(io.fabric8.kubernetes.api.model.Quantity)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy)
PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources)
Rack(io.strimzi.api.kafka.model.Rack)
GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder)
SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Arrays.asList(java.util.Arrays.asList)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder)
Matchers.allOf(org.hamcrest.Matchers.allOf)
Set(java.util.Set)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
ZoneId(java.time.ZoneId)
GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.contains(org.hamcrest.Matchers.contains)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
IpFamily(io.strimzi.api.kafka.model.template.IpFamily)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArrayList(java.util.ArrayList)
Matchers.hasProperty(org.hamcrest.Matchers.hasProperty)
PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder)
GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker)
SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
PodSpec(io.fabric8.kubernetes.api.model.PodSpec)
KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder)
IOException(java.io.IOException)
StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Util(io.strimzi.operator.common.Util)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder)
ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)
NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
CoreMatchers(org.hamcrest.CoreMatchers)
CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem)
Storage(io.strimzi.api.kafka.model.storage.Storage)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
Matchers.hasKey(org.hamcrest.Matchers.hasKey)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)
Route(io.fabric8.openshift.api.model.Route)
SystemProperty(io.strimzi.api.kafka.model.SystemProperty)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder)
IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Collections.emptyList(java.util.Collections.emptyList)
Collectors(java.util.stream.Collectors)
CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType)
RackBuilder(io.strimzi.api.kafka.model.RackBuilder)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress)
Secret(io.fabric8.kubernetes.api.model.Secret)
TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder)
NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)
Uuid(org.apache.kafka.common.Uuid)
PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm)
EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder)
CertificateParsingException(java.security.cert.CertificateParsingException)
HashMap(java.util.HashMap)
GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap)
MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging)
HashSet(java.util.HashSet)
HostAlias(io.fabric8.kubernetes.api.model.HostAlias)
JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics)
JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)
InlineLogging(io.strimzi.api.kafka.model.InlineLogging)
MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy)
Volume(io.fabric8.kubernetes.api.model.Volume)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters)
Collections.emptyMap(java.util.Collections.emptyMap)
TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint)
Matchers(org.hamcrest.Matchers)
TestUtils.set(io.strimzi.test.TestUtils.set)
LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Kafka(io.strimzi.api.kafka.model.Kafka)
Collections(java.util.Collections)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
Kafka(io.strimzi.api.kafka.model.Kafka)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 49 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi by strimzi.
the class KafkaBridgeClusterTest method testGenerateDeploymentWithOAuthWithTls.
@ParallelTest
public void testGenerateDeploymentWithOAuthWithTls() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
KafkaBridge resource = new KafkaBridgeBuilder(this.resource).editSpec().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).endSpec().build();
KafkaBridgeCluster kb = KafkaBridgeCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
Deployment dep = kb.generateDeployment(emptyMap(), true, null, null);
Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> KafkaBridgeCluster.ENV_VAR_KAFKA_BRIDGE_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
assertThat(cont.getEnv().stream().filter(var -> KafkaBridgeCluster.ENV_VAR_KAFKA_BRIDGE_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> KafkaBridgeCluster.ENV_VAR_KAFKA_BRIDGE_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> KafkaBridgeCluster.ENV_VAR_KAFKA_BRIDGE_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaBridgeCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaBridgeCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaBridgeCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-2"));
// Volumes
List<KeyToPath> cert1Items = dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems();
assertThat(cert1Items.size(), is(1));
assertThat(cert1Items.get(0).getKey(), is("ca.crt"));
assertThat(cert1Items.get(0).getPath(), is("tls.crt"));
List<KeyToPath> cert2Items = dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems();
assertThat(cert2Items.size(), is(1));
assertThat(cert2Items.get(0).getKey(), is("tls.crt"));
assertThat(cert2Items.get(0).getPath(), is("tls.crt"));
List<KeyToPath> cert3Items = dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems();
assertThat(cert3Items.size(), is(1));
assertThat(cert3Items.get(0).getKey(), is("ca2.crt"));
assertThat(cert3Items.get(0).getPath(), is("tls.crt"));
}
Also used :
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
JvmOptionsBuilder(io.strimzi.api.kafka.model.JvmOptionsBuilder)
KafkaBridge(io.strimzi.api.kafka.model.KafkaBridge)
JaegerTracing(io.strimzi.api.kafka.model.tracing.JaegerTracing)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
Affinity(io.fabric8.kubernetes.api.model.Affinity)
KeyToPath(io.fabric8.kubernetes.api.model.KeyToPath)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Collections.emptyList(java.util.Collections.emptyList)
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
KafkaBridgeHttpConfig(io.strimzi.api.kafka.model.KafkaBridgeHttpConfig)
NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.contains(org.hamcrest.Matchers.contains)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)
IpFamily(io.strimzi.api.kafka.model.template.IpFamily)
HashMap(java.util.HashMap)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
ArrayList(java.util.ArrayList)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
TestUtils(io.strimzi.test.TestUtils)
KafkaBridgeBuilder(io.strimzi.api.kafka.model.KafkaBridgeBuilder)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
KafkaBridgeResources(io.strimzi.api.kafka.model.KafkaBridgeResources)
Collections.emptyMap(java.util.Collections.emptyMap)
TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint)
Toleration(io.fabric8.kubernetes.api.model.Toleration)
ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig)
TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder)
AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder)
Reconciliation(io.strimzi.operator.common.Reconciliation)
SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
Collections(java.util.Collections)
KeyToPath(io.fabric8.kubernetes.api.model.KeyToPath)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
KafkaBridge(io.strimzi.api.kafka.model.KafkaBridge)
KafkaBridgeBuilder(io.strimzi.api.kafka.model.KafkaBridgeBuilder)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 50 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi by strimzi.
the class HttpBridgeKafkaExternalListenersST method testTlsAuthWithWeirdUsername.
@ParallelTest
void testTlsAuthWithWeirdUsername(ExtensionContext extensionContext) {
final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
// Create weird named user with . and maximum of 64 chars -> TLS
final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasd";
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecret = new CertSecretSource();
certSecret.setCertificate("ca.crt");
certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName));
KafkaBridgeSpec bridgeSpec = new KafkaBridgeSpecBuilder().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(weirdUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withNewTls().withTrustedCertificates(certSecret).endTls().build();
testWeirdUsername(extensionContext, weirdUserName, new KafkaListenerAuthenticationTls(), bridgeSpec, SecurityProtocol.SSL);
}
Also used :
KafkaBridgeSpec(io.strimzi.api.kafka.model.KafkaBridgeSpec)
KafkaBridgeSpecBuilder(io.strimzi.api.kafka.model.KafkaBridgeSpecBuilder)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Aggregations
CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)73
CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)30
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)29
Collections (java.util.Collections)28
List (java.util.List)28
HashMap (java.util.HashMap)26
Map (java.util.Map)26
Labels (io.strimzi.operator.common.model.Labels)24
TestUtils (io.strimzi.test.TestUtils)24
ParallelTest (io.strimzi.test.annotations.ParallelTest)24
ArrayList (java.util.ArrayList)24
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)24
ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)22
Reconciliation (io.strimzi.operator.common.Reconciliation)22
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)20
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)20
ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)20
Container (io.fabric8.kubernetes.api.model.Container)18
HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)18
IntOrString (io.fabric8.kubernetes.api.model.IntOrString)18
