Example 61 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi-kafka-operator by strimzi.
the class KafkaBridgeCluster method getEnvVars.
@Override
protected List<EnvVar> getEnvVars() {
List<EnvVar> varList = new ArrayList<>();
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_METRICS_ENABLED, String.valueOf(isMetricsEnabled)));
varList.add(buildEnvVar(ENV_VAR_STRIMZI_GC_LOG_ENABLED, String.valueOf(gcLoggingEnabled)));
ModelUtils.javaOptions(varList, getJvmOptions());
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_BOOTSTRAP_SERVERS, bootstrapServers));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_ADMIN_CLIENT_CONFIG, kafkaBridgeAdminClient == null ? "" : new KafkaBridgeAdminClientConfiguration(reconciliation, kafkaBridgeAdminClient.getConfig().entrySet()).getConfiguration()));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_CONSUMER_CONFIG, kafkaBridgeConsumer == null ? "" : new KafkaBridgeConsumerConfiguration(reconciliation, kafkaBridgeConsumer.getConfig().entrySet()).getConfiguration()));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_PRODUCER_CONFIG, kafkaBridgeProducer == null ? "" : new KafkaBridgeProducerConfiguration(reconciliation, kafkaBridgeProducer.getConfig().entrySet()).getConfiguration()));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_ID, cluster));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_HTTP_ENABLED, String.valueOf(httpEnabled)));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_HTTP_HOST, KafkaBridgeHttpConfig.HTTP_DEFAULT_HOST));
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_HTTP_PORT, String.valueOf(http != null ? http.getPort() : KafkaBridgeHttpConfig.HTTP_DEFAULT_PORT)));
if (http != null && http.getCors() != null) {
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_CORS_ENABLED, "true"));
if (http.getCors().getAllowedOrigins() != null) {
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_CORS_ALLOWED_ORIGINS, String.join(",", http.getCors().getAllowedOrigins())));
}
if (http.getCors().getAllowedMethods() != null) {
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_CORS_ALLOWED_METHODS, String.join(",", http.getCors().getAllowedMethods())));
}
} else {
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_CORS_ENABLED, "false"));
}
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_AMQP_ENABLED, String.valueOf(amqpEnabled)));
if (tls != null) {
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_TLS, "true"));
List<CertSecretSource> trustedCertificates = tls.getTrustedCertificates();
if (trustedCertificates != null && trustedCertificates.size() > 0) {
StringBuilder sb = new StringBuilder();
boolean separator = false;
for (CertSecretSource certSecretSource : trustedCertificates) {
if (separator) {
sb.append(";");
}
sb.append(certSecretSource.getSecretName() + "/" + certSecretSource.getCertificate());
separator = true;
}
varList.add(buildEnvVar(ENV_VAR_KAFKA_BRIDGE_TRUSTED_CERTS, sb.toString()));
}
}
AuthenticationUtils.configureClientAuthenticationEnvVars(authentication, varList, name -> ENV_VAR_PREFIX + name);
if (tracing != null) {
varList.add(buildEnvVar(ENV_VAR_STRIMZI_TRACING, tracing.getType()));
}
// Add shared environment variables used for all containers
varList.addAll(getRequiredEnvVars());
addContainerEnvsToExistingEnvs(varList, templateContainerEnvVars);
return varList;
}
Also used :
ArrayList(java.util.ArrayList)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
Example 62 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi-kafka-operator by strimzi.
the class MirrorMakerIsolatedST method testMirrorMakerTlsAuthenticated.
/**
* Test mirroring messages by Mirror Maker over tls transport using mutual tls auth
*/
@ParallelNamespaceTest
@Tag(ACCEPTANCE)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
@SuppressWarnings({ "checkstyle:MethodLength" })
void testMirrorMakerTlsAuthenticated(ExtensionContext extensionContext) {
final TestStorage testStorage = new TestStorage(extensionContext, clusterOperator.getDeploymentNamespace());
String kafkaClusterSourceName = testStorage.getClusterName() + "-source";
String kafkaClusterTargetName = testStorage.getClusterName() + "-target";
String kafkaSourceUserName = testStorage.getUserName() + "-source";
String kafkaTargetUserName = testStorage.getUserName() + "-target";
// Deploy source kafka with tls listener and mutual tls auth
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(kafkaClusterSourceName, 1, 1).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
// Deploy target kafka with tls listener and mutual tls auth
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(kafkaClusterTargetName, 1, 1).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(kafkaClusterSourceName, testStorage.getTopicName()).build(), KafkaUserTemplates.tlsUser(kafkaClusterSourceName, kafkaSourceUserName).build(), KafkaUserTemplates.tlsUser(kafkaClusterTargetName, kafkaTargetUserName).build());
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecretSource = new CertSecretSource();
certSecretSource.setCertificate("ca.crt");
certSecretSource.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterSourceName));
// Initialize CertSecretSource with certificate and secret names for producer
CertSecretSource certSecretTarget = new CertSecretSource();
certSecretTarget.setCertificate("ca.crt");
certSecretTarget.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterTargetName));
KafkaClients clients = new KafkaClientsBuilder().withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withNamespaceName(testStorage.getNamespaceName()).withUserName(kafkaSourceUserName).withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).build();
resourceManager.createResource(extensionContext, clients.producerTlsStrimzi(kafkaClusterSourceName), clients.consumerTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
// Deploy Mirror Maker with tls listener and mutual tls auth
resourceManager.createResource(extensionContext, KafkaMirrorMakerTemplates.kafkaMirrorMaker(testStorage.getClusterName(), kafkaClusterSourceName, kafkaClusterTargetName, ClientUtils.generateRandomConsumerGroup(), 1, true).editSpec().editConsumer().withNewTls().withTrustedCertificates(certSecretSource).endTls().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(kafkaSourceUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().endConsumer().editProducer().withNewTls().withTrustedCertificates(certSecretTarget).endTls().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(kafkaTargetUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().endProducer().endSpec().build());
clients = new KafkaClientsBuilder(clients).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaTargetUserName).build();
resourceManager.createResource(extensionContext, clients.consumerTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 63 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi-kafka-operator by strimzi.
the class OauthTlsIsolatedST method testIntrospectionEndpoint.
@ParallelTest
void testIntrospectionEndpoint(ExtensionContext extensionContext) {
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, clusterOperator.getDeploymentNamespace()).build());
keycloakInstance.setIntrospectionEndpointUri("https://" + keycloakInstance.getHttpsUri() + "/auth/realms/internal/protocol/openid-connect/token/introspect");
String introspectionKafka = oauthClusterName + "-intro";
CertSecretSource cert = new CertSecretSourceBuilder().withSecretName(KeycloakInstance.KEYCLOAK_SECRET_NAME).withCertificate(KeycloakInstance.KEYCLOAK_SECRET_CERT).build();
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(introspectionKafka, 1).editMetadata().withNamespace(clusterOperator.getDeploymentNamespace()).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationOAuth().withClientId(OAUTH_KAFKA_BROKER_NAME).withNewClientSecret().withSecretName(OAUTH_KAFKA_BROKER_SECRET).withKey(OAUTH_KEY).endClientSecret().withAccessTokenIsJwt(false).withValidIssuerUri(keycloakInstance.getValidIssuerUri()).withIntrospectionEndpointUri(keycloakInstance.getIntrospectionEndpointUri()).withTlsTrustedCertificates(cert).withDisableTlsHostnameVerification(true).endKafkaListenerAuthenticationOAuth().build()).endKafka().endSpec().build());
KafkaOauthClients oauthInternalClientIntrospectionJob = new KafkaOauthClientsBuilder().withNamespaceName(clusterOperator.getDeploymentNamespace()).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(introspectionKafka)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
resourceManager.createResource(extensionContext, oauthInternalClientIntrospectionJob.producerStrimziOauthTls(introspectionKafka));
ClientUtils.waitForClientSuccess(producerName, clusterOperator.getDeploymentNamespace(), MESSAGE_COUNT);
resourceManager.createResource(extensionContext, oauthInternalClientIntrospectionJob.consumerStrimziOauthTls(introspectionKafka));
ClientUtils.waitForClientSuccess(consumerName, clusterOperator.getDeploymentNamespace(), MESSAGE_COUNT);
}
Also used :
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Example 64 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi-kafka-operator by strimzi.
the class KafkaConnectClusterTest method testGenerateDeploymentWithOAuthWithTls.
@ParallelTest
public void testGenerateDeploymentWithOAuthWithTls() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).endSpec().build();
KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-2"));
// Volumes
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used :
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
OrderedProperties(io.strimzi.operator.common.model.OrderedProperties)
CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
ExternalConfigurationEnv(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnv)
Rack(io.strimzi.api.kafka.model.Rack)
CoreMatchers.startsWith(org.hamcrest.CoreMatchers.startsWith)
SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder)
ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements)
ExternalConfigurationEnvBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnvBuilder)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
Probe(io.strimzi.api.kafka.model.Probe)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder)
LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder)
IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Collections.emptyList(java.util.Collections.emptyList)
Matchers.allOf(org.hamcrest.Matchers.allOf)
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder)
EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
Collectors(java.util.stream.Collectors)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.contains(org.hamcrest.Matchers.contains)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder)
Secret(io.fabric8.kubernetes.api.model.Secret)
TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)
IpFamily(io.strimzi.api.kafka.model.template.IpFamily)
HashMap(java.util.HashMap)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging)
ArrayList(java.util.ArrayList)
Matchers.hasProperty(org.hamcrest.Matchers.hasProperty)
HostAlias(io.fabric8.kubernetes.api.model.HostAlias)
JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics)
SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext)
JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
PodSpec(io.fabric8.kubernetes.api.model.PodSpec)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
Volume(io.fabric8.kubernetes.api.model.Volume)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
Collections.emptyMap(java.util.Collections.emptyMap)
TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint)
ExternalConfigurationVolumeSource(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource)
KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder)
ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig)
IOException(java.io.IOException)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
Reconciliation(io.strimzi.operator.common.Reconciliation)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
Collections(java.util.Collections)
KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources)
KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 65 with CertSecretSource
use of io.strimzi.api.kafka.model.CertSecretSource in project strimzi-kafka-operator by strimzi.
the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithOAuthWithTls.
@ParallelTest
public void testGenerateDeploymentWithOAuthWithTls() {
CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
KafkaMirrorMaker2ClusterSpec targetClusterWithOAuthWithTls = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build();
KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithOAuthWithTls).endSpec().build();
KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
Container cont = getContainer(dep);
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
// Volume mounts
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-0"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/second-certificate-1"));
assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-2"));
// Volumes
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used :
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
OrderedProperties(io.strimzi.operator.common.model.OrderedProperties)
ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ParallelSuite(io.strimzi.test.annotations.ParallelSuite)
ExternalConfigurationEnv(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnv)
KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder)
ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig)
PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
ExternalConfigurationEnvBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnvBuilder)
Map(java.util.Map)
ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder)
SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)
Probe(io.strimzi.api.kafka.model.Probe)
ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder)
IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Collections.emptyList(java.util.Collections.emptyList)
KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)
EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder)
HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata)
Collectors(java.util.stream.Collectors)
KafkaMirrorMaker2Resources(io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources)
KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2)
List(java.util.List)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
Labels(io.strimzi.operator.common.model.Labels)
PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)
Matchers.contains(org.hamcrest.Matchers.contains)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder)
Secret(io.fabric8.kubernetes.api.model.Secret)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate)
Container(io.fabric8.kubernetes.api.model.Container)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)
IpFamily(io.strimzi.api.kafka.model.template.IpFamily)
HashMap(java.util.HashMap)
LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging)
ArrayList(java.util.ArrayList)
HostAlias(io.fabric8.kubernetes.api.model.HostAlias)
JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics)
JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
PodSpec(io.fabric8.kubernetes.api.model.PodSpec)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
Volume(io.fabric8.kubernetes.api.model.Volume)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
Collections.emptyMap(java.util.Collections.emptyMap)
ExternalConfigurationVolumeSource(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource)
KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder)
KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)
ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig)
IOException(java.io.IOException)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
Reconciliation(io.strimzi.operator.common.Reconciliation)
SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder)
KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder)
ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
Collections(java.util.Collections)
Container(io.fabric8.kubernetes.api.model.Container)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder)
KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)
Deployment(io.fabric8.kubernetes.api.model.apps.Deployment)
KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Aggregations
CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)73
CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)30
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)29
Collections (java.util.Collections)28
List (java.util.List)28
HashMap (java.util.HashMap)26
Map (java.util.Map)26
Labels (io.strimzi.operator.common.model.Labels)24
TestUtils (io.strimzi.test.TestUtils)24
ParallelTest (io.strimzi.test.annotations.ParallelTest)24
ArrayList (java.util.ArrayList)24
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)24
ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)22
Reconciliation (io.strimzi.operator.common.Reconciliation)22
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)20
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)20
ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)20
Container (io.fabric8.kubernetes.api.model.Container)18
HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)18
IntOrString (io.fabric8.kubernetes.api.model.IntOrString)18
