Search in sources :

Example 56 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithPlainAuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for plain client authentication. It checks that
 * the volumes and volume mounts that reference the secret are correctly created and that each volume name is only created once - volumes
 * with duplicate names will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithPlainAuthAndTLSSameSecret() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithPlainAuth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationPlain().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationPlain().build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithPlainAuth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().toString(), dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(4));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("target-my-secret"));
    Container cont = getContainer(dep);
    assertThat(cont.getVolumeMounts().size(), is(6));
    assertThat(cont.getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(cont.getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(cont.getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(cont.getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(cont.getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(2).getMountPath(), is(KafkaMirrorMaker2Cluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getMountPath(), is(KafkaMirrorMaker2Cluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "plain"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 57 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithTlsAuth.

@ParallelTest
public void testGenerateDeploymentWithTlsAuth() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithTlsAuth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withAuthentication(new KafkaClientAuthenticationTlsBuilder().withNewCertificateAndKey().withSecretName("user-secret").withCertificate("user.crt").withKey("user.key").endCertificateAndKey().build()).build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithTlsAuth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("user-secret"));
    Container cont = getContainer(dep);
    assertThat(cont.getVolumeMounts().get(3).getMountPath(), is(KafkaMirrorMaker2Cluster.TLS_CERTS_BASE_VOLUME_MOUNT + "user-secret"));
    assertThat(AbstractModel.containerEnvVars(cont).get(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_TLS_AUTH_CERT), is("user-secret/user.crt"));
    assertThat(AbstractModel.containerEnvVars(cont).get(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_TLS_AUTH_KEY), is("user-secret/user.key"));
    assertThat(AbstractModel.containerEnvVars(cont).get(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_TLS), is("true"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 58 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithTlsSameSecret.

@ParallelTest
public void testGenerateDeploymentWithTlsSameSecret() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithTlsAuth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withAuthentication(new KafkaClientAuthenticationTlsBuilder().withNewCertificateAndKey().withSecretName("my-secret").withCertificate("user.crt").withKey("user.key").endCertificateAndKey().build()).build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithTlsAuth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    // 3 = 1 volume from logging/metrics + 2 from above cert mounted for connect and for connectors
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(4));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 59 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi by strimzi.

the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithProducerOAuthWithTls.

@ParallelTest
public void testGenerateDeploymentWithProducerOAuthWithTls() {
    CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
    CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
    CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
    KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editProducer().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).endProducer().endSpec().build();
    KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_SASL_MECHANISM_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CONFIG_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
    // Volume mounts
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-0"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/second-certificate-1"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-2"));
    // Volumes
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) KafkaMirrorMakerProducerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpecBuilder) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) KafkaMirrorMakerConsumerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpecBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) LINE_SEPARATOR(io.strimzi.test.TestUtils.LINE_SEPARATOR) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) KafkaMirrorMakerConsumerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpec) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) KafkaMirrorMakerProducerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpec) TestUtils(io.strimzi.test.TestUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Probe(io.fabric8.kubernetes.api.model.Probe) Collections.emptyMap(java.util.Collections.emptyMap) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 60 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi by strimzi.

the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithTls.

@ParallelTest
public void testGenerateDeploymentWithTls() {
    KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editOrNewConsumer().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret-c").withCertificate("cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret-c").withCertificate("new-cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-another-secret-c").withCertificate("another-cert.crt").build()).endTls().endConsumer().editOrNewProducer().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret-p").withCertificate("cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret-p").withCertificate("new-cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-another-secret-p").withCertificate("another-cert.crt").build()).endTls().endProducer().endSpec().build();
    KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret-p"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("my-another-secret-p"));
    List<Container> containers = dep.getSpec().getTemplate().getSpec().getContainers();
    assertThat(containers.get(0).getVolumeMounts().get(2).getMountPath(), is(KafkaMirrorMakerCluster.TLS_CERTS_VOLUME_MOUNT_PRODUCER + "my-secret-p"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getMountPath(), is(KafkaMirrorMakerCluster.TLS_CERTS_VOLUME_MOUNT_PRODUCER + "my-another-secret-p"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_TLS_PRODUCER), is("true"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_TRUSTED_CERTS_PRODUCER), is("my-secret-p/cert.crt;my-secret-p/new-cert.crt;my-another-secret-p/another-cert.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(4).getName(), is("my-secret-c"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(5).getName(), is("my-another-secret-c"));
    assertThat(containers.get(0).getVolumeMounts().get(4).getMountPath(), is(KafkaMirrorMakerCluster.TLS_CERTS_VOLUME_MOUNT_CONSUMER + "my-secret-c"));
    assertThat(containers.get(0).getVolumeMounts().get(5).getMountPath(), is(KafkaMirrorMakerCluster.TLS_CERTS_VOLUME_MOUNT_CONSUMER + "my-another-secret-c"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_TLS_CONSUMER), is("true"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_TRUSTED_CERTS_CONSUMER), is("my-secret-c/cert.crt;my-secret-c/new-cert.crt;my-another-secret-c/another-cert.crt"));
}
Also used : KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)86 ParallelTest (io.strimzi.test.annotations.ParallelTest)64 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)52 Container (io.fabric8.kubernetes.api.model.Container)50 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)30 KafkaClientAuthenticationTlsBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)28 Quantity (io.fabric8.kubernetes.api.model.Quantity)20 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)20 HashMap (java.util.HashMap)20 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)18 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)18 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)18 LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)18 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)18 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)18 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)18 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)18 ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)18 ContainerTemplate (io.strimzi.api.kafka.model.template.ContainerTemplate)18 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)18