Examples with CertSecretSourceBuilder io.strimzi.api.kafka.model.CertSecretSourceBuilder used on opensource projects

Search in sources :

Example 81 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaClusterTest method testGenerateDeploymentWithKeycloakAuthorization.

@ParallelTest
public void testGenerateDeploymentWithKeycloakAuthorization() {
    CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
    CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
    Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withMaxSecondsWithoutReauthentication(3600).withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2).build()).build()).withAuthorization(new KafkaAuthorizationKeycloakBuilder().withClientId("my-client-id").withTokenEndpointUri("http://token-endpoint-uri").withDisableTlsHostnameVerification(true).withDelegateToKafkaAcls(false).withGrantsRefreshPeriodSeconds(90).withGrantsRefreshPoolSize(4).withTlsTrustedCertificates(cert1, cert2).build()).endKafka().endSpec().build();
    KafkaCluster kc = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    StatefulSet sts = kc.generateStatefulSet(true, null, null, null);
    Container cont = sts.getSpec().getTemplate().getSpec().getContainers().get(0);
    // Volume mounts
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "authz-keycloak-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/authz-keycloak-certs/first-certificate-0"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "authz-keycloak-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaCluster.OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/authz-keycloak-certs/second-certificate-1"));
    // Volumes
    List<Volume> volumes = sts.getSpec().getTemplate().getSpec().getVolumes();
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
    assertThat(volumes.stream().filter(vol -> "authz-keycloak-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy) PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) Rack(io.strimzi.api.kafka.model.Rack) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder) Matchers.allOf(org.hamcrest.Matchers.allOf) Set(java.util.Set) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) ZoneId(java.time.ZoneId) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Matchers.containsString(org.hamcrest.Matchers.containsString) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) PodSpec(io.fabric8.kubernetes.api.model.PodSpec) KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) IOException(java.io.IOException) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort) Reconciliation(io.strimzi.operator.common.Reconciliation) Util(io.strimzi.operator.common.Util) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) CoreMatchers(org.hamcrest.CoreMatchers) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) Matchers.hasKey(org.hamcrest.Matchers.hasKey) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) Route(io.fabric8.openshift.api.model.Route) SystemProperty(io.strimzi.api.kafka.model.SystemProperty) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Collectors(java.util.stream.Collectors) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType) RackBuilder(io.strimzi.api.kafka.model.RackBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) Secret(io.fabric8.kubernetes.api.model.Secret) TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Uuid(org.apache.kafka.common.Uuid) PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm) EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder) CertificateParsingException(java.security.cert.CertificateParsingException) HashMap(java.util.HashMap) GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) HashSet(java.util.HashSet) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Collections.emptyMap(java.util.Collections.emptyMap) TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint) Matchers(org.hamcrest.Matchers) TestUtils.set(io.strimzi.test.TestUtils.set) LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Collections(java.util.Collections) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Volume(io.fabric8.kubernetes.api.model.Volume) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 82 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaConnectClusterTest method testGenerateDeploymentWithScramSha512AuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for SCRAM SHA 512 client authentication. It checks that
 * the volumes and volume mounts that reference the secret are correctly created and that each volume name is only created once - volumes
 * with duplicate names will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithScramSha512AuthAndTLSSameSecret() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationScramSha512().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationScramSha512().endSpec().build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(3));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    List<Container> containers = dep.getSpec().getTemplate().getSpec().getContainers();
    assertThat(containers.get(0).getVolumeMounts().size(), is(4));
    assertThat(containers.get(0).getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(containers.get(0).getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(containers.get(0).getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(containers.get(0).getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "scram-sha-512"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 83 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaConnectClusterTest method testGenerateDeploymentWithTls.

@ParallelTest
public void testGenerateDeploymentWithTls() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("new-cert.crt").build()).addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-another-secret").withCertificate("another-cert.crt").build()).endTls().endSpec().build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("my-another-secret"));
    List<Container> containers = dep.getSpec().getTemplate().getSpec().getContainers();
    assertThat(containers.get(0).getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-another-secret"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TRUSTED_CERTS), is("my-secret/cert.crt;my-secret/new-cert.crt;my-another-secret/another-cert.crt"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)).get(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS), is("true"));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 84 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaConnectClusterTest method testGenerateDeploymentWithScramSha256AuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for SCRAM SHA 512 client authentication. It checks that
 * the volumes and volume mounts that reference the secret are correctly created and that each volume name is only created once - volumes
 * with duplicate names will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithScramSha256AuthAndTLSSameSecret() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationScramSha256().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationScramSha256().endSpec().build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(3));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    List<Container> containers = dep.getSpec().getTemplate().getSpec().getContainers();
    assertThat(containers.get(0).getVolumeMounts().size(), is(4));
    assertThat(containers.get(0).getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(containers.get(0).getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(containers.get(0).getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(containers.get(0).getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "scram-sha-256"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 85 with CertSecretSourceBuilder

use of io.strimzi.api.kafka.model.CertSecretSourceBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaConnectClusterTest method testGenerateDeploymentWithPlainAuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for plain client authentication. It checks that
 * the volumes and volume mounts that reference the secret are correctly created and that each volume name is only created once - volumes
 * with duplicate names will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithPlainAuthAndTLSSameSecret() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationPlain().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationPlain().endSpec().build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(3));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    List<Container> containers = dep.getSpec().getTemplate().getSpec().getContainers();
    assertThat(containers.get(0).getVolumeMounts().size(), is(4));
    assertThat(containers.get(0).getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(containers.get(0).getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(containers.get(0).getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(containers.get(0).getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(containers.get(0).getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "plain"));
    assertThat(AbstractModel.containerEnvVars(containers.get(0)), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)86 ParallelTest (io.strimzi.test.annotations.ParallelTest)64 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)52 Container (io.fabric8.kubernetes.api.model.Container)50 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)30 KafkaClientAuthenticationTlsBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)28 Quantity (io.fabric8.kubernetes.api.model.Quantity)20 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)20 HashMap (java.util.HashMap)20 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)18 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)18 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)18 LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)18 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)18 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)18 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)18 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)18 ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)18 ContainerTemplate (io.strimzi.api.kafka.model.template.ContainerTemplate)18 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)18
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial