use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testSimpleAuthorizationWithoutSuperUsers.
@ParallelTest
public void testSimpleAuthorizationWithoutSuperUsers() {
KafkaAuthorization auth = new KafkaAuthorizationSimpleBuilder().build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
assertThat(configuration, isEquivalent("authorizer.class.name=kafka.security.authorizer.AclAuthorizer\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi"));
}
use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testOpaAuthorization.
@ParallelTest
public void testOpaAuthorization() {
KafkaAuthorization auth = new KafkaAuthorizationOpaBuilder().withUrl("http://opa:8181/v1/data/kafka/allow").withAllowOnError(true).withInitialCacheCapacity(1000).withMaximumCacheSize(10000).withExpireAfterMs(60000).addToSuperUsers("jack", "CN=conor").build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
assertThat(configuration, isEquivalent("authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer\n" + "opa.authorizer.url=http://opa:8181/v1/data/kafka/allow\n" + "opa.authorizer.allow.on.error=true\n" + "opa.authorizer.metrics.enabled=false\n" + "opa.authorizer.cache.initial.capacity=1000\n" + "opa.authorizer.cache.maximum.size=10000\n" + "opa.authorizer.cache.expire.after.seconds=60\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:jack;User:CN=conor"));
}
use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testOpaAuthorization.
@ParallelTest
public void testOpaAuthorization() {
KafkaAuthorization auth = new KafkaAuthorizationOpaBuilder().withUrl("http://opa:8181/v1/data/kafka/allow").withAllowOnError(true).withInitialCacheCapacity(1000).withMaximumCacheSize(10000).withExpireAfterMs(60000).addToSuperUsers("jack", "CN=conor").build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
assertThat(configuration, isEquivalent("authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer\n" + "opa.authorizer.url=http://opa:8181/v1/data/kafka/allow\n" + "opa.authorizer.allow.on.error=true\n" + "opa.authorizer.metrics.enabled=false\n" + "opa.authorizer.cache.initial.capacity=1000\n" + "opa.authorizer.cache.maximum.size=10000\n" + "opa.authorizer.cache.expire.after.seconds=60\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:jack;User:CN=conor"));
}
use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testKeycloakAuthorizationWithDefaults.
@ParallelTest
public void testKeycloakAuthorizationWithDefaults() {
CertSecretSource cert = new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("my.crt").build();
KafkaAuthorization auth = new KafkaAuthorizationKeycloakBuilder().withTokenEndpointUri("http://token-endpoint-uri").withClientId("my-client-id").withTlsTrustedCertificates(cert).withReadTimeoutSeconds(30).build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
assertThat(configuration, isEquivalent("authorizer.class.name=io.strimzi.kafka.oauth.server.authorizer.KeycloakRBACAuthorizer\n" + "strimzi.authorization.token.endpoint.uri=http://token-endpoint-uri\n" + "strimzi.authorization.client.id=my-client-id\n" + "strimzi.authorization.delegate.to.kafka.acl=false\n" + "strimzi.authorization.kafka.cluster.name=my-cluster\n" + "strimzi.authorization.ssl.truststore.location=/tmp/kafka/authz-keycloak.truststore.p12\n" + "strimzi.authorization.ssl.truststore.password=${CERTS_STORE_PASSWORD}\n" + "strimzi.authorization.ssl.truststore.type=PKCS12\n" + "strimzi.authorization.ssl.secure.random.implementation=SHA1PRNG\n" + "strimzi.authorization.ssl.endpoint.identification.algorithm=HTTPS\n" + "strimzi.authorization.read.timeout.seconds=30\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi"));
}
use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testKeycloakAuthorization.
@ParallelTest
public void testKeycloakAuthorization() {
CertSecretSource cert = new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("my.crt").build();
KafkaAuthorization auth = new KafkaAuthorizationKeycloakBuilder().withTokenEndpointUri("http://token-endpoint-uri").withClientId("my-client-id").withDelegateToKafkaAcls(false).withGrantsRefreshPeriodSeconds(120).withGrantsRefreshPoolSize(10).withTlsTrustedCertificates(cert).withDisableTlsHostnameVerification(true).addToSuperUsers("giada", "CN=paccu").withConnectTimeoutSeconds(30).build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
assertThat(configuration, isEquivalent("authorizer.class.name=io.strimzi.kafka.oauth.server.authorizer.KeycloakRBACAuthorizer\n" + "strimzi.authorization.token.endpoint.uri=http://token-endpoint-uri\n" + "strimzi.authorization.client.id=my-client-id\n" + "strimzi.authorization.delegate.to.kafka.acl=false\n" + "strimzi.authorization.kafka.cluster.name=my-cluster\n" + "strimzi.authorization.ssl.truststore.location=/tmp/kafka/authz-keycloak.truststore.p12\n" + "strimzi.authorization.ssl.truststore.password=${CERTS_STORE_PASSWORD}\n" + "strimzi.authorization.ssl.truststore.type=PKCS12\n" + "strimzi.authorization.ssl.secure.random.implementation=SHA1PRNG\n" + "strimzi.authorization.ssl.endpoint.identification.algorithm=\n" + "strimzi.authorization.grants.refresh.period.seconds=120\n" + "strimzi.authorization.grants.refresh.pool.size=10\n" + "strimzi.authorization.connect.timeout.seconds=30\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:giada;User:CN=paccu"));
}
Aggregations