Search in sources :

Example 1 with KafkaAuthorization

use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testSimpleAuthorizationWithoutSuperUsers.

@ParallelTest
public void testSimpleAuthorizationWithoutSuperUsers() {
    KafkaAuthorization auth = new KafkaAuthorizationSimpleBuilder().build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
    assertThat(configuration, isEquivalent("authorizer.class.name=kafka.security.authorizer.AclAuthorizer\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi"));
}
Also used : KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) KafkaAuthorizationSimpleBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationSimpleBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 2 with KafkaAuthorization

use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testOpaAuthorization.

@ParallelTest
public void testOpaAuthorization() {
    KafkaAuthorization auth = new KafkaAuthorizationOpaBuilder().withUrl("http://opa:8181/v1/data/kafka/allow").withAllowOnError(true).withInitialCacheCapacity(1000).withMaximumCacheSize(10000).withExpireAfterMs(60000).addToSuperUsers("jack", "CN=conor").build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
    assertThat(configuration, isEquivalent("authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer\n" + "opa.authorizer.url=http://opa:8181/v1/data/kafka/allow\n" + "opa.authorizer.allow.on.error=true\n" + "opa.authorizer.metrics.enabled=false\n" + "opa.authorizer.cache.initial.capacity=1000\n" + "opa.authorizer.cache.maximum.size=10000\n" + "opa.authorizer.cache.expire.after.seconds=60\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:jack;User:CN=conor"));
}
Also used : KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) KafkaAuthorizationOpaBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationOpaBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 3 with KafkaAuthorization

use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testOpaAuthorization.

@ParallelTest
public void testOpaAuthorization() {
    KafkaAuthorization auth = new KafkaAuthorizationOpaBuilder().withUrl("http://opa:8181/v1/data/kafka/allow").withAllowOnError(true).withInitialCacheCapacity(1000).withMaximumCacheSize(10000).withExpireAfterMs(60000).addToSuperUsers("jack", "CN=conor").build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
    assertThat(configuration, isEquivalent("authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer\n" + "opa.authorizer.url=http://opa:8181/v1/data/kafka/allow\n" + "opa.authorizer.allow.on.error=true\n" + "opa.authorizer.metrics.enabled=false\n" + "opa.authorizer.cache.initial.capacity=1000\n" + "opa.authorizer.cache.maximum.size=10000\n" + "opa.authorizer.cache.expire.after.seconds=60\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:jack;User:CN=conor"));
}
Also used : KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) KafkaAuthorizationOpaBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationOpaBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 4 with KafkaAuthorization

use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testKeycloakAuthorizationWithDefaults.

@ParallelTest
public void testKeycloakAuthorizationWithDefaults() {
    CertSecretSource cert = new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("my.crt").build();
    KafkaAuthorization auth = new KafkaAuthorizationKeycloakBuilder().withTokenEndpointUri("http://token-endpoint-uri").withClientId("my-client-id").withTlsTrustedCertificates(cert).withReadTimeoutSeconds(30).build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
    assertThat(configuration, isEquivalent("authorizer.class.name=io.strimzi.kafka.oauth.server.authorizer.KeycloakRBACAuthorizer\n" + "strimzi.authorization.token.endpoint.uri=http://token-endpoint-uri\n" + "strimzi.authorization.client.id=my-client-id\n" + "strimzi.authorization.delegate.to.kafka.acl=false\n" + "strimzi.authorization.kafka.cluster.name=my-cluster\n" + "strimzi.authorization.ssl.truststore.location=/tmp/kafka/authz-keycloak.truststore.p12\n" + "strimzi.authorization.ssl.truststore.password=${CERTS_STORE_PASSWORD}\n" + "strimzi.authorization.ssl.truststore.type=PKCS12\n" + "strimzi.authorization.ssl.secure.random.implementation=SHA1PRNG\n" + "strimzi.authorization.ssl.endpoint.identification.algorithm=HTTPS\n" + "strimzi.authorization.read.timeout.seconds=30\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi"));
}
Also used : KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 5 with KafkaAuthorization

use of io.strimzi.api.kafka.model.KafkaAuthorization in project strimzi-kafka-operator by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testKeycloakAuthorization.

@ParallelTest
public void testKeycloakAuthorization() {
    CertSecretSource cert = new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("my.crt").build();
    KafkaAuthorization auth = new KafkaAuthorizationKeycloakBuilder().withTokenEndpointUri("http://token-endpoint-uri").withClientId("my-client-id").withDelegateToKafkaAcls(false).withGrantsRefreshPeriodSeconds(120).withGrantsRefreshPoolSize(10).withTlsTrustedCertificates(cert).withDisableTlsHostnameVerification(true).addToSuperUsers("giada", "CN=paccu").withConnectTimeoutSeconds(30).build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withAuthorization("my-cluster", auth).build();
    assertThat(configuration, isEquivalent("authorizer.class.name=io.strimzi.kafka.oauth.server.authorizer.KeycloakRBACAuthorizer\n" + "strimzi.authorization.token.endpoint.uri=http://token-endpoint-uri\n" + "strimzi.authorization.client.id=my-client-id\n" + "strimzi.authorization.delegate.to.kafka.acl=false\n" + "strimzi.authorization.kafka.cluster.name=my-cluster\n" + "strimzi.authorization.ssl.truststore.location=/tmp/kafka/authz-keycloak.truststore.p12\n" + "strimzi.authorization.ssl.truststore.password=${CERTS_STORE_PASSWORD}\n" + "strimzi.authorization.ssl.truststore.type=PKCS12\n" + "strimzi.authorization.ssl.secure.random.implementation=SHA1PRNG\n" + "strimzi.authorization.ssl.endpoint.identification.algorithm=\n" + "strimzi.authorization.grants.refresh.period.seconds=120\n" + "strimzi.authorization.grants.refresh.pool.size=10\n" + "strimzi.authorization.connect.timeout.seconds=30\n" + "super.users=User:CN=my-cluster-kafka,O=io.strimzi;User:CN=my-cluster-entity-topic-operator,O=io.strimzi;User:CN=my-cluster-entity-user-operator,O=io.strimzi;User:CN=my-cluster-kafka-exporter,O=io.strimzi;User:CN=my-cluster-cruise-control,O=io.strimzi;User:CN=cluster-operator,O=io.strimzi;User:giada;User:CN=paccu"));
}
Also used : KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

KafkaAuthorization (io.strimzi.api.kafka.model.KafkaAuthorization)14 ParallelTest (io.strimzi.test.annotations.ParallelTest)12 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)12 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)4 CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)4 KafkaAuthorizationKeycloakBuilder (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder)4 KafkaAuthorizationOpaBuilder (io.strimzi.api.kafka.model.KafkaAuthorizationOpaBuilder)4 KafkaAuthorizationSimpleBuilder (io.strimzi.api.kafka.model.KafkaAuthorizationSimpleBuilder)4 VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)2 CertAndKeySecretSource (io.strimzi.api.kafka.model.CertAndKeySecretSource)2 CruiseControlSpec (io.strimzi.api.kafka.model.CruiseControlSpec)2 KafkaAuthorizationCustom (io.strimzi.api.kafka.model.KafkaAuthorizationCustom)2 KafkaAuthorizationKeycloak (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak)2 KafkaAuthorizationOpa (io.strimzi.api.kafka.model.KafkaAuthorizationOpa)2 KafkaAuthorizationSimple (io.strimzi.api.kafka.model.KafkaAuthorizationSimple)2 KafkaResources (io.strimzi.api.kafka.model.KafkaResources)2 Rack (io.strimzi.api.kafka.model.Rack)2 KafkaListenerAuthentication (io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication)2 KafkaListenerAuthenticationCustom (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)2 KafkaListenerAuthenticationOAuth (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)2