Search in sources :

Example 1 with KafkaMirrorMaker2ClusterSpecBuilder

use of io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithOAuthWithRefreshToken.

@ParallelTest
public void testGenerateDeploymentWithOAuthWithRefreshToken() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithOAuthWithRefreshToken = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withConnectTimeoutSeconds(15).withReadTimeoutSeconds(15).withNewRefreshToken().withSecretName("my-token-secret").withKey("my-token-key").endRefreshToken().build()).build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithOAuthWithRefreshToken).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    Container cont = getContainer(dep);
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_OAUTH_REFRESH_TOKEN.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-token-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_OAUTH_REFRESH_TOKEN.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-token-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ClientConfig.OAUTH_CONNECT_TIMEOUT_SECONDS, "15", ClientConfig.OAUTH_READ_TIMEOUT_SECONDS, "15")));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) OrderedProperties(io.strimzi.operator.common.model.OrderedProperties) ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ExternalConfigurationEnv(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnv) KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ExternalConfigurationEnvBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnvBuilder) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder) Probe(io.strimzi.api.kafka.model.Probe) ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Collectors(java.util.stream.Collectors) KafkaMirrorMaker2Resources(io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) Collections.emptyMap(java.util.Collections.emptyMap) ExternalConfigurationVolumeSource(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) IOException(java.io.IOException) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) Container(io.fabric8.kubernetes.api.model.Container) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 2 with KafkaMirrorMaker2ClusterSpecBuilder

use of io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithOAuthWithTls.

@ParallelTest
public void testGenerateDeploymentWithOAuthWithTls() {
    CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
    CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
    CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
    KafkaMirrorMaker2ClusterSpec targetClusterWithOAuthWithTls = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithOAuthWithTls).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    Container cont = getContainer(dep);
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
    // Volume mounts
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-0"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/second-certificate-1"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaConnectCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT + "/first-certificate-2"));
    // Volumes
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) OrderedProperties(io.strimzi.operator.common.model.OrderedProperties) ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ExternalConfigurationEnv(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnv) KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ExternalConfigurationEnvBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnvBuilder) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder) Probe(io.strimzi.api.kafka.model.Probe) ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Collectors(java.util.stream.Collectors) KafkaMirrorMaker2Resources(io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) Collections.emptyMap(java.util.Collections.emptyMap) ExternalConfigurationVolumeSource(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) IOException(java.io.IOException) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 3 with KafkaMirrorMaker2ClusterSpecBuilder

use of io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithScramSha512AuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for SCRAM SHA 512 client authentication. It checks that
 * the volumes and volume mounts that reference the secret are correctly created and that each volume name is only created once - volumes
 * with duplicate names will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithScramSha512AuthAndTLSSameSecret() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithScramSha512Auth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationScramSha512().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationScramSha512().build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithScramSha512Auth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(4));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("target-my-secret"));
    Container cont = getContainer(dep);
    assertThat(cont.getVolumeMounts().size(), is(6));
    assertThat(cont.getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(cont.getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(cont.getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(cont.getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(cont.getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(2).getMountPath(), is(KafkaMirrorMaker2Cluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getMountPath(), is(KafkaMirrorMaker2Cluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "scram-sha-512"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaMirrorMaker2Cluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 4 with KafkaMirrorMaker2ClusterSpecBuilder

use of io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithMultipleClustersScramSha256AuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for SCRAM SHA 256 client authentication for multiple clusters.
 * It checks that the volumes and volume mounts that reference the secret are correctly created and that each volume name and volume mount path is only
 * created once - duplicate volume names and duplicate volume mount paths will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithMultipleClustersScramSha256AuthAndTLSSameSecret() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithScramSha256Auth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationScramSha256().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationScramSha256().build();
    KafkaMirrorMaker2ClusterSpec sourceClusterWithScramSha256Auth = new KafkaMirrorMaker2ClusterSpecBuilder(targetClusterWithScramSha256Auth).withAlias("source").withBootstrapServers("source-bootstrap-kafka:9092").build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithScramSha256Auth, sourceClusterWithScramSha256Auth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(5));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("target-my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(4).getName(), is("source-my-secret"));
    Container cont = getContainer(dep);
    assertThat(cont.getVolumeMounts().size(), is(8));
    assertThat(cont.getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(cont.getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(cont.getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(cont.getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(cont.getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(6).getName(), is("source-my-secret"));
    assertThat(cont.getVolumeMounts().get(6).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + "source/my-secret"));
    assertThat(cont.getVolumeMounts().get(7).getName(), is("source-my-secret"));
    assertThat(cont.getVolumeMounts().get(7).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + "source/my-secret"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "scram-sha-256"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 5 with KafkaMirrorMaker2ClusterSpecBuilder

use of io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testGenerateDeploymentWithMultipleClustersScramSha512AuthAndTLSSameSecret.

/**
 * This test uses the same secret to hold the certs for TLS and the credentials for SCRAM SHA 512 client authentication for multiple clusters.
 * It checks that the volumes and volume mounts that reference the secret are correctly created and that each volume name and volume mount path is only
 * created once - duplicate volume names and duplicate volume mount paths will cause Kubernetes to reject the deployment.
 */
@ParallelTest
public void testGenerateDeploymentWithMultipleClustersScramSha512AuthAndTLSSameSecret() {
    KafkaMirrorMaker2ClusterSpec targetClusterWithScramSha512Auth = new KafkaMirrorMaker2ClusterSpecBuilder(this.targetCluster).editOrNewTls().addToTrustedCertificates(new CertSecretSourceBuilder().withSecretName("my-secret").withCertificate("cert.crt").build()).endTls().withNewKafkaClientAuthenticationScramSha512().withUsername("user1").withNewPasswordSecret().withSecretName("my-secret").withPassword("user1.password").endPasswordSecret().endKafkaClientAuthenticationScramSha512().build();
    KafkaMirrorMaker2ClusterSpec sourceClusterWithScramSha512Auth = new KafkaMirrorMaker2ClusterSpecBuilder(targetClusterWithScramSha512Auth).withAlias("source").withBootstrapServers("source-bootstrap-kafka:9092").build();
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resource).editSpec().withClusters(targetClusterWithScramSha512Auth, sourceClusterWithScramSha512Auth).endSpec().build();
    KafkaMirrorMaker2Cluster kmm2 = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kmm2.generateDeployment(emptyMap(), true, null, null);
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().size(), is(5));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(2).getName(), is("my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(3).getName(), is("target-my-secret"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().get(4).getName(), is("source-my-secret"));
    Container cont = getContainer(dep);
    assertThat(cont.getVolumeMounts().size(), is(8));
    assertThat(cont.getVolumeMounts().get(0).getName(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_VOLUME_NAME));
    assertThat(cont.getVolumeMounts().get(0).getMountPath(), is(AbstractModel.STRIMZI_TMP_DIRECTORY_DEFAULT_MOUNT_PATH));
    assertThat(cont.getVolumeMounts().get(1).getName(), is("kafka-metrics-and-logging"));
    assertThat(cont.getVolumeMounts().get(1).getMountPath(), is("/opt/kafka/custom-config/"));
    assertThat(cont.getVolumeMounts().get(2).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(2).getMountPath(), is(KafkaConnectCluster.TLS_CERTS_BASE_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getName(), is("my-secret"));
    assertThat(cont.getVolumeMounts().get(3).getMountPath(), is(KafkaConnectCluster.PASSWORD_VOLUME_MOUNT + "my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(4).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getName(), is("target-my-secret"));
    assertThat(cont.getVolumeMounts().get(5).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + targetClusterAlias + "/my-secret"));
    assertThat(cont.getVolumeMounts().get(6).getName(), is("source-my-secret"));
    assertThat(cont.getVolumeMounts().get(6).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_TLS_CERTS_BASE_VOLUME_MOUNT + "source/my-secret"));
    assertThat(cont.getVolumeMounts().get(7).getName(), is("source-my-secret"));
    assertThat(cont.getVolumeMounts().get(7).getMountPath(), is(KafkaMirrorMaker2Cluster.MIRRORMAKER_2_PASSWORD_VOLUME_MOUNT + "source/my-secret"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_PASSWORD_FILE, "my-secret/user1.password"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_USERNAME, "user1"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM, "scram-sha-512"));
    assertThat(AbstractModel.containerEnvVars(cont), hasEntry(KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_TLS, "true"));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) KafkaMirrorMaker2ClusterSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

KafkaMirrorMaker2ClusterSpec (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)54 KafkaMirrorMaker2ClusterSpecBuilder (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder)54 KafkaMirrorMaker2 (io.strimzi.api.kafka.model.KafkaMirrorMaker2)42 KafkaMirrorMaker2Builder (io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder)38 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)36 ParallelTest (io.strimzi.test.annotations.ParallelTest)36 Container (io.fabric8.kubernetes.api.model.Container)30 CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)26 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)18 KafkaMirrorMaker2Resources (io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources)14 Reconciliation (io.strimzi.operator.common.Reconciliation)14 HashMap (java.util.HashMap)14 List (java.util.List)14 Map (java.util.Map)14 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)12 Service (io.fabric8.kubernetes.api.model.Service)12 NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)12 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)12 KafkaJmxAuthenticationPasswordBuilder (io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder)12 KafkaJmxOptionsBuilder (io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder)12