Examples with KafkaUser io.strimzi.api.kafka.model.KafkaUser used on opensource projects

Search in sources :

Example 46 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class CustomAuthorizerST method testAclWithSuperUser.

@ParallelTest
@Tag(INTERNAL_CLIENTS_USED)
void testAclWithSuperUser(ExtensionContext extensionContext) {
    final TestStorage testStorage = new TestStorage(extensionContext, namespace);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(CLUSTER_NAME, testStorage.getTopicName(), namespace).build());
    KafkaUser adminUser = KafkaUserTemplates.tlsUser(namespace, CLUSTER_NAME, ADMIN).editSpec().withNewKafkaUserAuthorizationSimple().addNewAcl().withNewAclRuleTopicResource().withName(testStorage.getTopicName()).endAclRuleTopicResource().withOperation(AclOperation.WRITE).endAcl().addNewAcl().withNewAclRuleTopicResource().withName(testStorage.getTopicName()).endAclRuleTopicResource().withOperation(AclOperation.DESCRIBE).endAcl().endKafkaUserAuthorizationSimple().endSpec().build();
    resourceManager.createResource(extensionContext, adminUser);
    LOGGER.info("Checking kafka super user:{} that is able to send messages to topic:{}", ADMIN, testStorage.getTopicName());
    KafkaClients kafkaClients = new KafkaClientsBuilder().withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withNamespaceName(testStorage.getNamespaceName()).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(CLUSTER_NAME)).withTopicName(testStorage.getTopicName()).withUserName(ADMIN).build();
    resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(CLUSTER_NAME));
    ClientUtils.waitForClientSuccess(testStorage.getProducerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
    LOGGER.info("Checking kafka super user:{} that is able to read messages to topic:{} regardless that " + "we configured Acls with only write operation", ADMIN, TOPIC_NAME);
    resourceManager.createResource(extensionContext, kafkaClients.consumerTlsStrimzi(CLUSTER_NAME));
    ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used : KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) TestStorage(io.strimzi.systemtest.storage.TestStorage) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest) Tag(org.junit.jupiter.api.Tag)

Example 47 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class UserST method testTlsUserWithQuotas.

@ParallelTest
void testTlsUserWithQuotas(ExtensionContext extensionContext) {
    KafkaUser user = KafkaUserTemplates.tlsUser(namespace, userClusterName, "encrypted-arnost").build();
    testUserWithQuotas(extensionContext, user);
}
Also used : KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)

Example 48 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class UserST method testUpdateUser.

@ParallelTest
@Tag(ACCEPTANCE)
void testUpdateUser(ExtensionContext extensionContext) {
    String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(namespace, userClusterName, userName).build());
    String kafkaUserSecret = TestUtils.toJsonString(kubeClient(namespace).getSecret(userName));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['ca.crt']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['user.crt']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['user.key']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserSecret, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    KafkaUser kUser = KafkaUserResource.kafkaUserClient().inNamespace(namespace).withName(userName).get();
    String kafkaUserAsJson = TestUtils.toJsonString(kUser);
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.spec.authentication.type", equalTo(Constants.TLS_LISTENER_DEFAULT_NAME)));
    long observedGeneration = KafkaUserResource.kafkaUserClient().inNamespace(namespace).withName(userName).get().getStatus().getObservedGeneration();
    KafkaUserResource.replaceUserResourceInSpecificNamespace(userName, ku -> {
        ku.getMetadata().setResourceVersion(null);
        ku.getSpec().setAuthentication(new KafkaUserScramSha512ClientAuthentication());
    }, namespace);
    KafkaUserUtils.waitForKafkaUserIncreaseObserverGeneration(namespace, observedGeneration, userName);
    KafkaUserUtils.waitForKafkaUserCreation(namespace, userName);
    String anotherKafkaUserSecret = TestUtils.toJsonString(kubeClient(namespace).getSecret(namespace, userName));
    assertThat(anotherKafkaUserSecret, hasJsonPath("$.data.password", notNullValue()));
    kUser = Crds.kafkaUserOperation(kubeClient().getClient()).inNamespace(namespace).withName(userName).get();
    kafkaUserAsJson = TestUtils.toJsonString(kUser);
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.spec.authentication.type", equalTo("scram-sha-512")));
    Crds.kafkaUserOperation(kubeClient().getClient()).inNamespace(namespace).delete(kUser);
    KafkaUserUtils.waitForKafkaUserDeletion(userName);
}
Also used : KafkaUserScramSha512ClientAuthentication(io.strimzi.api.kafka.model.KafkaUserScramSha512ClientAuthentication) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest) Tag(org.junit.jupiter.api.Tag)

Example 49 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class UserST method testScramUserWithQuotas.

@ParallelTest
void testScramUserWithQuotas(ExtensionContext extensionContext) {
    KafkaUser user = KafkaUserTemplates.scramShaUser(namespace, userClusterName, "scramed-arnost").build();
    testUserWithQuotas(extensionContext, user);
}
Also used : KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)

Example 50 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class ListenersST method testMessagesTlsScramShaWithPredefinedPassword.

@ParallelNamespaceTest
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testMessagesTlsScramShaWithPredefinedPassword(ExtensionContext extensionContext) {
    final TestStorage testStorage = new TestStorage(extensionContext);
    final String firstUnencodedPassword = "completely_secret_password";
    final String secondUnencodedPassword = "completely_different_secret_password";
    final String firstEncodedPassword = Base64.getEncoder().encodeToString(firstUnencodedPassword.getBytes(StandardCharsets.UTF_8));
    final String secondEncodedPassword = Base64.getEncoder().encodeToString(secondUnencodedPassword.getBytes(StandardCharsets.UTF_8));
    final String secretName = testStorage.getClusterName() + "-secret";
    Secret password = new SecretBuilder().withNewMetadata().withName(secretName).endMetadata().addToData("password", firstEncodedPassword).build();
    kubeClient().namespace(testStorage.getNamespaceName()).createSecret(password);
    assertThat("Password in secret is not correct", kubeClient().namespace(testStorage.getNamespaceName()).getSecret(secretName).getData().get("password"), is(firstEncodedPassword));
    KafkaUser kafkaUser = KafkaUserTemplates.scramShaUser(testStorage.getClusterName(), testStorage.getUserName()).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("password", secretName, false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(testStorage.getClusterName(), 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withType(KafkaListenerType.INTERNAL).withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9096).withTls(true).withNewKafkaListenerAuthenticationScramSha512Auth().endKafkaListenerAuthenticationScramSha512Auth().build()).endKafka().endSpec().build(), kafkaUser, KafkaTopicTemplates.topic(testStorage.getClusterName(), testStorage.getUserName()).build());
    KafkaClients kafkaClients = new KafkaClientsBuilder().withNamespaceName(testStorage.getNamespaceName()).withTopicName(testStorage.getTopicName()).withBootstrapAddress(KafkaResources.bootstrapServiceName(testStorage.getClusterName()) + ":9096").withMessageCount(MESSAGE_COUNT).withUserName(testStorage.getUserName()).withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).build();
    resourceManager.createResource(extensionContext, kafkaClients.producerScramShaTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerScramShaTlsStrimzi(testStorage.getClusterName()));
    ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
    LOGGER.info("Changing password in secret: {}, we should be able to send/receive messages", secretName);
    password = new SecretBuilder(password).addToData("password", secondEncodedPassword).build();
    kubeClient().namespace(testStorage.getNamespaceName()).createSecret(password);
    SecretUtils.waitForUserPasswordChange(testStorage.getNamespaceName(), testStorage.getUserName(), secondEncodedPassword);
    LOGGER.info("Receiving messages with new password");
    kafkaClients = new KafkaClientsBuilder(kafkaClients).withConsumerGroup(ClientUtils.generateRandomConsumerGroup()).build();
    resourceManager.createResource(extensionContext, kafkaClients.producerScramShaTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerScramShaTlsStrimzi(testStorage.getClusterName()));
    ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) TestStorage(io.strimzi.systemtest.storage.TestStorage) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)

Aggregations

KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128 Test (org.junit.jupiter.api.Test)70 Secret (io.fabric8.kubernetes.api.model.Secret)68 KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44 CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44 HashSet (java.util.HashSet)44 KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42 Reconciliation (io.strimzi.operator.common.Reconciliation)42 Promise (io.vertx.core.Promise)42 Checkpoint (io.vertx.junit5.Checkpoint)40 CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40 KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36 CertManager (io.strimzi.certs.CertManager)36 KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36 Future (io.vertx.core.Future)36
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial