use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.
the class KafkaUserOperatorTest method testUserStatusNotReadyIfSecretFailedReconcile.
@Test
public void testUserStatusNotReadyIfSecretFailedReconcile(VertxTestContext context) {
String failureMsg = "failure";
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
KafkaUser user = ResourceUtils.createKafkaUserTls();
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.get(anyString(), anyString())).thenReturn(user);
when(mockSecretOps.reconcile(any(), anyString(), anyString(), any(Secret.class))).thenReturn(Future.failedFuture(failureMsg));
when(aclOps.reconcile(any(), anyString(), any())).thenReturn(Future.succeededFuture());
when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
ArgumentCaptor<KafkaUser> userCaptor = ArgumentCaptor.forClass(KafkaUser.class);
when(mockCrdOps.updateStatusAsync(any(), userCaptor.capture())).thenReturn(Future.succeededFuture());
when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
Checkpoint async = context.checkpoint();
op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.failing(e -> context.verify(() -> {
List<KafkaUser> capturedStatuses = userCaptor.getAllValues();
assertThat(capturedStatuses.get(0).getStatus().getUsername(), is("CN=user"));
assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getStatus(), is("True"));
assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getMessage(), is(failureMsg));
assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getType(), is("NotReady"));
async.flag();
})));
}
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.
the class Main method run.
static Future<String> run(Vertx vertx, KubernetesClient client, AdminClientProvider adminClientProvider, UserOperatorConfig config) {
Util.printEnvInfo();
String dnsCacheTtl = System.getenv("STRIMZI_DNS_CACHE_TTL") == null ? "30" : System.getenv("STRIMZI_DNS_CACHE_TTL");
Security.setProperty("networkaddress.cache.ttl", dnsCacheTtl);
OpenSslCertManager certManager = new OpenSslCertManager();
SecretOperator secretOperations = new SecretOperator(vertx, client);
CrdOperator<KubernetesClient, KafkaUser, KafkaUserList> crdOperations = new CrdOperator<>(vertx, client, KafkaUser.class, KafkaUserList.class, KafkaUser.RESOURCE_KIND);
return createAdminClient(adminClientProvider, config, secretOperations).compose(adminClient -> {
SimpleAclOperator aclOperations = new SimpleAclOperator(vertx, adminClient);
ScramCredentialsOperator scramCredentialsOperator = new ScramCredentialsOperator(vertx, adminClient);
QuotasOperator quotasOperator = new QuotasOperator(vertx, adminClient);
KafkaUserOperator kafkaUserOperations = new KafkaUserOperator(vertx, certManager, crdOperations, secretOperations, scramCredentialsOperator, quotasOperator, aclOperations, config);
Promise<String> promise = Promise.promise();
UserOperator operator = new UserOperator(config.getNamespace(), config, client, kafkaUserOperations);
vertx.deployVerticle(operator, res -> {
if (res.succeeded()) {
LOGGER.info("User Operator verticle started in namespace {}", config.getNamespace());
} else {
LOGGER.error("User Operator verticle in namespace {} failed to start", config.getNamespace(), res.cause());
System.exit(1);
}
promise.handle(res);
});
return promise.future();
});
}
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserOperatorTest method testReconcileTlsExternalUser.
@Test
public void testReconcileTlsExternalUser(VertxTestContext context) {
KafkaUser user = new KafkaUserBuilder(ResourceUtils.createKafkaUserQuotas(1000000, 2000000, 55, 10.0)).editSpec().withNewKafkaUserTlsExternalClientAuthentication().endKafkaUserTlsExternalClientAuthentication().endSpec().build();
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> scramUserCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> scramPasswordCaptor = ArgumentCaptor.forClass(String.class);
when(scramOps.reconcile(any(), scramUserCaptor.capture(), scramPasswordCaptor.capture())).thenReturn(Future.succeededFuture());
when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> quotasUserNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<KafkaUserQuotas> quotasCaptor = ArgumentCaptor.forClass(KafkaUserQuotas.class);
when(quotasOps.reconcile(any(), quotasUserNameCaptor.capture(), quotasCaptor.capture())).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
assertThat(capturedSecrets.get(0), is(nullValue()));
assertThat(scramUserCaptor.getValue(), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
assertThat(scramPasswordCaptor.getValue(), is(nullValue()));
List<String> capturedAclNames = aclNameCaptor.getAllValues();
assertThat(capturedAclNames, hasSize(2));
assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
assertThat(capturedAcls, hasSize(2));
assertThat(capturedAcls.get(0), hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
assertThat(capturedAcls.get(0), is(ResourceUtils.createExpectedSimpleAclRules(user)));
assertThat(capturedAcls.get(1), is(nullValue()));
List<String> capturedQuotasNames = quotasUserNameCaptor.getAllValues();
assertThat(capturedQuotasNames, hasSize(2));
assertThat(capturedQuotasNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedQuotasNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<KafkaUserQuotas> capturedQuotas = quotasCaptor.getAllValues();
assertThat(capturedQuotas, hasSize(2));
assertThat(capturedQuotas.get(0), is(notNullValue()));
assertThat(capturedQuotas.get(0).getConsumerByteRate(), is(1000000));
assertThat(capturedQuotas.get(0).getProducerByteRate(), is(2000000));
assertThat(capturedQuotas.get(0).getRequestPercentage(), is(55));
assertThat(capturedQuotas.get(0).getControllerMutationRate(), is(10.0));
assertThat(capturedQuotas.get(1), is(nullValue()));
async.flag();
})));
}
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserOperatorTest method testCreateUserWithAclsDisabled.
@Test
public void testCreateUserWithAclsDisabled(VertxTestContext context) {
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig(Map.of(), false, false, "12"));
KafkaUser user = new KafkaUserBuilder().withNewMetadata().withName(ResourceUtils.NAME).withNamespace(ResourceUtils.NAMESPACE).endMetadata().withNewSpec().withNewKafkaUserTlsClientAuthentication().endKafkaUserTlsClientAuthentication().withNewQuotas().withConsumerByteRate(1024 * 1024).withProducerByteRate(1024 * 1024).endQuotas().endSpec().build();
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
when(mockSecretOps.getAsync(anyString(), eq("user-cert"))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq("user-key"))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
Secret captured = capturedSecrets.get(0);
assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
verify(aclOps, never()).reconcile(any(), any(), any());
async.flag();
})));
}
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserOperatorTest method testReconcileExistingTlsUser.
@Test
public void testReconcileExistingTlsUser(VertxTestContext context) {
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
KafkaUser user = ResourceUtils.createKafkaUserTls();
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
Secret userCert = ResourceUtils.createUserSecretTls();
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(userCert));
when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(ResourceUtils.NAME, is(capturedNames.get(0)));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
Secret captured = capturedSecrets.get(0);
assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withStrimziKind(KafkaUser.RESOURCE_KIND).toMap()));
assertThat(captured.getData().get("ca.crt"), is(userCert.getData().get("ca.crt")));
assertThat(captured.getData().get("user.crt"), is(userCert.getData().get("user.crt")));
assertThat(captured.getData().get("user.key"), is(userCert.getData().get("user.key")));
List<String> capturedAclNames = aclNameCaptor.getAllValues();
assertThat(capturedAclNames, hasSize(2));
assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
assertThat(capturedAcls, hasSize(2));
Set<SimpleAclRule> aclRules = capturedAcls.get(0);
assertThat(aclRules, hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
assertThat(aclRules, is(ResourceUtils.createExpectedSimpleAclRules(user)));
assertThat(capturedAcls.get(1), is(nullValue()));
async.flag();
})));
}
Aggregations