Search in sources :

Example 76 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class KafkaUserOperatorTest method testUserStatusNotReadyIfSecretFailedReconcile.

@Test
public void testUserStatusNotReadyIfSecretFailedReconcile(VertxTestContext context) {
    String failureMsg = "failure";
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.get(anyString(), anyString())).thenReturn(user);
    when(mockSecretOps.reconcile(any(), anyString(), anyString(), any(Secret.class))).thenReturn(Future.failedFuture(failureMsg));
    when(aclOps.reconcile(any(), anyString(), any())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<KafkaUser> userCaptor = ArgumentCaptor.forClass(KafkaUser.class);
    when(mockCrdOps.updateStatusAsync(any(), userCaptor.capture())).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.failing(e -> context.verify(() -> {
        List<KafkaUser> capturedStatuses = userCaptor.getAllValues();
        assertThat(capturedStatuses.get(0).getStatus().getUsername(), is("CN=user"));
        assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getStatus(), is("True"));
        assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getMessage(), is(failureMsg));
        assertThat(capturedStatuses.get(0).getStatus().getConditions().get(0).getType(), is("NotReady"));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 77 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi-kafka-operator by strimzi.

the class Main method run.

static Future<String> run(Vertx vertx, KubernetesClient client, AdminClientProvider adminClientProvider, UserOperatorConfig config) {
    Util.printEnvInfo();
    String dnsCacheTtl = System.getenv("STRIMZI_DNS_CACHE_TTL") == null ? "30" : System.getenv("STRIMZI_DNS_CACHE_TTL");
    Security.setProperty("networkaddress.cache.ttl", dnsCacheTtl);
    OpenSslCertManager certManager = new OpenSslCertManager();
    SecretOperator secretOperations = new SecretOperator(vertx, client);
    CrdOperator<KubernetesClient, KafkaUser, KafkaUserList> crdOperations = new CrdOperator<>(vertx, client, KafkaUser.class, KafkaUserList.class, KafkaUser.RESOURCE_KIND);
    return createAdminClient(adminClientProvider, config, secretOperations).compose(adminClient -> {
        SimpleAclOperator aclOperations = new SimpleAclOperator(vertx, adminClient);
        ScramCredentialsOperator scramCredentialsOperator = new ScramCredentialsOperator(vertx, adminClient);
        QuotasOperator quotasOperator = new QuotasOperator(vertx, adminClient);
        KafkaUserOperator kafkaUserOperations = new KafkaUserOperator(vertx, certManager, crdOperations, secretOperations, scramCredentialsOperator, quotasOperator, aclOperations, config);
        Promise<String> promise = Promise.promise();
        UserOperator operator = new UserOperator(config.getNamespace(), config, client, kafkaUserOperations);
        vertx.deployVerticle(operator, res -> {
            if (res.succeeded()) {
                LOGGER.info("User Operator verticle started in namespace {}", config.getNamespace());
            } else {
                LOGGER.error("User Operator verticle in namespace {} failed to start", config.getNamespace(), res.cause());
                System.exit(1);
            }
            promise.handle(res);
        });
        return promise.future();
    });
}
Also used : KafkaUserOperator(io.strimzi.operator.user.operator.KafkaUserOperator) DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) KafkaUserOperator(io.strimzi.operator.user.operator.KafkaUserOperator) KafkaUserList(io.strimzi.api.kafka.KafkaUserList) SimpleAclOperator(io.strimzi.operator.user.operator.SimpleAclOperator) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) QuotasOperator(io.strimzi.operator.user.operator.QuotasOperator) ScramCredentialsOperator(io.strimzi.operator.user.operator.ScramCredentialsOperator) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) KafkaUser(io.strimzi.api.kafka.model.KafkaUser)

Example 78 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testReconcileTlsExternalUser.

@Test
public void testReconcileTlsExternalUser(VertxTestContext context) {
    KafkaUser user = new KafkaUserBuilder(ResourceUtils.createKafkaUserQuotas(1000000, 2000000, 55, 10.0)).editSpec().withNewKafkaUserTlsExternalClientAuthentication().endKafkaUserTlsExternalClientAuthentication().endSpec().build();
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> scramUserCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> scramPasswordCaptor = ArgumentCaptor.forClass(String.class);
    when(scramOps.reconcile(any(), scramUserCaptor.capture(), scramPasswordCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> quotasUserNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<KafkaUserQuotas> quotasCaptor = ArgumentCaptor.forClass(KafkaUserQuotas.class);
    when(quotasOps.reconcile(any(), quotasUserNameCaptor.capture(), quotasCaptor.capture())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        assertThat(capturedSecrets.get(0), is(nullValue()));
        assertThat(scramUserCaptor.getValue(), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        assertThat(scramPasswordCaptor.getValue(), is(nullValue()));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        assertThat(capturedAcls.get(0), hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
        assertThat(capturedAcls.get(0), is(ResourceUtils.createExpectedSimpleAclRules(user)));
        assertThat(capturedAcls.get(1), is(nullValue()));
        List<String> capturedQuotasNames = quotasUserNameCaptor.getAllValues();
        assertThat(capturedQuotasNames, hasSize(2));
        assertThat(capturedQuotasNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedQuotasNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<KafkaUserQuotas> capturedQuotas = quotasCaptor.getAllValues();
        assertThat(capturedQuotas, hasSize(2));
        assertThat(capturedQuotas.get(0), is(notNullValue()));
        assertThat(capturedQuotas.get(0).getConsumerByteRate(), is(1000000));
        assertThat(capturedQuotas.get(0).getProducerByteRate(), is(2000000));
        assertThat(capturedQuotas.get(0).getRequestPercentage(), is(55));
        assertThat(capturedQuotas.get(0).getControllerMutationRate(), is(10.0));
        assertThat(capturedQuotas.get(1), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 79 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testCreateUserWithAclsDisabled.

@Test
public void testCreateUserWithAclsDisabled(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig(Map.of(), false, false, "12"));
    KafkaUser user = new KafkaUserBuilder().withNewMetadata().withName(ResourceUtils.NAME).withNamespace(ResourceUtils.NAMESPACE).endMetadata().withNewSpec().withNewKafkaUserTlsClientAuthentication().endKafkaUserTlsClientAuthentication().withNewQuotas().withConsumerByteRate(1024 * 1024).withProducerByteRate(1024 * 1024).endQuotas().endSpec().build();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    when(mockSecretOps.getAsync(anyString(), eq("user-cert"))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq("user-key"))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
        verify(aclOps, never()).reconcile(any(), any(), any());
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 80 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testReconcileExistingTlsUser.

@Test
public void testReconcileExistingTlsUser(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    Secret userCert = ResourceUtils.createUserSecretTls();
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(userCert));
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(ResourceUtils.NAME, is(capturedNames.get(0)));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withStrimziKind(KafkaUser.RESOURCE_KIND).toMap()));
        assertThat(captured.getData().get("ca.crt"), is(userCert.getData().get("ca.crt")));
        assertThat(captured.getData().get("user.crt"), is(userCert.getData().get("user.crt")));
        assertThat(captured.getData().get("user.key"), is(userCert.getData().get("user.key")));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        Set<SimpleAclRule> aclRules = capturedAcls.get(0);
        assertThat(aclRules, hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
        assertThat(aclRules, is(ResourceUtils.createExpectedSimpleAclRules(user)));
        assertThat(capturedAcls.get(1), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Aggregations

KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128 Test (org.junit.jupiter.api.Test)70 Secret (io.fabric8.kubernetes.api.model.Secret)68 KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44 CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44 HashSet (java.util.HashSet)44 KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42 Reconciliation (io.strimzi.operator.common.Reconciliation)42 Promise (io.vertx.core.Promise)42 Checkpoint (io.vertx.junit5.Checkpoint)40 CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40 KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36 CertManager (io.strimzi.certs.CertManager)36 KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36 Future (io.vertx.core.Future)36