Example 91 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class MultipleListenersST method runListenersTest.
private void runListenersTest(ExtensionContext extensionContext, List<GenericKafkaListener> listeners, String clusterName) {
LOGGER.info("This is listeners {}, which will verified.", listeners);
// exercise phase
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(listeners).endKafka().endSpec().build());
// only on thread can access to verification phase (here is a lot of variables which can be modified in run-time (data-race))
synchronized (lock) {
String kafkaUsername = KafkaUserUtils.generateRandomNameOfKafkaUser();
KafkaUser kafkaUserInstance = KafkaUserTemplates.tlsUser(namespace, clusterName, kafkaUsername).build();
resourceManager.createResource(extensionContext, kafkaUserInstance);
for (GenericKafkaListener listener : listeners) {
final String producerName = "producer-" + new Random().nextInt(Integer.MAX_VALUE);
final String consumerName = "consumer-" + new Random().nextInt(Integer.MAX_VALUE);
String topicName = KafkaTopicUtils.generateRandomNameOfTopic();
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName, namespace).build());
boolean isTlsEnabled = listener.isTls();
if (listener.getType() != KafkaListenerType.INTERNAL) {
if (isTlsEnabled) {
ExternalKafkaClient externalTlsKafkaClient = new ExternalKafkaClient.Builder().withTopicName(topicName).withNamespaceName(namespace).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withKafkaUsername(kafkaUsername).withListenerName(listener.getName()).withSecurityProtocol(SecurityProtocol.SSL).withListenerName(listener.getName()).build();
LOGGER.info("Verifying {} listener", Constants.TLS_LISTENER_DEFAULT_NAME);
// verify phase
externalTlsKafkaClient.verifyProducedAndConsumedMessages(externalTlsKafkaClient.sendMessagesTls(), externalTlsKafkaClient.receiveMessagesTls());
} else {
ExternalKafkaClient externalPlainKafkaClient = new ExternalKafkaClient.Builder().withTopicName(topicName).withNamespaceName(namespace).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withSecurityProtocol(SecurityProtocol.PLAINTEXT).withListenerName(listener.getName()).build();
LOGGER.info("Verifying {} listener", Constants.PLAIN_LISTENER_DEFAULT_NAME);
// verify phase
externalPlainKafkaClient.verifyProducedAndConsumedMessages(externalPlainKafkaClient.sendMessagesPlain(), externalPlainKafkaClient.receiveMessagesPlain());
}
} else {
// using internal clients
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withProducerName(producerName).withConsumerName(consumerName).withUserName(kafkaUsername).withNamespaceName(namespace).withBootstrapAddress(KafkaResources.bootstrapServiceName(clusterName) + ":" + listener.getPort()).build();
if (isTlsEnabled) {
// verify phase
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(clusterName), kafkaClients.consumerTlsStrimzi(clusterName));
} else {
resourceManager.createResource(extensionContext, kafkaClients.producerStrimzi(), kafkaClients.consumerStrimzi());
}
ClientUtils.waitForClientsSuccess(producerName, consumerName, namespace, MESSAGE_COUNT);
}
}
}
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient)
GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)
Random(java.util.Random)
ThreadLocalRandom(java.util.concurrent.ThreadLocalRandom)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Example 92 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class ConnectIsolatedST method testSecretsWithKafkaConnectWithTlsAndTlsClientAuthentication.
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test class")
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testSecretsWithKafkaConnectWithTlsAndTlsClientAuthentication(ExtensionContext extensionContext) {
TestStorage storage = new TestStorage(extensionContext);
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(storage.getClusterName(), 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
KafkaUser kafkaUser = KafkaUserTemplates.tlsUser(storage.getClusterName(), storage.getUserName()).build();
resourceManager.createResource(extensionContext, kafkaUser);
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(storage.getClusterName(), storage.getTopicName()).build());
KafkaConnect connect = KafkaConnectTemplates.kafkaConnectWithFilePlugin(storage.getNamespaceName(), storage.getClusterName(), 1).editSpec().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewTls().addNewTrustedCertificate().withSecretName(storage.getClusterName() + "-cluster-ca-cert").withCertificate("ca.crt").endTrustedCertificate().endTls().withBootstrapServers(storage.getClusterName() + "-kafka-bootstrap:9093").withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(storage.getUserName()).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().endSpec().build();
resourceManager.createResource(extensionContext, connect, ScraperTemplates.scraperPod(storage.getNamespaceName(), storage.getScraperName()).build());
LOGGER.info("Deploy NetworkPolicies for KafkaConnect");
NetworkPolicyResource.deployNetworkPolicyForResource(extensionContext, connect, KafkaConnectResources.deploymentName(storage.getClusterName()));
final String kafkaConnectPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(KafkaConnectResources.deploymentName(storage.getClusterName())).get(0).getMetadata().getName();
final String kafkaConnectLogs = kubeClient(storage.getNamespaceName()).logs(kafkaConnectPodName);
final String scraperPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(storage.getScraperName()).get(0).getMetadata().getName();
KafkaConnectUtils.waitUntilKafkaConnectRestApiIsAvailable(storage.getNamespaceName(), kafkaConnectPodName);
LOGGER.info("Verifying that KafkaConnect pod logs don't contain ERRORs");
assertThat(kafkaConnectLogs, not(containsString("ERROR")));
LOGGER.info("Creating FileStreamSink connector via pod {} with topic {}", scraperPodName, storage.getTopicName());
KafkaConnectorUtils.createFileSinkConnector(storage.getNamespaceName(), scraperPodName, storage.getTopicName(), Constants.DEFAULT_SINK_FILE_PATH, KafkaConnectResources.url(storage.getClusterName(), storage.getNamespaceName(), 8083));
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(storage.getTopicName()).withMessageCount(MESSAGE_COUNT).withUserName(storage.getUserName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(storage.getClusterName())).withProducerName(storage.getProducerName()).withConsumerName(storage.getConsumerName()).withNamespaceName(storage.getNamespaceName()).build();
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(storage.getClusterName()), kafkaClients.consumerTlsStrimzi(storage.getClusterName()));
ClientUtils.waitForClientsSuccess(storage.getProducerName(), storage.getConsumerName(), storage.getNamespaceName(), MESSAGE_COUNT);
KafkaConnectUtils.waitForMessagesInKafkaConnectFileSink(storage.getNamespaceName(), kafkaConnectPodName, Constants.DEFAULT_SINK_FILE_PATH, "99");
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 93 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class HttpBridgeScramShaST method setUp.
@BeforeAll
void setUp(ExtensionContext extensionContext) {
LOGGER.info("Deploy Kafka and KafkaBridge before tests");
// Deploy kafka
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(httpBridgeScramShaClusterName, 1, 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationScramSha512Auth().endKafkaListenerAuthenticationScramSha512Auth().build()).endKafka().endSpec().build());
// Create Kafka user
KafkaUser scramShaUser = KafkaUserTemplates.scramShaUser(httpBridgeScramShaClusterName, USER_NAME).editMetadata().withNamespace(namespace).endMetadata().build();
resourceManager.createResource(extensionContext, scramShaUser);
// Initialize PasswordSecret to set this as PasswordSecret in Mirror Maker spec
PasswordSecretSource passwordSecret = new PasswordSecretSource();
passwordSecret.setSecretName(USER_NAME);
passwordSecret.setPassword("password");
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecret = new CertSecretSource();
certSecret.setCertificate("ca.crt");
certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(httpBridgeScramShaClusterName));
// Deploy http bridge
resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(httpBridgeScramShaClusterName, KafkaResources.tlsBootstrapAddress(httpBridgeScramShaClusterName), 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().withNewConsumer().addToConfig(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest").endConsumer().withNewKafkaClientAuthenticationScramSha512().withUsername(USER_NAME).withPasswordSecret(passwordSecret).endKafkaClientAuthenticationScramSha512().withNewTls().withTrustedCertificates(certSecret).endTls().endSpec().build());
kafkaBridgeClientJob = new BridgeClientsBuilder().withBootstrapAddress(KafkaBridgeResources.serviceName(httpBridgeScramShaClusterName)).withTopicName(TOPIC_NAME).withMessageCount(MESSAGE_COUNT).withPort(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNamespaceName(namespace).build();
}
Also used :
BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Example 94 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class HttpBridgeTlsST method setUp.
@BeforeAll
void setUp(ExtensionContext extensionContext) {
LOGGER.info("Deploy Kafka and KafkaBridge before tests");
sharedKafkaUserName = KafkaUserUtils.generateRandomNameOfKafkaUser();
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(httpBridgeTlsClusterName, 1, 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationTlsAuth().endKafkaListenerAuthenticationTlsAuth().build()).endKafka().endSpec().build());
// Create Kafka user
KafkaUser tlsUser = KafkaUserTemplates.tlsUser(namespace, httpBridgeTlsClusterName, sharedKafkaUserName).build();
resourceManager.createResource(extensionContext, tlsUser);
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecret = new CertSecretSource();
certSecret.setCertificate("ca.crt");
certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(httpBridgeTlsClusterName));
// Deploy http bridge
resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(httpBridgeTlsClusterName, KafkaResources.tlsBootstrapAddress(httpBridgeTlsClusterName), 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().withNewConsumer().addToConfig(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest").endConsumer().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(sharedKafkaUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withNewTls().withTrustedCertificates(certSecret).endTls().endSpec().build());
kafkaBridgeClientJob = new BridgeClientsBuilder().withBootstrapAddress(KafkaBridgeResources.serviceName(httpBridgeTlsClusterName)).withTopicName(TOPIC_NAME).withMessageCount(MESSAGE_COUNT).withPort(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNamespaceName(namespace).build();
}
Also used :
BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Example 95 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserUtils method waitForKafkaUserCreation.
public static void waitForKafkaUserCreation(String namespaceName, String userName) {
KafkaUser kafkaUser = KafkaUserResource.kafkaUserClient().inNamespace(namespaceName).withName(userName).get();
SecretUtils.waitForSecretReady(namespaceName, userName, () -> LOGGER.info(KafkaUserResource.kafkaUserClient().inNamespace(namespaceName).withName(userName).get()));
ResourceManager.waitForResourceStatus(KafkaUserResource.kafkaUserClient(), kafkaUser, Ready);
}
Also used :
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Aggregations
KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128
Test (org.junit.jupiter.api.Test)70
Secret (io.fabric8.kubernetes.api.model.Secret)68
KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44
CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44
SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44
HashSet (java.util.HashSet)44
KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42
Reconciliation (io.strimzi.operator.common.Reconciliation)42
Promise (io.vertx.core.Promise)42
Checkpoint (io.vertx.junit5.Checkpoint)40
CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40
KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36
CertManager (io.strimzi.certs.CertManager)36
KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36
SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36
Future (io.vertx.core.Future)36
