Example 11 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserModelTest method testFromCrdTlsUserWith64CharTlsUsernameValid.
@Test
public void testFromCrdTlsUserWith64CharTlsUsernameValid() {
// 64 characters => Should be still OK
KafkaUser notTooLong = new KafkaUserBuilder(tlsUser).editMetadata().withName("User123456789012345678901234567890123456789012345678901234567890").endMetadata().build();
KafkaUserModel.fromCrd(notTooLong, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
}
Also used :
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 12 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserModelTest method testFromCrdScramShaUserWithEmptyPasswordThrows.
@Test
public void testFromCrdScramShaUserWithEmptyPasswordThrows() {
KafkaUser emptyPassword = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
KafkaUserModel.fromCrd(emptyPassword, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
});
assertThat(e.getMessage(), is("Resource requests custom SCRAM-SHA-512 password but doesn't specify the secret name and/or key"));
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 13 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserModelTest method testFromCrdScramShaUserWithMissingPasswordKeyThrows.
@Test
public void testFromCrdScramShaUserWithMissingPasswordKeyThrows() {
KafkaUser missingKey = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef(null, "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
KafkaUserModel.fromCrd(missingKey, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
});
assertThat(e.getMessage(), is("Resource requests custom SCRAM-SHA-512 password but doesn't specify the secret name and/or key"));
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 14 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserModelTest method testGenerateSecretUpdatesPasswordWhenRequestedByTheUser.
@Test
public void testGenerateSecretUpdatesPasswordWhenRequestedByTheUser() {
Secret scramShaSecret = ResourceUtils.createUserSecretScramSha();
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").endMetadata().addToData("my-password", DESIRED_BASE64_PASSWORD).build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, scramShaSecret, desiredPasswordSecret);
Secret generated = model.generateSecret();
assertThat(model.getScramSha512Password(), is(DESIRED_PASSWORD));
assertThat(generated.getMetadata().getName(), is(ResourceUtils.NAME));
assertThat(generated.getMetadata().getNamespace(), is(ResourceUtils.NAMESPACE));
assertThat(generated.getMetadata().getLabels(), is(Labels.fromMap(ResourceUtils.LABELS).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withStrimziKind(KafkaUser.RESOURCE_KIND).toMap()));
assertThat(generated.getData().keySet(), is(new HashSet<>(Arrays.asList(KafkaUserModel.KEY_PASSWORD, KafkaUserModel.KEY_SASL_JAAS_CONFIG))));
assertThat(new String(Base64.getDecoder().decode(generated.getData().get(KafkaUserModel.KEY_PASSWORD))), is(DESIRED_PASSWORD));
assertThat(new String(Base64.getDecoder().decode(generated.getData().get(KafkaUserModel.KEY_SASL_JAAS_CONFIG))), is("org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + ResourceUtils.NAME + "\" password=\"" + DESIRED_PASSWORD + "\";"));
// Check owner reference
checkOwnerReference(model.createOwnerReference(), generated);
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Example 15 with KafkaUser
use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.
the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordWhenSpecified.
@Test
public void testGenerateSecretUseDesiredPasswordWhenSpecified() {
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").endMetadata().addToData("my-password", DESIRED_BASE64_PASSWORD).build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, desiredPasswordSecret);
Secret generatedSecret = model.generateSecret();
assertThat(model.getScramSha512Password(), is(DESIRED_PASSWORD));
assertThat(generatedSecret.getMetadata().getName(), is(ResourceUtils.NAME));
assertThat(generatedSecret.getMetadata().getNamespace(), is(ResourceUtils.NAMESPACE));
assertThat(generatedSecret.getMetadata().getLabels(), is(Labels.fromMap(ResourceUtils.LABELS).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
assertThat(generatedSecret.getData().keySet(), is(new HashSet<>(Arrays.asList(KafkaUserModel.KEY_PASSWORD, KafkaUserModel.KEY_SASL_JAAS_CONFIG))));
assertThat(new String(Base64.getDecoder().decode(generatedSecret.getData().get(KafkaUserModel.KEY_PASSWORD))), is(DESIRED_PASSWORD));
assertThat(new String(Base64.getDecoder().decode(generatedSecret.getData().get(KafkaUserModel.KEY_SASL_JAAS_CONFIG))), is("org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + ResourceUtils.NAME + "\" password=\"" + DESIRED_PASSWORD + "\";"));
// Check owner reference
checkOwnerReference(model.createOwnerReference(), generatedSecret);
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Aggregations
KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128
Test (org.junit.jupiter.api.Test)70
Secret (io.fabric8.kubernetes.api.model.Secret)68
KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44
CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44
SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44
HashSet (java.util.HashSet)44
KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42
Reconciliation (io.strimzi.operator.common.Reconciliation)42
Promise (io.vertx.core.Promise)42
Checkpoint (io.vertx.junit5.Checkpoint)40
CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40
KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36
CertManager (io.strimzi.certs.CertManager)36
KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36
SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36
Future (io.vertx.core.Future)36
