Examples with KafkaUser io.strimzi.api.kafka.model.KafkaUser used on opensource projects

Search in sources :

Example 16 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserModelTest method testGenerateSecretWithNoTlsAuthenticationKafkaUserReturnsNull.

@Test
public void testGenerateSecretWithNoTlsAuthenticationKafkaUserReturnsNull() {
    Secret userCert = ResourceUtils.createUserSecretTls();
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    user.setSpec(new KafkaUserSpec());
    KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
    assertThat(model.generateSecret(), is(nullValue()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) KafkaUserSpec(io.strimzi.api.kafka.model.KafkaUserSpec) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 17 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordSecretDoesNotExist.

@Test
public void testGenerateSecretUseDesiredPasswordSecretDoesNotExist() {
    KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
    KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED, false);
    InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
        model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, null);
    });
    assertThat(e.getMessage(), is("Secret my-secret with requested user password does not exist."));
}
Also used : InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 18 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class Main method run.

static Future<String> run(Vertx vertx, KubernetesClient client, AdminClientProvider adminClientProvider, UserOperatorConfig config) {
    Util.printEnvInfo();
    String dnsCacheTtl = System.getenv("STRIMZI_DNS_CACHE_TTL") == null ? "30" : System.getenv("STRIMZI_DNS_CACHE_TTL");
    Security.setProperty("networkaddress.cache.ttl", dnsCacheTtl);
    OpenSslCertManager certManager = new OpenSslCertManager();
    SecretOperator secretOperations = new SecretOperator(vertx, client);
    CrdOperator<KubernetesClient, KafkaUser, KafkaUserList> crdOperations = new CrdOperator<>(vertx, client, KafkaUser.class, KafkaUserList.class, KafkaUser.RESOURCE_KIND);
    return createAdminClient(adminClientProvider, config, secretOperations).compose(adminClient -> {
        SimpleAclOperator aclOperations = new SimpleAclOperator(vertx, adminClient);
        ScramCredentialsOperator scramCredentialsOperator = new ScramCredentialsOperator(vertx, adminClient);
        QuotasOperator quotasOperator = new QuotasOperator(vertx, adminClient);
        KafkaUserOperator kafkaUserOperations = new KafkaUserOperator(vertx, certManager, crdOperations, secretOperations, scramCredentialsOperator, quotasOperator, aclOperations, config);
        Promise<String> promise = Promise.promise();
        UserOperator operator = new UserOperator(config.getNamespace(), config, client, kafkaUserOperations);
        vertx.deployVerticle(operator, res -> {
            if (res.succeeded()) {
                LOGGER.info("User Operator verticle started in namespace {}", config.getNamespace());
            } else {
                LOGGER.error("User Operator verticle in namespace {} failed to start", config.getNamespace(), res.cause());
                System.exit(1);
            }
            promise.handle(res);
        });
        return promise.future();
    });
}
Also used : KafkaUserOperator(io.strimzi.operator.user.operator.KafkaUserOperator) DefaultKubernetesClient(io.fabric8.kubernetes.client.DefaultKubernetesClient) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) KafkaUserOperator(io.strimzi.operator.user.operator.KafkaUserOperator) KafkaUserList(io.strimzi.api.kafka.KafkaUserList) SimpleAclOperator(io.strimzi.operator.user.operator.SimpleAclOperator) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) QuotasOperator(io.strimzi.operator.user.operator.QuotasOperator) ScramCredentialsOperator(io.strimzi.operator.user.operator.ScramCredentialsOperator) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) KafkaUser(io.strimzi.api.kafka.model.KafkaUser)

Example 19 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class AllNamespaceIsolatedST method testUserInDifferentNamespace.

@IsolatedTest
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testUserInDifferentNamespace(ExtensionContext extensionContext) {
    final TestStorage testStorage = new TestStorage(extensionContext, SECOND_NAMESPACE);
    String startingNamespace = cluster.setNamespace(SECOND_NAMESPACE);
    KafkaUser user = KafkaUserTemplates.tlsUser(MAIN_NAMESPACE_CLUSTER_NAME, USER_NAME).build();
    resourceManager.createResource(extensionContext, user);
    Condition kafkaCondition = KafkaUserResource.kafkaUserClient().inNamespace(SECOND_NAMESPACE).withName(USER_NAME).get().getStatus().getConditions().get(0);
    LOGGER.info("KafkaUser condition status: {}", kafkaCondition.getStatus());
    LOGGER.info("KafkaUser condition type: {}", kafkaCondition.getType());
    assertThat(kafkaCondition.getType(), is(Ready.toString()));
    List<Secret> secretsOfSecondNamespace = kubeClient(SECOND_NAMESPACE).listSecrets();
    cluster.setNamespace(THIRD_NAMESPACE);
    for (Secret s : secretsOfSecondNamespace) {
        if (s.getMetadata().getName().equals(USER_NAME)) {
            LOGGER.info("Copying secret {} from namespace {} to namespace {}", s, SECOND_NAMESPACE, THIRD_NAMESPACE);
            copySecret(s, THIRD_NAMESPACE, USER_NAME);
        }
    }
    KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(TOPIC_NAME).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(MAIN_NAMESPACE_CLUSTER_NAME)).withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withNamespaceName(THIRD_NAMESPACE).withUserName(USER_NAME).build();
    resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(MAIN_NAMESPACE_CLUSTER_NAME), kafkaClients.consumerTlsStrimzi(MAIN_NAMESPACE_CLUSTER_NAME));
    ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), THIRD_NAMESPACE, MESSAGE_COUNT);
    cluster.setNamespace(startingNamespace);
}
Also used : Condition(io.strimzi.api.kafka.model.status.Condition) Secret(io.fabric8.kubernetes.api.model.Secret) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) TestStorage(io.strimzi.systemtest.storage.TestStorage) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported) IsolatedTest(io.strimzi.systemtest.annotations.IsolatedTest)

Example 20 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class UserST method testUpdateUser.

@ParallelTest
@Tag(ACCEPTANCE)
void testUpdateUser(ExtensionContext extensionContext) {
    String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(namespace, userClusterName, userName).build());
    String kafkaUserSecret = TestUtils.toJsonString(kubeClient(namespace).getSecret(userName));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['ca.crt']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['user.crt']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.data['user.key']", notNullValue()));
    assertThat(kafkaUserSecret, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserSecret, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    KafkaUser kUser = KafkaUserResource.kafkaUserClient().inNamespace(namespace).withName(userName).get();
    String kafkaUserAsJson = TestUtils.toJsonString(kUser);
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.spec.authentication.type", equalTo(Constants.TLS_LISTENER_DEFAULT_NAME)));
    long observedGeneration = KafkaUserResource.kafkaUserClient().inNamespace(namespace).withName(userName).get().getStatus().getObservedGeneration();
    KafkaUserResource.replaceUserResourceInSpecificNamespace(userName, ku -> {
        ku.getMetadata().setResourceVersion(null);
        ku.getSpec().setAuthentication(new KafkaUserScramSha512ClientAuthentication());
    }, namespace);
    KafkaUserUtils.waitForKafkaUserIncreaseObserverGeneration(namespace, observedGeneration, userName);
    KafkaUserUtils.waitForKafkaUserCreation(namespace, userName);
    String anotherKafkaUserSecret = TestUtils.toJsonString(kubeClient(namespace).getSecret(namespace, userName));
    assertThat(anotherKafkaUserSecret, hasJsonPath("$.data.password", notNullValue()));
    kUser = Crds.kafkaUserOperation(kubeClient().getClient()).inNamespace(namespace).withName(userName).get();
    kafkaUserAsJson = TestUtils.toJsonString(kUser);
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.name", equalTo(userName)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.metadata.namespace", equalTo(namespace)));
    assertThat(kafkaUserAsJson, hasJsonPath("$.spec.authentication.type", equalTo("scram-sha-512")));
    Crds.kafkaUserOperation(kubeClient().getClient()).inNamespace(namespace).delete(kUser);
    KafkaUserUtils.waitForKafkaUserDeletion(userName);
}
Also used : KafkaUserScramSha512ClientAuthentication(io.strimzi.api.kafka.model.KafkaUserScramSha512ClientAuthentication) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest) Tag(org.junit.jupiter.api.Tag)

Aggregations

KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128 Test (org.junit.jupiter.api.Test)70 Secret (io.fabric8.kubernetes.api.model.Secret)68 KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44 CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44 HashSet (java.util.HashSet)44 KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42 Reconciliation (io.strimzi.operator.common.Reconciliation)42 Promise (io.vertx.core.Promise)42 Checkpoint (io.vertx.junit5.Checkpoint)40 CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40 KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36 CertManager (io.strimzi.certs.CertManager)36 KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36 Future (io.vertx.core.Future)36
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial