Examples with KafkaUser io.strimzi.api.kafka.model.KafkaUser used on opensource projects

Search in sources :

Example 26 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class ConnectIsolatedST method testKafkaConnectWithScramShaAuthenticationRolledAfterPasswordChanged.

@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test class")
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
// changing the password in secret should cause the RU of connect pod
void testKafkaConnectWithScramShaAuthenticationRolledAfterPasswordChanged(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(clusterOperator.getDeploymentNamespace(), extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.PLAIN_LISTENER_DEFAULT_NAME).withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
    Secret passwordSecret = new SecretBuilder().withNewMetadata().withName("custom-pwd-secret").endMetadata().addToData("pwd", "MTIzNDU2Nzg5").build();
    kubeClient(namespaceName).createSecret(passwordSecret);
    KafkaUser kafkaUser = KafkaUserTemplates.scramShaUser(clusterName, userName).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("pwd", "custom-pwd-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
    resourceManager.createResource(extensionContext, kafkaUser);
    resourceManager.createResource(extensionContext, KafkaUserTemplates.scramShaUser(clusterName, userName).build());
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnect(clusterName, 1).withNewSpec().withBootstrapServers(KafkaResources.plainBootstrapAddress(clusterName)).withNewKafkaClientAuthenticationScramSha512().withUsername(userName).withPasswordSecret(new PasswordSecretSourceBuilder().withSecretName(userName).withPassword("password").build()).endKafkaClientAuthenticationScramSha512().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withVersion(Environment.ST_KAFKA_VERSION).withReplicas(1).endSpec().build());
    final String kafkaConnectPodName = kubeClient(namespaceName).listPodsByPrefixInName(KafkaConnectResources.deploymentName(clusterName)).get(0).getMetadata().getName();
    KafkaConnectUtils.waitUntilKafkaConnectRestApiIsAvailable(namespaceName, kafkaConnectPodName);
    Map<String, String> connectSnapshot = DeploymentUtils.depSnapshot(namespaceName, KafkaConnectResources.deploymentName(clusterName));
    String newPassword = "bmVjb0ppbmVob05lelNwcmF2bnlQYXNzd29yZA==";
    Secret newPasswordSecret = new SecretBuilder().withNewMetadata().withName("new-custom-pwd-secret").endMetadata().addToData("pwd", newPassword).build();
    kubeClient(namespaceName).createSecret(newPasswordSecret);
    kafkaUser = KafkaUserTemplates.scramShaUser(clusterName, userName).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("pwd", "new-custom-pwd-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
    resourceManager.createResource(extensionContext, kafkaUser);
    DeploymentUtils.waitTillDepHasRolled(namespaceName, KafkaConnectResources.deploymentName(clusterName), 1, connectSnapshot);
    final String kafkaConnectPodNameAfterRU = kubeClient(namespaceName).listPodsByPrefixInName(KafkaConnectResources.deploymentName(clusterName)).get(0).getMetadata().getName();
    KafkaConnectUtils.waitUntilKafkaConnectRestApiIsAvailable(namespaceName, kafkaConnectPodNameAfterRU);
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Matchers.containsString(org.hamcrest.Matchers.containsString) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) PasswordSecretSourceBuilder(io.strimzi.api.kafka.model.PasswordSecretSourceBuilder) KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 27 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class ConnectIsolatedST method testSecretsWithKafkaConnectWithTlsAndScramShaAuthentication.

@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test class")
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testSecretsWithKafkaConnectWithTlsAndScramShaAuthentication(ExtensionContext extensionContext) {
    TestStorage storage = new TestStorage(extensionContext);
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(storage.getClusterName(), 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
    KafkaUser kafkaUser = KafkaUserTemplates.scramShaUser(storage.getClusterName(), storage.getUserName()).build();
    resourceManager.createResource(extensionContext, kafkaUser);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(storage.getClusterName(), storage.getTopicName()).build());
    KafkaConnect connect = KafkaConnectTemplates.kafkaConnectWithFilePlugin(storage.getNamespaceName(), storage.getClusterName(), 1).editSpec().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewTls().addNewTrustedCertificate().withSecretName(storage.getClusterName() + "-cluster-ca-cert").withCertificate("ca.crt").endTrustedCertificate().endTls().withBootstrapServers(storage.getClusterName() + "-kafka-bootstrap:9093").withNewKafkaClientAuthenticationScramSha512().withUsername(storage.getUserName()).withNewPasswordSecret().withSecretName(storage.getUserName()).withPassword("password").endPasswordSecret().endKafkaClientAuthenticationScramSha512().endSpec().build();
    resourceManager.createResource(extensionContext, connect, ScraperTemplates.scraperPod(storage.getNamespaceName(), storage.getScraperName()).build());
    LOGGER.info("Deploy NetworkPolicies for KafkaConnect");
    NetworkPolicyResource.deployNetworkPolicyForResource(extensionContext, connect, KafkaConnectResources.deploymentName(storage.getClusterName()));
    final String kafkaConnectPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(KafkaConnectResources.deploymentName(storage.getClusterName())).get(0).getMetadata().getName();
    final String kafkaConnectLogs = kubeClient(storage.getNamespaceName()).logs(kafkaConnectPodName);
    final String scraperPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(storage.getScraperName()).get(0).getMetadata().getName();
    LOGGER.info("Verifying that KafkaConnect pod logs don't contain ERRORs");
    assertThat(kafkaConnectLogs, not(containsString("ERROR")));
    LOGGER.info("Creating FileStreamSink connector via pod {} with topic {}", scraperPodName, storage.getTopicName());
    KafkaConnectorUtils.createFileSinkConnector(storage.getNamespaceName(), scraperPodName, storage.getTopicName(), Constants.DEFAULT_SINK_FILE_PATH, KafkaConnectResources.url(storage.getClusterName(), storage.getNamespaceName(), 8083));
    KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(storage.getTopicName()).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(storage.getClusterName())).withProducerName(storage.getProducerName()).withConsumerName(storage.getConsumerName()).withNamespaceName(storage.getNamespaceName()).withUserName(storage.getUserName()).build();
    resourceManager.createResource(extensionContext, kafkaClients.producerScramShaTlsStrimzi(storage.getClusterName()), kafkaClients.consumerScramShaTlsStrimzi(storage.getClusterName()));
    ClientUtils.waitForClientsSuccess(storage.getProducerName(), storage.getConsumerName(), storage.getNamespaceName(), MESSAGE_COUNT);
    KafkaConnectUtils.waitForMessagesInKafkaConnectFileSink(storage.getNamespaceName(), kafkaConnectPodName, Constants.DEFAULT_SINK_FILE_PATH, "99");
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) TestStorage(io.strimzi.systemtest.storage.TestStorage) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) Matchers.containsString(org.hamcrest.Matchers.containsString) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 28 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testUpdateUserNoAuthenticationAndNoAuthorization.

/**
 * Tests what happens when the TlsClientAuthentication and SimpleAuthorization are disabled for the user
 * (delete entries from the spec of the KafkaUser resource)
 */
@Test
public void testUpdateUserNoAuthenticationAndNoAuthorization(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    user.getSpec().setAuthorization(null);
    user.getSpec().setAuthentication(null);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured, is(nullValue()));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        assertThat(capturedAcls.get(0), is(nullValue()));
        assertThat(capturedAcls.get(1), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 29 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testReconcileNewTlsUser.

@Test
public void testReconcileNewTlsUser(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        Set<SimpleAclRule> aclRules = capturedAcls.get(0);
        assertThat(aclRules, hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
        assertThat(aclRules, is(ResourceUtils.createExpectedSimpleAclRules(user)));
        assertThat(capturedAcls.get(1), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 30 with KafkaUser

use of io.strimzi.api.kafka.model.KafkaUser in project strimzi by strimzi.

the class KafkaUserOperatorTest method testReconcileDeleteTlsUser.

@Test
public void testReconcileDeleteTlsUser(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    KafkaUser user = ResourceUtils.createKafkaUserTls();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret userCert = ResourceUtils.createUserSecretTls();
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), isNull())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), isNull())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.get(eq(clientsCa.getMetadata().getNamespace()), eq(clientsCa.getMetadata().getName()))).thenReturn(clientsCa);
    when(mockSecretOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(userCert);
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(null);
    when(quotasOps.reconcile(any(), anyString(), eq(null))).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Aggregations

KafkaUser (io.strimzi.api.kafka.model.KafkaUser)128 Test (org.junit.jupiter.api.Test)70 Secret (io.fabric8.kubernetes.api.model.Secret)68 KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)58 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)56 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)44 CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)44 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)44 HashSet (java.util.HashSet)44 KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)42 Reconciliation (io.strimzi.operator.common.Reconciliation)42 Promise (io.vertx.core.Promise)42 Checkpoint (io.vertx.junit5.Checkpoint)40 CopyOnWriteArraySet (java.util.concurrent.CopyOnWriteArraySet)40 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)40 KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)36 CertManager (io.strimzi.certs.CertManager)36 KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)36 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)36 Future (io.vertx.core.Future)36
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial