Example 1 with KafkaUserAuthorizationSimple
use of io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple in project strimzi-kafka-operator by strimzi.
the class KafkaUserModel method fromCrd.
/**
* Creates instance of KafkaUserModel from CRD definition.
*
* @param kafkaUser The Custom Resource based on which the model should be created.
* @param secretPrefix The prefix used to add to the name of the Secret generated from the KafkaUser resource.
* @param aclsAdminApiSupported Indicates whether Kafka Admin API can be used to manage ACL rights
* @param kraftEnabled Indicates whether KRaft is enabled in the Kafka cluster
*
* @return The user model.
*/
public static KafkaUserModel fromCrd(KafkaUser kafkaUser, String secretPrefix, boolean aclsAdminApiSupported, boolean kraftEnabled) {
KafkaUserModel result = new KafkaUserModel(kafkaUser.getMetadata().getNamespace(), kafkaUser.getMetadata().getName(), Labels.fromResource(kafkaUser).withStrimziKind(kafkaUser.getKind()), secretPrefix);
if (kafkaUser.getSpec().getAuthentication() != null && kafkaUser.getSpec().getAuthentication().getType().equals(KafkaUserScramSha512ClientAuthentication.TYPE_SCRAM_SHA_512)) {
if (kraftEnabled) {
throw new InvalidResourceException("SCRAM-SHA-512 authentication is currently not supported in KRaft based Kafka clusters.");
}
}
validateTlsUsername(kafkaUser);
validateDesiredPassword(kafkaUser);
result.setOwnerReference(kafkaUser);
result.setAuthentication(kafkaUser.getSpec().getAuthentication());
if (kafkaUser.getSpec().getAuthorization() != null && kafkaUser.getSpec().getAuthorization().getType().equals(KafkaUserAuthorizationSimple.TYPE_SIMPLE)) {
if (aclsAdminApiSupported) {
KafkaUserAuthorizationSimple simple = (KafkaUserAuthorizationSimple) kafkaUser.getSpec().getAuthorization();
result.setSimpleAclRules(simple.getAcls());
} else {
throw new InvalidResourceException("Simple authorization ACL rules are configured but not supported in the Kafka cluster configuration.");
}
}
result.setQuotas(kafkaUser.getSpec().getQuotas());
if (kafkaUser.getSpec().getTemplate() != null && kafkaUser.getSpec().getTemplate().getSecret() != null && kafkaUser.getSpec().getTemplate().getSecret().getMetadata() != null) {
result.templateSecretLabels = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getLabels();
result.templateSecretAnnotations = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getAnnotations();
}
return result;
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserAuthorizationSimple(io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple)
Example 2 with KafkaUserAuthorizationSimple
use of io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple in project strimzi by strimzi.
the class KafkaUserModel method fromCrd.
/**
* Creates instance of KafkaUserModel from CRD definition.
*
* @param kafkaUser The Custom Resource based on which the model should be created.
* @param secretPrefix The prefix used to add to the name of the Secret generated from the KafkaUser resource.
* @param aclsAdminApiSupported Indicates whether Kafka Admin API can be used to manage ACL rights
* @param kraftEnabled Indicates whether KRaft is enabled in the Kafka cluster
*
* @return The user model.
*/
public static KafkaUserModel fromCrd(KafkaUser kafkaUser, String secretPrefix, boolean aclsAdminApiSupported, boolean kraftEnabled) {
KafkaUserModel result = new KafkaUserModel(kafkaUser.getMetadata().getNamespace(), kafkaUser.getMetadata().getName(), Labels.fromResource(kafkaUser).withStrimziKind(kafkaUser.getKind()), secretPrefix);
if (kafkaUser.getSpec().getAuthentication() != null && kafkaUser.getSpec().getAuthentication().getType().equals(KafkaUserScramSha512ClientAuthentication.TYPE_SCRAM_SHA_512)) {
if (kraftEnabled) {
throw new InvalidResourceException("SCRAM-SHA-512 authentication is currently not supported in KRaft based Kafka clusters.");
}
}
validateTlsUsername(kafkaUser);
validateDesiredPassword(kafkaUser);
result.setOwnerReference(kafkaUser);
result.setAuthentication(kafkaUser.getSpec().getAuthentication());
if (kafkaUser.getSpec().getAuthorization() != null && kafkaUser.getSpec().getAuthorization().getType().equals(KafkaUserAuthorizationSimple.TYPE_SIMPLE)) {
if (aclsAdminApiSupported) {
KafkaUserAuthorizationSimple simple = (KafkaUserAuthorizationSimple) kafkaUser.getSpec().getAuthorization();
result.setSimpleAclRules(simple.getAcls());
} else {
throw new InvalidResourceException("Simple authorization ACL rules are configured but not supported in the Kafka cluster configuration.");
}
}
result.setQuotas(kafkaUser.getSpec().getQuotas());
if (kafkaUser.getSpec().getTemplate() != null && kafkaUser.getSpec().getTemplate().getSecret() != null && kafkaUser.getSpec().getTemplate().getSecret().getMetadata() != null) {
result.templateSecretLabels = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getLabels();
result.templateSecretAnnotations = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getAnnotations();
}
return result;
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserAuthorizationSimple(io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple)
Aggregations
KafkaUserAuthorizationSimple (io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple)2
InvalidResourceException (io.strimzi.operator.cluster.model.InvalidResourceException)2
