Search in sources :

Example 16 with KafkaUserBuilder

use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaUserModelTest method testFromCrdTlsUserWith65CharTlsUsernameThrows.

@Test
public void testFromCrdTlsUserWith65CharTlsUsernameThrows() {
    KafkaUser tooLong = new KafkaUserBuilder(tlsUser).editMetadata().withName("User-123456789012345678901234567890123456789012345678901234567890").endMetadata().build();
    assertThrows(InvalidResourceException.class, () -> {
        // 65 characters => Should throw exception with TLS
        KafkaUserModel.fromCrd(tooLong, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
    });
}
Also used : KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 17 with KafkaUserBuilder

use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaUserOperatorTest method testCreateUserWithAclsDisabled.

@Test
public void testCreateUserWithAclsDisabled(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig(Map.of(), false, "12"));
    KafkaUser user = new KafkaUserBuilder().withNewMetadata().withName(ResourceUtils.NAME).withNamespace(ResourceUtils.NAMESPACE).endMetadata().withNewSpec().withNewKafkaUserTlsClientAuthentication().endKafkaUserTlsClientAuthentication().withNewQuotas().withConsumerByteRate(1024 * 1024).withProducerByteRate(1024 * 1024).endQuotas().endSpec().build();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    when(mockSecretOps.getAsync(anyString(), eq("user-cert"))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq("user-key"))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
        verify(aclOps, never()).reconcile(any(), any(), any());
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 18 with KafkaUserBuilder

use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaUserOperatorTest method testReconcileNewScramShaUserWithProvidedPassword.

@Test
public void testReconcileNewScramShaUserWithProvidedPassword(VertxTestContext context) {
    String desiredPassword = "12345678";
    KafkaUser user = new KafkaUserBuilder(ResourceUtils.createKafkaUserScramSha()).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
    Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").withNamespace(ResourceUtils.NAMESPACE).endMetadata().addToData("my-password", Base64.getEncoder().encodeToString(desiredPassword.getBytes(StandardCharsets.UTF_8))).build();
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> scramUserCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> scramPasswordCaptor = ArgumentCaptor.forClass(String.class);
    when(scramOps.reconcile(any(), scramUserCaptor.capture(), scramPasswordCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
    when(mockSecretOps.getAsync(anyString(), eq(desiredPasswordSecret.getMetadata().getName()))).thenReturn(Future.succeededFuture(desiredPasswordSecret));
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withStrimziKind(KafkaUser.RESOURCE_KIND).toMap()));
        assertThat(scramPasswordCaptor.getValue(), is(desiredPassword));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get(KafkaUserModel.KEY_PASSWORD))), is(desiredPassword));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        Set<SimpleAclRule> aclRules = capturedAcls.get(1);
        assertThat(aclRules, hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
        assertThat(aclRules, is(ResourceUtils.createExpectedSimpleAclRules(user)));
        assertThat(capturedAcls.get(0), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 19 with KafkaUserBuilder

use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi by strimzi.

the class KafkaUserOperatorTest method testReconcileTlsExternalUser.

@Test
public void testReconcileTlsExternalUser(VertxTestContext context) {
    KafkaUser user = new KafkaUserBuilder(ResourceUtils.createKafkaUserQuotas(1000000, 2000000, 55, 10.0)).editSpec().withNewKafkaUserTlsExternalClientAuthentication().endKafkaUserTlsExternalClientAuthentication().endSpec().build();
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
    when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> scramUserCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> scramPasswordCaptor = ArgumentCaptor.forClass(String.class);
    when(scramOps.reconcile(any(), scramUserCaptor.capture(), scramPasswordCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    ArgumentCaptor<String> quotasUserNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<KafkaUserQuotas> quotasCaptor = ArgumentCaptor.forClass(KafkaUserQuotas.class);
    when(quotasOps.reconcile(any(), quotasUserNameCaptor.capture(), quotasCaptor.capture())).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        assertThat(capturedSecrets.get(0), is(nullValue()));
        assertThat(scramUserCaptor.getValue(), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        assertThat(scramPasswordCaptor.getValue(), is(nullValue()));
        List<String> capturedAclNames = aclNameCaptor.getAllValues();
        assertThat(capturedAclNames, hasSize(2));
        assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
        assertThat(capturedAcls, hasSize(2));
        assertThat(capturedAcls.get(0), hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
        assertThat(capturedAcls.get(0), is(ResourceUtils.createExpectedSimpleAclRules(user)));
        assertThat(capturedAcls.get(1), is(nullValue()));
        List<String> capturedQuotasNames = quotasUserNameCaptor.getAllValues();
        assertThat(capturedQuotasNames, hasSize(2));
        assertThat(capturedQuotasNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
        assertThat(capturedQuotasNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
        List<KafkaUserQuotas> capturedQuotas = quotasCaptor.getAllValues();
        assertThat(capturedQuotas, hasSize(2));
        assertThat(capturedQuotas.get(0), is(notNullValue()));
        assertThat(capturedQuotas.get(0).getConsumerByteRate(), is(1000000));
        assertThat(capturedQuotas.get(0).getProducerByteRate(), is(2000000));
        assertThat(capturedQuotas.get(0).getRequestPercentage(), is(55));
        assertThat(capturedQuotas.get(0).getControllerMutationRate(), is(10.0));
        assertThat(capturedQuotas.get(1), is(nullValue()));
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) HashSet(java.util.HashSet) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Example 20 with KafkaUserBuilder

use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi by strimzi.

the class KafkaUserOperatorTest method testCreateUserWithAclsDisabled.

@Test
public void testCreateUserWithAclsDisabled(VertxTestContext context) {
    CrdOperator mockCrdOps = mock(CrdOperator.class);
    SecretOperator mockSecretOps = mock(SecretOperator.class);
    SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
    ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
    QuotasOperator quotasOps = mock(QuotasOperator.class);
    ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
    KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig(Map.of(), false, "12"));
    KafkaUser user = new KafkaUserBuilder().withNewMetadata().withName(ResourceUtils.NAME).withNamespace(ResourceUtils.NAMESPACE).endMetadata().withNewSpec().withNewKafkaUserTlsClientAuthentication().endKafkaUserTlsClientAuthentication().withNewQuotas().withConsumerByteRate(1024 * 1024).withProducerByteRate(1024 * 1024).endQuotas().endSpec().build();
    Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
    Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
    when(mockSecretOps.getAsync(anyString(), eq("user-cert"))).thenReturn(Future.succeededFuture(clientsCa));
    when(mockSecretOps.getAsync(anyString(), eq("user-key"))).thenReturn(Future.succeededFuture(clientsCaKey));
    when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
    when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
    when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
    Checkpoint async = context.checkpoint();
    op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> capturedNames = secretNameCaptor.getAllValues();
        assertThat(capturedNames, hasSize(1));
        assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
        List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
        assertThat(capturedNamespaces, hasSize(1));
        assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
        List<Secret> capturedSecrets = secretCaptor.getAllValues();
        assertThat(capturedSecrets, hasSize(1));
        Secret captured = capturedSecrets.get(0);
        assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
        assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
        assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
        assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
        verify(aclOps, never()).reconcile(any(), any(), any());
        async.flag();
    })));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BeforeAll(org.junit.jupiter.api.BeforeAll) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) VertxOptions(io.vertx.core.VertxOptions) Set(java.util.Set) VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions) VertxExtension(io.vertx.junit5.VertxExtension) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) Future(io.vertx.core.Future) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) Labels(io.strimzi.operator.common.model.Labels) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) Checkpoint(io.vertx.junit5.Checkpoint) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) Mockito.mock(org.mockito.Mockito.mock) VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CertManager(io.strimzi.certs.CertManager) HashSet(java.util.HashSet) ResourceUtils(io.strimzi.operator.user.ResourceUtils) ArgumentCaptor(org.mockito.ArgumentCaptor) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) Promise(io.vertx.core.Promise) Vertx(io.vertx.core.Vertx) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) Mockito.when(org.mockito.Mockito.when) KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel) Mockito.verify(org.mockito.Mockito.verify) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) Checkpoint(io.vertx.junit5.Checkpoint) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) Test(org.junit.jupiter.api.Test)

Aggregations

KafkaUser (io.strimzi.api.kafka.model.KafkaUser)30 KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)30 Test (org.junit.jupiter.api.Test)30 Secret (io.fabric8.kubernetes.api.model.Secret)16 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)14 InvalidResourceException (io.strimzi.operator.cluster.model.InvalidResourceException)10 HashSet (java.util.HashSet)10 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)6 KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)6 KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)6 CertManager (io.strimzi.certs.CertManager)6 Reconciliation (io.strimzi.operator.common.Reconciliation)6 Labels (io.strimzi.operator.common.model.Labels)6 MockCertManager (io.strimzi.operator.common.operator.MockCertManager)6 CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)6 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)6 ResourceUtils (io.strimzi.operator.user.ResourceUtils)6 KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)6 SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)6 Future (io.vertx.core.Future)6