Example 26 with KafkaUserBuilder
use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testFromCrdTlsUserWith64CharTlsUsernameValid.
@Test
public void testFromCrdTlsUserWith64CharTlsUsernameValid() {
// 64 characters => Should be still OK
KafkaUser notTooLong = new KafkaUserBuilder(tlsUser).editMetadata().withName("User123456789012345678901234567890123456789012345678901234567890").endMetadata().build();
KafkaUserModel.fromCrd(notTooLong, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
}
Also used :
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 27 with KafkaUserBuilder
use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordSecretDoesNotExist.
@Test
public void testGenerateSecretUseDesiredPasswordSecretDoesNotExist() {
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, null);
});
assertThat(e.getMessage(), is("Secret my-secret with requested user password does not exist."));
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 28 with KafkaUserBuilder
use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testFromCrdScramShaUserWithMissingPasswordKeyThrows.
@Test
public void testFromCrdScramShaUserWithMissingPasswordKeyThrows() {
KafkaUser missingKey = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef(null, "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
KafkaUserModel.fromCrd(missingKey, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
});
assertThat(e.getMessage(), is("Resource requests custom SCRAM-SHA-512 password but doesn't specify the secret name and/or key"));
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 29 with KafkaUserBuilder
use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testGenerateSecretWithMetadataOverrides.
@Test
public void testGenerateSecretWithMetadataOverrides() {
KafkaUser userWithTemplate = new KafkaUserBuilder(tlsUser).editSpec().withNewTemplate().withNewSecret().withNewMetadata().withLabels(singletonMap("label1", "value1")).withAnnotations(singletonMap("anno1", "value1")).endMetadata().endSecret().endTemplate().endSpec().build();
KafkaUserModel model = KafkaUserModel.fromCrd(userWithTemplate, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
model.maybeGenerateCertificates(Reconciliation.DUMMY_RECONCILIATION, mockCertManager, passwordGenerator, clientsCaCert, clientsCaKey, null, 365, 30);
Secret generatedSecret = model.generateSecret();
assertThat(generatedSecret.getData().keySet(), is(set("ca.crt", "user.crt", "user.key", "user.p12", "user.password")));
assertThat(generatedSecret.getMetadata().getName(), is(ResourceUtils.NAME));
assertThat(generatedSecret.getMetadata().getNamespace(), is(ResourceUtils.NAMESPACE));
assertThat(generatedSecret.getMetadata().getLabels(), is(Labels.fromMap(ResourceUtils.LABELS).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withAdditionalLabels(singletonMap("label1", "value1")).toMap()));
assertThat(generatedSecret.getMetadata().getAnnotations(), is(singletonMap("anno1", "value1")));
// Check owner reference
checkOwnerReference(model.createOwnerReference(), generatedSecret);
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 30 with KafkaUserBuilder
use of io.strimzi.api.kafka.model.KafkaUserBuilder in project strimzi-kafka-operator by strimzi.
the class KafkaUserOperatorTest method testReconcileTlsExternalUser.
@Test
public void testReconcileTlsExternalUser(VertxTestContext context) {
KafkaUser user = new KafkaUserBuilder(ResourceUtils.createKafkaUserQuotas(1000000, 2000000, 55, 10.0)).editSpec().withNewKafkaUserTlsExternalClientAuthentication().endKafkaUserTlsExternalClientAuthentication().endSpec().build();
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> scramUserCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> scramPasswordCaptor = ArgumentCaptor.forClass(String.class);
when(scramOps.reconcile(any(), scramUserCaptor.capture(), scramPasswordCaptor.capture())).thenReturn(Future.succeededFuture());
when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> quotasUserNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<KafkaUserQuotas> quotasCaptor = ArgumentCaptor.forClass(KafkaUserQuotas.class);
when(quotasOps.reconcile(any(), quotasUserNameCaptor.capture(), quotasCaptor.capture())).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
assertThat(capturedSecrets.get(0), is(nullValue()));
assertThat(scramUserCaptor.getValue(), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
assertThat(scramPasswordCaptor.getValue(), is(nullValue()));
List<String> capturedAclNames = aclNameCaptor.getAllValues();
assertThat(capturedAclNames, hasSize(2));
assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
assertThat(capturedAcls, hasSize(2));
assertThat(capturedAcls.get(0), hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
assertThat(capturedAcls.get(0), is(ResourceUtils.createExpectedSimpleAclRules(user)));
assertThat(capturedAcls.get(1), is(nullValue()));
List<String> capturedQuotasNames = quotasUserNameCaptor.getAllValues();
assertThat(capturedQuotasNames, hasSize(2));
assertThat(capturedQuotasNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedQuotasNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<KafkaUserQuotas> capturedQuotas = quotasCaptor.getAllValues();
assertThat(capturedQuotas, hasSize(2));
assertThat(capturedQuotas.get(0), is(notNullValue()));
assertThat(capturedQuotas.get(0).getConsumerByteRate(), is(1000000));
assertThat(capturedQuotas.get(0).getProducerByteRate(), is(2000000));
assertThat(capturedQuotas.get(0).getRequestPercentage(), is(55));
assertThat(capturedQuotas.get(0).getControllerMutationRate(), is(10.0));
assertThat(capturedQuotas.get(1), is(nullValue()));
async.flag();
})));
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
Arrays(java.util.Arrays)
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
AfterAll(org.junit.jupiter.api.AfterAll)
MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Arrays.asList(java.util.Arrays.asList)
Map(java.util.Map)
KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
VertxOptions(io.vertx.core.VertxOptions)
Set(java.util.Set)
VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions)
VertxExtension(io.vertx.junit5.VertxExtension)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
Future(io.vertx.core.Future)
StandardCharsets(java.nio.charset.StandardCharsets)
Test(org.junit.jupiter.api.Test)
Base64(java.util.Base64)
List(java.util.List)
KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas)
Labels(io.strimzi.operator.common.model.Labels)
Secret(io.fabric8.kubernetes.api.model.Secret)
Optional(java.util.Optional)
Checkpoint(io.vertx.junit5.Checkpoint)
MockCertManager(io.strimzi.operator.common.operator.MockCertManager)
Mockito.mock(org.mockito.Mockito.mock)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
CertManager(io.strimzi.certs.CertManager)
HashSet(java.util.HashSet)
ResourceUtils(io.strimzi.operator.user.ResourceUtils)
ArgumentCaptor(org.mockito.ArgumentCaptor)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Promise(io.vertx.core.Promise)
Vertx(io.vertx.core.Vertx)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
Mockito.when(org.mockito.Mockito.when)
KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel)
Mockito.verify(org.mockito.Mockito.verify)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Mockito.never(org.mockito.Mockito.never)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Set(java.util.Set)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
HashSet(java.util.HashSet)
KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
Checkpoint(io.vertx.junit5.Checkpoint)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Reconciliation(io.strimzi.operator.common.Reconciliation)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Aggregations
KafkaUser (io.strimzi.api.kafka.model.KafkaUser)30
KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)30
Test (org.junit.jupiter.api.Test)30
Secret (io.fabric8.kubernetes.api.model.Secret)16
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)14
InvalidResourceException (io.strimzi.operator.cluster.model.InvalidResourceException)10
HashSet (java.util.HashSet)10
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)6
KafkaUserQuotas (io.strimzi.api.kafka.model.KafkaUserQuotas)6
KafkaUserStatus (io.strimzi.api.kafka.model.status.KafkaUserStatus)6
CertManager (io.strimzi.certs.CertManager)6
Reconciliation (io.strimzi.operator.common.Reconciliation)6
Labels (io.strimzi.operator.common.model.Labels)6
MockCertManager (io.strimzi.operator.common.operator.MockCertManager)6
CrdOperator (io.strimzi.operator.common.operator.resource.CrdOperator)6
SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)6
ResourceUtils (io.strimzi.operator.user.ResourceUtils)6
KafkaUserModel (io.strimzi.operator.user.model.KafkaUserModel)6
SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)6
Future (io.vertx.core.Future)6
