Examples with KafkaUserTlsClientAuthentication io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication used on opensource projects

Search in sources :

Example 1 with KafkaUserTlsClientAuthentication

use of io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication in project strimzi by strimzi.

the class KafkaClientsTemplates method createClientSpec.

private static PodSpec createClientSpec(String namespaceName, boolean tlsListener, String kafkaClientsName, boolean hostnameVerification, String listenerName, String secretPrefix, KafkaUser... kafkaUsers) {
    PodSpecBuilder podSpecBuilder = new PodSpecBuilder();
    if (Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET != null && !Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET.isEmpty()) {
        List<LocalObjectReference> imagePullSecrets = Collections.singletonList(new LocalObjectReference(Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET));
        podSpecBuilder.withImagePullSecrets(imagePullSecrets);
    }
    ContainerBuilder containerBuilder = new ContainerBuilder().withName(kafkaClientsName).withImage(Environment.TEST_CLIENT_IMAGE).withCommand("sleep").withArgs("infinity").withImagePullPolicy(Environment.COMPONENTS_IMAGE_PULL_POLICY);
    String producerConfiguration = ProducerConfig.ACKS_CONFIG + "=all\n";
    String consumerConfiguration = ConsumerConfig.AUTO_OFFSET_RESET_CONFIG + "=earliest\n";
    if (kafkaUsers == null) {
        containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION").withValue(producerConfiguration).endEnv();
        containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION").withValue(consumerConfiguration).endEnv();
    } else {
        for (KafkaUser kafkaUser : kafkaUsers) {
            String kafkaUserName = secretPrefix == null ? kafkaUser.getMetadata().getName() : secretPrefix + kafkaUser.getMetadata().getName();
            boolean tlsUser = kafkaUser.getSpec() != null && kafkaUser.getSpec().getAuthentication() instanceof KafkaUserTlsClientAuthentication;
            boolean scramShaUser = kafkaUser.getSpec() != null && kafkaUser.getSpec().getAuthentication() instanceof KafkaUserScramSha512ClientAuthentication;
            containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION").withValue(producerConfiguration).endEnv();
            containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION").withValue(consumerConfiguration).endEnv();
            String envVariablesSuffix = String.format("_%s", kafkaUserName.replace("-", "_"));
            containerBuilder.addNewEnv().withName("KAFKA_USER" + envVariablesSuffix).withValue(kafkaUserName).endEnv();
            if (tlsListener) {
                if (scramShaUser) {
                    producerConfiguration += "security.protocol=SASL_SSL\n";
                    producerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                    consumerConfiguration += "security.protocol=SASL_SSL\n";
                    consumerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                } else {
                    producerConfiguration += "security.protocol=SSL\n";
                    consumerConfiguration += "security.protocol=SSL\n";
                }
                producerConfiguration += SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-truststore.p12\n" + SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG + "=pkcs12\n";
                consumerConfiguration += SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-truststore.p12\n" + SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG + "=pkcs12\n";
            } else {
                if (scramShaUser) {
                    producerConfiguration += "security.protocol=SASL_PLAINTEXT\n";
                    producerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                    consumerConfiguration += "security.protocol=SASL_PLAINTEXT\n";
                    consumerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                } else {
                    producerConfiguration += "security.protocol=PLAINTEXT\n";
                    consumerConfiguration += "security.protocol=PLAINTEXT\n";
                }
            }
            if (tlsUser) {
                producerConfiguration += SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-keystore.p12\n" + SslConfigs.SSL_KEYSTORE_TYPE_CONFIG + "=pkcs12\n";
                consumerConfiguration += SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-keystore.p12\n" + SslConfigs.SSL_KEYSTORE_TYPE_CONFIG + "=pkcs12\n";
                containerBuilder.addNewEnv().withName("PRODUCER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CONSUMER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv();
                String userSecretVolumeName = "tls-cert-" + kafkaUserName;
                String userSecretMountPoint = "/opt/kafka/user-secret-" + kafkaUserName;
                containerBuilder.addNewVolumeMount().withName(userSecretVolumeName).withMountPath(userSecretMountPoint).endVolumeMount().addNewEnv().withName("USER_LOCATION" + envVariablesSuffix).withValue(userSecretMountPoint).endEnv();
                podSpecBuilder.addNewVolume().withName(userSecretVolumeName).withNewSecret().withSecretName(kafkaUserName).endSecret().endVolume();
            }
            if (tlsListener) {
                String clusterName = kafkaUser.getMetadata().getLabels().get(Labels.STRIMZI_CLUSTER_LABEL);
                String clusterNamespace = KafkaResource.kafkaClient().inAnyNamespace().list().getItems().stream().filter(kafka -> kafka.getMetadata().getName().equals(clusterName)).findFirst().orElseThrow().getMetadata().getNamespace();
                String clusterCaSecretName = KafkaUtils.getKafkaTlsListenerCaCertName(clusterNamespace, clusterName, listenerName);
                String clusterCaSecretVolumeName = "ca-cert-" + kafkaUserName;
                String caSecretMountPoint = "/opt/kafka/cluster-ca-" + kafkaUserName;
                containerBuilder.addNewVolumeMount().withName(clusterCaSecretVolumeName).withMountPath(caSecretMountPoint).endVolumeMount().addNewEnv().withName("PRODUCER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CONSUMER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CA_LOCATION" + envVariablesSuffix).withValue(caSecretMountPoint).endEnv().addNewEnv().withName("TRUSTSTORE_LOCATION" + envVariablesSuffix).withValue("/tmp/" + kafkaUserName + "-truststore.p12").endEnv();
                if (tlsUser) {
                    containerBuilder.addNewEnv().withName("KEYSTORE_LOCATION" + envVariablesSuffix).withValue("/tmp/" + kafkaUserName + "-keystore.p12").endEnv();
                }
                podSpecBuilder.addNewVolume().withName(clusterCaSecretVolumeName).withNewSecret().withSecretName(clusterCaSecretName).endSecret().endVolume();
            }
            if (!hostnameVerification) {
                producerConfiguration += SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG + "=";
                consumerConfiguration += SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG + "=";
            }
            containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION" + envVariablesSuffix).withValue(producerConfiguration).endEnv();
            containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION" + envVariablesSuffix).withValue(consumerConfiguration).endEnv();
            containerBuilder.withResources(new ResourceRequirementsBuilder().addToRequests("memory", new Quantity("200M")).build());
        }
    }
    return podSpecBuilder.withContainers(containerBuilder.build()).build();
}
Also used : PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder) KafkaUserTlsClientAuthentication(io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication) ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) TestUtils.toYamlString(io.strimzi.test.TestUtils.toYamlString) KafkaUserScramSha512ClientAuthentication(io.strimzi.api.kafka.model.KafkaUserScramSha512ClientAuthentication) KafkaUser(io.strimzi.api.kafka.model.KafkaUser)

Example 2 with KafkaUserTlsClientAuthentication

use of io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication in project strimzi-kafka-operator by strimzi.

the class KafkaClientsTemplates method createClientSpec.

private static PodSpec createClientSpec(String namespaceName, boolean tlsListener, String kafkaClientsName, boolean hostnameVerification, String listenerName, String secretPrefix, KafkaUser... kafkaUsers) {
    PodSpecBuilder podSpecBuilder = new PodSpecBuilder();
    if (Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET != null && !Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET.isEmpty()) {
        List<LocalObjectReference> imagePullSecrets = Collections.singletonList(new LocalObjectReference(Environment.SYSTEM_TEST_STRIMZI_IMAGE_PULL_SECRET));
        podSpecBuilder.withImagePullSecrets(imagePullSecrets);
    }
    ContainerBuilder containerBuilder = new ContainerBuilder().withName(kafkaClientsName).withImage(Environment.TEST_CLIENT_IMAGE).withCommand("sleep").withArgs("infinity").withImagePullPolicy(Environment.COMPONENTS_IMAGE_PULL_POLICY);
    String producerConfiguration = ProducerConfig.ACKS_CONFIG + "=all\n";
    String consumerConfiguration = ConsumerConfig.AUTO_OFFSET_RESET_CONFIG + "=earliest\n";
    if (kafkaUsers == null) {
        containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION").withValue(producerConfiguration).endEnv();
        containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION").withValue(consumerConfiguration).endEnv();
    } else {
        for (KafkaUser kafkaUser : kafkaUsers) {
            String kafkaUserName = secretPrefix == null ? kafkaUser.getMetadata().getName() : secretPrefix + kafkaUser.getMetadata().getName();
            boolean tlsUser = kafkaUser.getSpec() != null && kafkaUser.getSpec().getAuthentication() instanceof KafkaUserTlsClientAuthentication;
            boolean scramShaUser = kafkaUser.getSpec() != null && kafkaUser.getSpec().getAuthentication() instanceof KafkaUserScramSha512ClientAuthentication;
            containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION").withValue(producerConfiguration).endEnv();
            containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION").withValue(consumerConfiguration).endEnv();
            String envVariablesSuffix = String.format("_%s", kafkaUserName.replace("-", "_"));
            containerBuilder.addNewEnv().withName("KAFKA_USER" + envVariablesSuffix).withValue(kafkaUserName).endEnv();
            if (tlsListener) {
                if (scramShaUser) {
                    producerConfiguration += "security.protocol=SASL_SSL\n";
                    producerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                    consumerConfiguration += "security.protocol=SASL_SSL\n";
                    consumerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                } else {
                    producerConfiguration += "security.protocol=SSL\n";
                    consumerConfiguration += "security.protocol=SSL\n";
                }
                producerConfiguration += SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-truststore.p12\n" + SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG + "=pkcs12\n";
                consumerConfiguration += SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-truststore.p12\n" + SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG + "=pkcs12\n";
            } else {
                if (scramShaUser) {
                    producerConfiguration += "security.protocol=SASL_PLAINTEXT\n";
                    producerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                    consumerConfiguration += "security.protocol=SASL_PLAINTEXT\n";
                    consumerConfiguration += saslConfigs(namespaceName, kafkaUser, secretPrefix);
                } else {
                    producerConfiguration += "security.protocol=PLAINTEXT\n";
                    consumerConfiguration += "security.protocol=PLAINTEXT\n";
                }
            }
            if (tlsUser) {
                producerConfiguration += SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-keystore.p12\n" + SslConfigs.SSL_KEYSTORE_TYPE_CONFIG + "=pkcs12\n";
                consumerConfiguration += SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG + "=/tmp/" + kafkaUserName + "-keystore.p12\n" + SslConfigs.SSL_KEYSTORE_TYPE_CONFIG + "=pkcs12\n";
                containerBuilder.addNewEnv().withName("PRODUCER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CONSUMER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv();
                String userSecretVolumeName = "tls-cert-" + kafkaUserName;
                String userSecretMountPoint = "/opt/kafka/user-secret-" + kafkaUserName;
                containerBuilder.addNewVolumeMount().withName(userSecretVolumeName).withMountPath(userSecretMountPoint).endVolumeMount().addNewEnv().withName("USER_LOCATION" + envVariablesSuffix).withValue(userSecretMountPoint).endEnv();
                podSpecBuilder.addNewVolume().withName(userSecretVolumeName).withNewSecret().withSecretName(kafkaUserName).endSecret().endVolume();
            }
            if (tlsListener) {
                String clusterName = kafkaUser.getMetadata().getLabels().get(Labels.STRIMZI_CLUSTER_LABEL);
                String clusterNamespace = KafkaResource.kafkaClient().inAnyNamespace().list().getItems().stream().filter(kafka -> kafka.getMetadata().getName().equals(clusterName)).findFirst().orElseThrow().getMetadata().getNamespace();
                String clusterCaSecretName = KafkaUtils.getKafkaTlsListenerCaCertName(clusterNamespace, clusterName, listenerName);
                String clusterCaSecretVolumeName = "ca-cert-" + kafkaUserName;
                String caSecretMountPoint = "/opt/kafka/cluster-ca-" + kafkaUserName;
                containerBuilder.addNewVolumeMount().withName(clusterCaSecretVolumeName).withMountPath(caSecretMountPoint).endVolumeMount().addNewEnv().withName("PRODUCER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CONSUMER_TLS" + envVariablesSuffix).withValue("TRUE").endEnv().addNewEnv().withName("CA_LOCATION" + envVariablesSuffix).withValue(caSecretMountPoint).endEnv().addNewEnv().withName("TRUSTSTORE_LOCATION" + envVariablesSuffix).withValue("/tmp/" + kafkaUserName + "-truststore.p12").endEnv();
                if (tlsUser) {
                    containerBuilder.addNewEnv().withName("KEYSTORE_LOCATION" + envVariablesSuffix).withValue("/tmp/" + kafkaUserName + "-keystore.p12").endEnv();
                }
                podSpecBuilder.addNewVolume().withName(clusterCaSecretVolumeName).withNewSecret().withSecretName(clusterCaSecretName).endSecret().endVolume();
            }
            if (!hostnameVerification) {
                producerConfiguration += SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG + "=";
                consumerConfiguration += SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG + "=";
            }
            containerBuilder.addNewEnv().withName("PRODUCER_CONFIGURATION" + envVariablesSuffix).withValue(producerConfiguration).endEnv();
            containerBuilder.addNewEnv().withName("CONSUMER_CONFIGURATION" + envVariablesSuffix).withValue(consumerConfiguration).endEnv();
            containerBuilder.withResources(new ResourceRequirementsBuilder().addToRequests("memory", new Quantity("200M")).build());
        }
    }
    return podSpecBuilder.withContainers(containerBuilder.build()).build();
}
Also used : PodSpecBuilder(io.fabric8.kubernetes.api.model.PodSpecBuilder) KafkaUserTlsClientAuthentication(io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication) ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) TestUtils.toYamlString(io.strimzi.test.TestUtils.toYamlString) KafkaUserScramSha512ClientAuthentication(io.strimzi.api.kafka.model.KafkaUserScramSha512ClientAuthentication) KafkaUser(io.strimzi.api.kafka.model.KafkaUser)

Aggregations

ContainerBuilder (io.fabric8.kubernetes.api.model.ContainerBuilder)2 LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)2 PodSpecBuilder (io.fabric8.kubernetes.api.model.PodSpecBuilder)2 Quantity (io.fabric8.kubernetes.api.model.Quantity)2 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)2 KafkaUser (io.strimzi.api.kafka.model.KafkaUser)2 KafkaUserScramSha512ClientAuthentication (io.strimzi.api.kafka.model.KafkaUserScramSha512ClientAuthentication)2 KafkaUserTlsClientAuthentication (io.strimzi.api.kafka.model.KafkaUserTlsClientAuthentication)2 TestUtils.toYamlString (io.strimzi.test.TestUtils.toYamlString)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial