Example 11 with PasswordSecretSource
use of io.strimzi.api.kafka.model.PasswordSecretSource in project strimzi-kafka-operator by strimzi.
the class UtilTest method testAuthTlsHashScramSha512SecretFoundAndPasswordNotFound.
@Test
public void testAuthTlsHashScramSha512SecretFoundAndPasswordNotFound() {
SecretOperator secretOpertator = mock(SecretOperator.class);
Map<String, String> data = new HashMap<>();
data.put("passwordKey", "my-password");
Secret secret = new Secret();
secret.setData(data);
CompletionStage<Secret> cf = CompletableFuture.supplyAsync(() -> secret);
when(secretOpertator.getAsync(anyString(), anyString())).thenReturn(Future.fromCompletionStage(cf));
KafkaClientAuthenticationScramSha512 auth = new KafkaClientAuthenticationScramSha512();
PasswordSecretSource passwordSecretSource = new PasswordSecretSource();
passwordSecretSource.setSecretName("my-secret");
passwordSecretSource.setPassword("password1");
auth.setPasswordSecret(passwordSecretSource);
Future<Integer> result = Util.authTlsHash(secretOpertator, "anyNamespace", auth, List.of());
result.onComplete(handler -> {
assertTrue(handler.failed());
assertEquals("Secret my-secret does not contain key password1", handler.cause().getMessage());
});
}
Also used :
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
KafkaClientAuthenticationScramSha512(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScramSha512)
HashMap(java.util.HashMap)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.junit.jupiter.api.Test)
Example 12 with PasswordSecretSource
use of io.strimzi.api.kafka.model.PasswordSecretSource in project strimzi by strimzi.
the class UtilTest method testAuthTlsPlainSecretFoundAndPasswordNotFound.
@Test
public void testAuthTlsPlainSecretFoundAndPasswordNotFound() {
SecretOperator secretOpertator = mock(SecretOperator.class);
Map<String, String> data = new HashMap<>();
data.put("passwordKey", "my-password");
Secret secret = new Secret();
secret.setData(data);
CompletionStage<Secret> cf = CompletableFuture.supplyAsync(() -> secret);
when(secretOpertator.getAsync(anyString(), anyString())).thenReturn(Future.fromCompletionStage(cf));
KafkaClientAuthenticationPlain auth = new KafkaClientAuthenticationPlain();
PasswordSecretSource passwordSecretSource = new PasswordSecretSource();
passwordSecretSource.setSecretName("my-secret");
passwordSecretSource.setPassword("password1");
auth.setPasswordSecret(passwordSecretSource);
Future<Integer> result = Util.authTlsHash(secretOpertator, "anyNamespace", auth, List.of());
result.onComplete(handler -> {
assertTrue(handler.failed());
assertEquals("Secret my-secret does not contain key password1", handler.cause().getMessage());
});
}
Also used :
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
HashMap(java.util.HashMap)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)
Test(org.junit.jupiter.api.Test)
Example 13 with PasswordSecretSource
use of io.strimzi.api.kafka.model.PasswordSecretSource in project strimzi by strimzi.
the class UtilTest method testAuthTlsPlainSecretAndPasswordFound.
@Test
public void testAuthTlsPlainSecretAndPasswordFound() {
SecretOperator secretOpertator = mock(SecretOperator.class);
Map<String, String> data = new HashMap<>();
data.put("passwordKey", "my-password");
Secret secret = new Secret();
secret.setData(data);
CompletionStage<Secret> cf = CompletableFuture.supplyAsync(() -> secret);
when(secretOpertator.getAsync(anyString(), anyString())).thenReturn(Future.fromCompletionStage(cf));
KafkaClientAuthenticationPlain auth = new KafkaClientAuthenticationPlain();
PasswordSecretSource passwordSecretSource = new PasswordSecretSource();
passwordSecretSource.setSecretName("my-secret");
passwordSecretSource.setPassword("passwordKey");
auth.setPasswordSecret(passwordSecretSource);
Future<Integer> result = Util.authTlsHash(secretOpertator, "anyNamespace", auth, List.of());
result.onComplete(handler -> {
assertTrue(handler.succeeded());
assertEquals("my-password".hashCode(), handler.result());
});
}
Also used :
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
HashMap(java.util.HashMap)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)
Test(org.junit.jupiter.api.Test)
Example 14 with PasswordSecretSource
use of io.strimzi.api.kafka.model.PasswordSecretSource in project strimzi by strimzi.
the class HttpBridgeScramShaST method setUp.
@BeforeAll
void setUp(ExtensionContext extensionContext) {
LOGGER.info("Deploy Kafka and KafkaBridge before tests");
// Deploy kafka
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(httpBridgeScramShaClusterName, 1, 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationScramSha512Auth().endKafkaListenerAuthenticationScramSha512Auth().build()).endKafka().endSpec().build());
String kafkaClientsName = namespace + "-shared-" + Constants.KAFKA_CLIENTS;
// Create Kafka user
KafkaUser scramShaUser = KafkaUserTemplates.scramShaUser(httpBridgeScramShaClusterName, USER_NAME).editMetadata().withNamespace(namespace).endMetadata().build();
resourceManager.createResource(extensionContext, scramShaUser);
resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(namespace, true, kafkaClientsName, scramShaUser).build());
kafkaClientsPodName = kubeClient(namespace).listPodsByPrefixInName(namespace, kafkaClientsName).get(0).getMetadata().getName();
// Initialize PasswordSecret to set this as PasswordSecret in Mirror Maker spec
PasswordSecretSource passwordSecret = new PasswordSecretSource();
passwordSecret.setSecretName(USER_NAME);
passwordSecret.setPassword("password");
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecret = new CertSecretSource();
certSecret.setCertificate("ca.crt");
certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(httpBridgeScramShaClusterName));
// Deploy http bridge
resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(httpBridgeScramShaClusterName, KafkaResources.tlsBootstrapAddress(httpBridgeScramShaClusterName), 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().withNewConsumer().addToConfig(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest").endConsumer().withNewKafkaClientAuthenticationScramSha512().withUsername(USER_NAME).withPasswordSecret(passwordSecret).endKafkaClientAuthenticationScramSha512().withNewTls().withTrustedCertificates(certSecret).endTls().endSpec().build());
kafkaBridgeClientJob = new BridgeClientsBuilder().withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaBridgeResources.serviceName(httpBridgeScramShaClusterName)).withTopicName(TOPIC_NAME).withMessageCount(MESSAGE_COUNT).withPort(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNamespaceName(namespace).build();
}
Also used :
BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Example 15 with PasswordSecretSource
use of io.strimzi.api.kafka.model.PasswordSecretSource in project strimzi-kafka-operator by strimzi.
the class HttpBridgeKafkaExternalListenersST method testScramShaAuthWithWeirdUsername.
@ParallelTest
void testScramShaAuthWithWeirdUsername(ExtensionContext extensionContext) {
final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
// Create weird named user with . and more than 64 chars -> SCRAM-SHA
final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasd.asdasidioiqweioqiweooioqieioqieoqieooi";
// Initialize PasswordSecret to set this as PasswordSecret in Mirror Maker spec
final PasswordSecretSource passwordSecret = new PasswordSecretSource();
passwordSecret.setSecretName(weirdUserName);
passwordSecret.setPassword("password");
// Initialize CertSecretSource with certificate and secret names for consumer
CertSecretSource certSecret = new CertSecretSource();
certSecret.setCertificate("ca.crt");
certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName));
KafkaBridgeSpec bridgeSpec = new KafkaBridgeSpecBuilder().withNewKafkaClientAuthenticationScramSha512().withUsername(weirdUserName).withPasswordSecret(passwordSecret).endKafkaClientAuthenticationScramSha512().withNewTls().withTrustedCertificates(certSecret).endTls().build();
testWeirdUsername(extensionContext, weirdUserName, new KafkaListenerAuthenticationScramSha512(), bridgeSpec, SecurityProtocol.SASL_SSL);
}
Also used :
KafkaBridgeSpec(io.strimzi.api.kafka.model.KafkaBridgeSpec)
KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)
KafkaBridgeSpecBuilder(io.strimzi.api.kafka.model.KafkaBridgeSpecBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Aggregations
PasswordSecretSource (io.strimzi.api.kafka.model.PasswordSecretSource)18
Secret (io.fabric8.kubernetes.api.model.Secret)10
CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)10
KafkaUser (io.strimzi.api.kafka.model.KafkaUser)8
KafkaListenerAuthenticationScramSha512 (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)8
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)8
SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)8
HashMap (java.util.HashMap)8
Test (org.junit.jupiter.api.Test)8
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)8
ParallelNamespaceTest (io.strimzi.systemtest.annotations.ParallelNamespaceTest)6
InternalKafkaClient (io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient)6
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)4
JobBuilder (io.fabric8.kubernetes.api.model.batch.v1.JobBuilder)4
KafkaMirrorMaker2ClusterSpec (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)4
KafkaMirrorMaker2ClusterSpecBuilder (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder)4
KafkaClientAuthenticationPlain (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)4
KafkaClientAuthenticationScramSha512 (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScramSha512)4
KafkaClientsBuilder (io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)4
Matchers.containsString (org.hamcrest.Matchers.containsString)4
