Examples with KafkaClientAuthentication io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication used on opensource projects

Search in sources :

Example 6 with KafkaClientAuthentication

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication in project strimzi-kafka-operator by strimzi.

the class KafkaMirrorMaker2Cluster method getEnvVars.

@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:NPathComplexity" })
@Override
protected List<EnvVar> getEnvVars() {
    List<EnvVar> varList = super.getEnvVars();
    final StringBuilder clusterAliases = new StringBuilder();
    final StringBuilder clustersTrustedCerts = new StringBuilder();
    boolean hasClusterWithTls = false;
    final StringBuilder clustersTlsAuthCerts = new StringBuilder();
    final StringBuilder clustersTlsAuthKeys = new StringBuilder();
    final StringBuilder clustersSaslPasswordFiles = new StringBuilder();
    boolean hasClusterOauthTrustedCerts = false;
    final StringBuilder clustersOauthClientSecrets = new StringBuilder();
    final StringBuilder clustersOauthAccessTokens = new StringBuilder();
    final StringBuilder clustersOauthRefreshTokens = new StringBuilder();
    for (KafkaMirrorMaker2ClusterSpec mirrorMaker2Cluster : clusters) {
        String clusterAlias = mirrorMaker2Cluster.getAlias();
        if (clusterAliases.length() > 0) {
            clusterAliases.append(";");
        }
        clusterAliases.append(clusterAlias);
        if (mirrorMaker2Cluster.getTls() != null) {
            hasClusterWithTls = true;
        }
        getClusterTrustedCerts(clustersTrustedCerts, mirrorMaker2Cluster, clusterAlias);
        KafkaClientAuthentication authentication = mirrorMaker2Cluster.getAuthentication();
        if (authentication != null) {
            if (authentication instanceof KafkaClientAuthenticationTls) {
                KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
                if (tlsAuth.getCertificateAndKey() != null) {
                    appendCluster(clustersTlsAuthCerts, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getCertificate());
                    appendCluster(clustersTlsAuthKeys, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getKey());
                }
            } else if (authentication instanceof KafkaClientAuthenticationPlain) {
                KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationScram) {
                KafkaClientAuthenticationScram passwordAuth = (KafkaClientAuthenticationScram) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
                KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
                if (oauth.getTlsTrustedCertificates() != null && !oauth.getTlsTrustedCertificates().isEmpty()) {
                    hasClusterOauthTrustedCerts = true;
                }
                appendClusterOAuthSecretSource(clustersOauthClientSecrets, clusterAlias, oauth.getClientSecret());
                appendClusterOAuthSecretSource(clustersOauthAccessTokens, clusterAlias, oauth.getAccessToken());
                appendClusterOAuthSecretSource(clustersOauthRefreshTokens, clusterAlias, oauth.getRefreshToken());
            }
        }
    }
    varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_CLUSTERS, clusterAliases.toString()));
    if (hasClusterWithTls) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_CLUSTERS, "true"));
    }
    if (clustersTrustedCerts.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TRUSTED_CERTS_CLUSTERS, clustersTrustedCerts.toString()));
    }
    if (clustersTlsAuthCerts.length() > 0 || clustersTlsAuthKeys.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CLUSTERS, "true"));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CERTS_CLUSTERS, clustersTlsAuthCerts.toString()));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_KEYS_CLUSTERS, clustersTlsAuthKeys.toString()));
    }
    if (clustersSaslPasswordFiles.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_SASL_PASSWORD_FILES_CLUSTERS, clustersSaslPasswordFiles.toString()));
    }
    if (hasClusterOauthTrustedCerts) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_TRUSTED_CERTS, "true"));
    }
    if (clustersOauthClientSecrets.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_CLIENT_SECRETS_CLUSTERS, clustersOauthClientSecrets.toString()));
    }
    if (clustersOauthAccessTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_ACCESS_TOKENS_CLUSTERS, clustersOauthAccessTokens.toString()));
    }
    if (clustersOauthRefreshTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_REFRESH_TOKENS_CLUSTERS, clustersOauthRefreshTokens.toString()));
    }
    if (javaSystemProperties != null) {
        varList.add(buildEnvVar(ENV_VAR_STRIMZI_JAVA_SYSTEM_PROPERTIES, ModelUtils.getJavaSystemPropertiesToString(javaSystemProperties)));
    }
    return varList;
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 7 with KafkaClientAuthentication

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication in project strimzi-kafka-operator by strimzi.

the class UtilTest method getHashOk.

@Test
public void getHashOk() {
    String namespace = "ns";
    GenericSecretSource at = new GenericSecretSourceBuilder().withSecretName("top-secret-at").withKey("key").build();
    GenericSecretSource cs = new GenericSecretSourceBuilder().withSecretName("top-secret-cs").withKey("key").build();
    GenericSecretSource rt = new GenericSecretSourceBuilder().withSecretName("top-secret-rt").withKey("key").build();
    KafkaClientAuthentication kcu = new KafkaClientAuthenticationOAuthBuilder().withAccessToken(at).withRefreshToken(rt).withClientSecret(cs).build();
    CertSecretSource css = new CertSecretSourceBuilder().withCertificate("key").withSecretName("css-secret").build();
    Secret secret = new SecretBuilder().withData(Map.of("key", "value")).build();
    SecretOperator secretOps = mock(SecretOperator.class);
    when(secretOps.getAsync(eq(namespace), eq("top-secret-at"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-rt"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-cs"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("css-secret"))).thenReturn(Future.succeededFuture(secret));
    Future<Integer> res = Util.authTlsHash(secretOps, "ns", kcu, singletonList(css));
    res.onComplete(v -> {
        assertThat(v.succeeded(), is(true));
        // we are summing "value" hash four times
        assertThat(v.result(), is("value".hashCode() * 4));
    });
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Test(org.junit.jupiter.api.Test)

Example 8 with KafkaClientAuthentication

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication in project strimzi by strimzi.

the class UtilTest method getHashFailure.

@Test
public void getHashFailure() {
    String namespace = "ns";
    GenericSecretSource at = new GenericSecretSourceBuilder().withSecretName("top-secret-at").withKey("key").build();
    GenericSecretSource cs = new GenericSecretSourceBuilder().withSecretName("top-secret-cs").withKey("key").build();
    GenericSecretSource rt = new GenericSecretSourceBuilder().withSecretName("top-secret-rt").withKey("key").build();
    KafkaClientAuthentication kcu = new KafkaClientAuthenticationOAuthBuilder().withAccessToken(at).withRefreshToken(rt).withClientSecret(cs).build();
    CertSecretSource css = new CertSecretSourceBuilder().withCertificate("key").withSecretName("css-secret").build();
    Secret secret = new SecretBuilder().withData(Map.of("key", "value")).build();
    SecretOperator secretOps = mock(SecretOperator.class);
    when(secretOps.getAsync(eq(namespace), eq("top-secret-at"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-rt"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-cs"))).thenReturn(Future.succeededFuture(null));
    when(secretOps.getAsync(eq(namespace), eq("css-secret"))).thenReturn(Future.succeededFuture(secret));
    Future<Integer> res = Util.authTlsHash(secretOps, "ns", kcu, singletonList(css));
    res.onComplete(v -> {
        assertThat(v.succeeded(), is(false));
        assertThat(v.cause().getMessage(), is("Secret top-secret-cs not found"));
    });
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Test(org.junit.jupiter.api.Test)

Example 9 with KafkaClientAuthentication

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication in project strimzi by strimzi.

the class AuthenticationUtils method configureClientAuthenticationVolumeMounts.

/**
 * Creates the VolumeMounts used for authentication of Kafka client based components
 * @param authentication    Authentication object from CRD
 * @param volumeMountList    List where the volume mounts will be added
 * @param tlsVolumeMount    Path where the TLS certs should be mounted
 * @param passwordVolumeMount   Path where passwords should be mounted
 * @param oauthCertsVolumeMount Path where the OAuth certificates would be mounted
 * @param oauthVolumeNamePrefix Prefix used for OAuth volume names
 * @param volumeNamePrefix Prefix used for volume mount names
 * @param mountOAuthSecretVolumes Indicates whether OAuth secret volume mounts will be added to the list
 * @param oauthSecretsVolumeMount Path where the OAuth secrets would be mounted
 */
public static void configureClientAuthenticationVolumeMounts(KafkaClientAuthentication authentication, List<VolumeMount> volumeMountList, String tlsVolumeMount, String passwordVolumeMount, String oauthCertsVolumeMount, String oauthVolumeNamePrefix, String volumeNamePrefix, boolean mountOAuthSecretVolumes, String oauthSecretsVolumeMount) {
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            // skipping if a volume mount with same Secret name was already added
            if (!volumeMountList.stream().anyMatch(vm -> vm.getName().equals(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName()))) {
                volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName(), tlsVolumeMount + tlsAuth.getCertificateAndKey().getSecretName()));
            }
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + passwordAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + passwordAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + scramAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + scramAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            volumeMountList.addAll(configureOauthCertificateVolumeMounts(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), oauthCertsVolumeMount));
            if (mountOAuthSecretVolumes) {
                if (oauth.getClientSecret() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getClientSecret().getSecretName(), oauthSecretsVolumeMount + oauth.getClientSecret().getSecretName()));
                }
                if (oauth.getAccessToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getAccessToken().getSecretName(), oauthSecretsVolumeMount + oauth.getAccessToken().getSecretName()));
                }
                if (oauth.getRefreshToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getRefreshToken().getSecretName(), oauthSecretsVolumeMount + oauth.getRefreshToken().getSecretName()));
                }
            }
        }
    }
}
Also used : VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaJmxAuthentication(io.strimzi.api.kafka.model.KafkaJmxAuthentication) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) HashMap(java.util.HashMap) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) Function(java.util.function.Function) ArrayList(java.util.ArrayList) KafkaJmxAuthenticationPassword(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPassword) List(java.util.List) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) Locale(java.util.Locale) Map(java.util.Map) Entry(java.util.Map.Entry) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) Collections(java.util.Collections) Volume(io.fabric8.kubernetes.api.model.Volume) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 10 with KafkaClientAuthentication

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication in project strimzi-kafka-operator by strimzi.

the class UtilTest method getHashFailure.

@Test
public void getHashFailure() {
    String namespace = "ns";
    GenericSecretSource at = new GenericSecretSourceBuilder().withSecretName("top-secret-at").withKey("key").build();
    GenericSecretSource cs = new GenericSecretSourceBuilder().withSecretName("top-secret-cs").withKey("key").build();
    GenericSecretSource rt = new GenericSecretSourceBuilder().withSecretName("top-secret-rt").withKey("key").build();
    KafkaClientAuthentication kcu = new KafkaClientAuthenticationOAuthBuilder().withAccessToken(at).withRefreshToken(rt).withClientSecret(cs).build();
    CertSecretSource css = new CertSecretSourceBuilder().withCertificate("key").withSecretName("css-secret").build();
    Secret secret = new SecretBuilder().withData(Map.of("key", "value")).build();
    SecretOperator secretOps = mock(SecretOperator.class);
    when(secretOps.getAsync(eq(namespace), eq("top-secret-at"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-rt"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-cs"))).thenReturn(Future.succeededFuture(null));
    when(secretOps.getAsync(eq(namespace), eq("css-secret"))).thenReturn(Future.succeededFuture(secret));
    Future<Integer> res = Util.authTlsHash(secretOps, "ns", kcu, singletonList(css));
    res.onComplete(v -> {
        assertThat(v.succeeded(), is(false));
        assertThat(v.cause().getMessage(), is("Secret top-secret-cs not found"));
    });
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Test(org.junit.jupiter.api.Test)

Aggregations

KafkaClientAuthentication (io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication)14 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)12 GenericSecretSource (io.strimzi.api.kafka.model.GenericSecretSource)6 Collections (java.util.Collections)6 List (java.util.List)6 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)4 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)4 Secret (io.fabric8.kubernetes.api.model.Secret)4 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)4 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)4 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)4 Resource (io.fabric8.kubernetes.client.dsl.Resource)4 CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)4 GenericSecretSourceBuilder (io.strimzi.api.kafka.model.GenericSecretSourceBuilder)4 KafkaClientAuthenticationOAuth (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth)4 KafkaClientAuthenticationOAuthBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)4 KafkaClientAuthenticationPlain (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)4 KafkaClientAuthenticationScram (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram)4 KafkaClientAuthenticationTls (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls)4 CertManager (io.strimzi.certs.CertManager)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial