Search in sources :

Example 41 with KafkaClientAuthenticationOAuthBuilder

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder in project strimzi by strimzi.

the class KafkaConnectClusterTest method testGenerateDeploymentWithOAuthWithClientSecret.

@ParallelTest
public void testGenerateDeploymentWithOAuthWithClientSecret() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resource).editSpec().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withAudience("kafka").withScope("all").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build()).endSpec().build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_SASL_MECHANISM.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CLIENT_SECRET.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaConnectCluster.ENV_VAR_KAFKA_CONNECT_OAUTH_CONFIG.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ClientConfig.OAUTH_SCOPE, "all", ClientConfig.OAUTH_AUDIENCE, "kafka")));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) OrderedProperties(io.strimzi.operator.common.model.OrderedProperties) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) ConfigMapVolumeSourceBuilder(io.fabric8.kubernetes.api.model.ConfigMapVolumeSourceBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ExternalConfigurationEnv(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnv) Rack(io.strimzi.api.kafka.model.Rack) CoreMatchers.startsWith(org.hamcrest.CoreMatchers.startsWith) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements) ExternalConfigurationEnvBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationEnvBuilder) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder) Probe(io.strimzi.api.kafka.model.Probe) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder) LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Collectors(java.util.stream.Collectors) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) PodSpec(io.fabric8.kubernetes.api.model.PodSpec) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) Collections.emptyMap(java.util.Collections.emptyMap) TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint) ExternalConfigurationVolumeSource(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSource) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) IOException(java.io.IOException) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) SecretKeySelectorBuilder(io.fabric8.kubernetes.api.model.SecretKeySelectorBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources) KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) Container(io.fabric8.kubernetes.api.model.Container) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 42 with KafkaClientAuthenticationOAuthBuilder

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder in project strimzi by strimzi.

the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithProducerOAuthWithTls.

@ParallelTest
public void testGenerateDeploymentWithProducerOAuthWithTls() {
    CertSecretSource cert1 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca.crt").build();
    CertSecretSource cert2 = new CertSecretSourceBuilder().withSecretName("second-certificate").withCertificate("tls.crt").build();
    CertSecretSource cert3 = new CertSecretSourceBuilder().withSecretName("first-certificate").withCertificate("ca2.crt").build();
    KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editProducer().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().withDisableTlsHostnameVerification(true).withTlsTrustedCertificates(cert1, cert2, cert3).build()).endProducer().endSpec().build();
    KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_SASL_MECHANISM_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CONFIG_PRODUCER.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, "")));
    // Volume mounts
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-0".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-0"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-1".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/second-certificate-1"));
    assertThat(cont.getVolumeMounts().stream().filter(mount -> "producer-oauth-certs-2".equals(mount.getName())).findFirst().orElseThrow().getMountPath(), is(KafkaMirrorMakerCluster.OAUTH_TLS_CERTS_BASE_VOLUME_MOUNT_PRODUCER + "/first-certificate-2"));
    // Volumes
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-0".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-1".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().size(), is(1));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getKey(), is("ca2.crt"));
    assertThat(dep.getSpec().getTemplate().getSpec().getVolumes().stream().filter(vol -> "producer-oauth-certs-2".equals(vol.getName())).findFirst().orElseThrow().getSecret().getItems().get(0).getPath(), is("tls.crt"));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) KafkaMirrorMakerProducerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpecBuilder) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) KafkaMirrorMakerConsumerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpecBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) LINE_SEPARATOR(io.strimzi.test.TestUtils.LINE_SEPARATOR) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) KafkaMirrorMakerConsumerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpec) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) KafkaMirrorMakerProducerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpec) TestUtils(io.strimzi.test.TestUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Probe(io.fabric8.kubernetes.api.model.Probe) Collections.emptyMap(java.util.Collections.emptyMap) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) Container(io.fabric8.kubernetes.api.model.Container) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 43 with KafkaClientAuthenticationOAuthBuilder

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder in project strimzi by strimzi.

the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithConsumerOAuthWithMissingUri.

@ParallelTest
public void testGenerateDeploymentWithConsumerOAuthWithMissingUri() {
    assertThrows(InvalidResourceException.class, () -> {
        KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editConsumer().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build()).endConsumer().endSpec().build();
        KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    });
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 44 with KafkaClientAuthenticationOAuthBuilder

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder in project strimzi by strimzi.

the class KafkaMirrorMakerClusterTest method testGenerateDeploymentWithConsumerOAuthWithClientSecret.

@ParallelTest
public void testGenerateDeploymentWithConsumerOAuthWithClientSecret() {
    KafkaMirrorMaker resource = new KafkaMirrorMakerBuilder(this.resource).editSpec().editConsumer().withAuthentication(new KafkaClientAuthenticationOAuthBuilder().withClientId("my-client-id").withTokenEndpointUri("http://my-oauth-server").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build()).endConsumer().endSpec().build();
    KafkaMirrorMakerCluster kc = KafkaMirrorMakerCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    Deployment dep = kc.generateDeployment(emptyMap(), true, null, null);
    Container cont = dep.getSpec().getTemplate().getSpec().getContainers().get(0);
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_SASL_MECHANISM_CONSUMER.equals(var.getName())).findFirst().orElseThrow().getValue(), is("oauth"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_CONSUMER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CLIENT_SECRET_CONSUMER.equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
    assertThat(cont.getEnv().stream().filter(var -> KafkaMirrorMakerCluster.ENV_VAR_KAFKA_MIRRORMAKER_OAUTH_CONFIG_CONSUMER.equals(var.getName())).findFirst().orElseThrow().getValue().trim(), is(String.format("%s=\"%s\" %s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, "my-client-id", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, "http://my-oauth-server")));
}
Also used : KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) KafkaMirrorMakerProducerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpecBuilder) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) ParallelTest(io.strimzi.test.annotations.ParallelTest) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) KafkaMirrorMakerConsumerSpecBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpecBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) LINE_SEPARATOR(io.strimzi.test.TestUtils.LINE_SEPARATOR) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) KafkaMirrorMakerConsumerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerConsumerSpec) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaClientAuthenticationTlsBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) KafkaMirrorMakerProducerSpec(io.strimzi.api.kafka.model.KafkaMirrorMakerProducerSpec) TestUtils(io.strimzi.test.TestUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Probe(io.fabric8.kubernetes.api.model.Probe) Collections.emptyMap(java.util.Collections.emptyMap) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Reconciliation(io.strimzi.operator.common.Reconciliation) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) KafkaMirrorMakerBuilder(io.strimzi.api.kafka.model.KafkaMirrorMakerBuilder) Container(io.fabric8.kubernetes.api.model.Container) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 45 with KafkaClientAuthenticationOAuthBuilder

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder in project strimzi by strimzi.

the class UtilTest method getHashFailure.

@Test
public void getHashFailure() {
    String namespace = "ns";
    GenericSecretSource at = new GenericSecretSourceBuilder().withSecretName("top-secret-at").withKey("key").build();
    GenericSecretSource cs = new GenericSecretSourceBuilder().withSecretName("top-secret-cs").withKey("key").build();
    GenericSecretSource rt = new GenericSecretSourceBuilder().withSecretName("top-secret-rt").withKey("key").build();
    KafkaClientAuthentication kcu = new KafkaClientAuthenticationOAuthBuilder().withAccessToken(at).withRefreshToken(rt).withClientSecret(cs).build();
    CertSecretSource css = new CertSecretSourceBuilder().withCertificate("key").withSecretName("css-secret").build();
    Secret secret = new SecretBuilder().withData(Map.of("key", "value")).build();
    SecretOperator secretOps = mock(SecretOperator.class);
    when(secretOps.getAsync(eq(namespace), eq("top-secret-at"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-rt"))).thenReturn(Future.succeededFuture(secret));
    when(secretOps.getAsync(eq(namespace), eq("top-secret-cs"))).thenReturn(Future.succeededFuture(null));
    when(secretOps.getAsync(eq(namespace), eq("css-secret"))).thenReturn(Future.succeededFuture(secret));
    Future<Integer> res = Util.authTlsHash(secretOps, "ns", kcu, singletonList(css));
    res.onComplete(v -> {
        assertThat(v.succeeded(), is(false));
        assertThat(v.cause().getMessage(), is("Secret top-secret-cs not found"));
    });
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) Test(org.junit.jupiter.api.Test)

Aggregations

KafkaClientAuthenticationOAuthBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuthBuilder)70 ParallelTest (io.strimzi.test.annotations.ParallelTest)66 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)50 CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)50 Container (io.fabric8.kubernetes.api.model.Container)46 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)46 EnvVarBuilder (io.fabric8.kubernetes.api.model.EnvVarBuilder)46 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)46 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)46 LocalObjectReference (io.fabric8.kubernetes.api.model.LocalObjectReference)46 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)46 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)46 Quantity (io.fabric8.kubernetes.api.model.Quantity)46 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)46 ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)46 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)46 PodDisruptionBudget (io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget)46 ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)46 KafkaClientAuthenticationTlsBuilder (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTlsBuilder)46 ContainerTemplate (io.strimzi.api.kafka.model.template.ContainerTemplate)46