Search in sources :

Example 6 with KafkaClientAuthenticationScram

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram in project strimzi by strimzi.

the class AuthenticationUtils method configureClientAuthenticationVolumeMounts.

/**
 * Creates the VolumeMounts used for authentication of Kafka client based components
 * @param authentication    Authentication object from CRD
 * @param volumeMountList    List where the volume mounts will be added
 * @param tlsVolumeMount    Path where the TLS certs should be mounted
 * @param passwordVolumeMount   Path where passwords should be mounted
 * @param oauthCertsVolumeMount Path where the OAuth certificates would be mounted
 * @param oauthVolumeNamePrefix Prefix used for OAuth volume names
 * @param volumeNamePrefix Prefix used for volume mount names
 * @param mountOAuthSecretVolumes Indicates whether OAuth secret volume mounts will be added to the list
 * @param oauthSecretsVolumeMount Path where the OAuth secrets would be mounted
 */
public static void configureClientAuthenticationVolumeMounts(KafkaClientAuthentication authentication, List<VolumeMount> volumeMountList, String tlsVolumeMount, String passwordVolumeMount, String oauthCertsVolumeMount, String oauthVolumeNamePrefix, String volumeNamePrefix, boolean mountOAuthSecretVolumes, String oauthSecretsVolumeMount) {
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            // skipping if a volume mount with same Secret name was already added
            if (!volumeMountList.stream().anyMatch(vm -> vm.getName().equals(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName()))) {
                volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName(), tlsVolumeMount + tlsAuth.getCertificateAndKey().getSecretName()));
            }
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + passwordAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + passwordAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + scramAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + scramAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            volumeMountList.addAll(configureOauthCertificateVolumeMounts(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), oauthCertsVolumeMount));
            if (mountOAuthSecretVolumes) {
                if (oauth.getClientSecret() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getClientSecret().getSecretName(), oauthSecretsVolumeMount + oauth.getClientSecret().getSecretName()));
                }
                if (oauth.getAccessToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getAccessToken().getSecretName(), oauthSecretsVolumeMount + oauth.getAccessToken().getSecretName()));
                }
                if (oauth.getRefreshToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getRefreshToken().getSecretName(), oauthSecretsVolumeMount + oauth.getRefreshToken().getSecretName()));
                }
            }
        }
    }
}
Also used : VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaJmxAuthentication(io.strimzi.api.kafka.model.KafkaJmxAuthentication) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) HashMap(java.util.HashMap) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) Function(java.util.function.Function) ArrayList(java.util.ArrayList) KafkaJmxAuthenticationPassword(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPassword) List(java.util.List) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) Locale(java.util.Locale) Map(java.util.Map) Entry(java.util.Map.Entry) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) Collections(java.util.Collections) Volume(io.fabric8.kubernetes.api.model.Volume) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 7 with KafkaClientAuthenticationScram

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram in project strimzi-kafka-operator by strimzi.

the class AuthenticationUtils method configureClientAuthenticationVolumeMounts.

/**
 * Creates the VolumeMounts used for authentication of Kafka client based components
 * @param authentication    Authentication object from CRD
 * @param volumeMountList    List where the volume mounts will be added
 * @param tlsVolumeMount    Path where the TLS certs should be mounted
 * @param passwordVolumeMount   Path where passwords should be mounted
 * @param oauthCertsVolumeMount Path where the OAuth certificates would be mounted
 * @param oauthVolumeNamePrefix Prefix used for OAuth volume names
 * @param volumeNamePrefix Prefix used for volume mount names
 * @param mountOAuthSecretVolumes Indicates whether OAuth secret volume mounts will be added to the list
 * @param oauthSecretsVolumeMount Path where the OAuth secrets would be mounted
 */
public static void configureClientAuthenticationVolumeMounts(KafkaClientAuthentication authentication, List<VolumeMount> volumeMountList, String tlsVolumeMount, String passwordVolumeMount, String oauthCertsVolumeMount, String oauthVolumeNamePrefix, String volumeNamePrefix, boolean mountOAuthSecretVolumes, String oauthSecretsVolumeMount) {
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            // skipping if a volume mount with same Secret name was already added
            if (!volumeMountList.stream().anyMatch(vm -> vm.getName().equals(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName()))) {
                volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName(), tlsVolumeMount + tlsAuth.getCertificateAndKey().getSecretName()));
            }
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + passwordAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + passwordAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + scramAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + scramAuth.getPasswordSecret().getSecretName()));
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            volumeMountList.addAll(configureOauthCertificateVolumeMounts(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), oauthCertsVolumeMount));
            if (mountOAuthSecretVolumes) {
                if (oauth.getClientSecret() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getClientSecret().getSecretName(), oauthSecretsVolumeMount + oauth.getClientSecret().getSecretName()));
                }
                if (oauth.getAccessToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getAccessToken().getSecretName(), oauthSecretsVolumeMount + oauth.getAccessToken().getSecretName()));
                }
                if (oauth.getRefreshToken() != null) {
                    volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getRefreshToken().getSecretName(), oauthSecretsVolumeMount + oauth.getRefreshToken().getSecretName()));
                }
            }
        }
    }
}
Also used : VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaJmxAuthentication(io.strimzi.api.kafka.model.KafkaJmxAuthentication) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) GenericSecretSource(io.strimzi.api.kafka.model.GenericSecretSource) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) HashMap(java.util.HashMap) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain) ClientConfig(io.strimzi.kafka.oauth.client.ClientConfig) Function(java.util.function.Function) ArrayList(java.util.ArrayList) KafkaJmxAuthenticationPassword(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPassword) List(java.util.List) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) Locale(java.util.Locale) Map(java.util.Map) Entry(java.util.Map.Entry) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) Collections(java.util.Collections) Volume(io.fabric8.kubernetes.api.model.Volume) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 8 with KafkaClientAuthenticationScram

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram in project strimzi-kafka-operator by strimzi.

the class AuthenticationUtils method configureClientAuthenticationVolumes.

/**
 * Creates the Volumes used for authentication of Kafka client based components
 *
 * @param authentication    Authentication object from CRD
 * @param volumeList    List where the volumes will be added
 * @param oauthVolumeNamePrefix Prefix used for OAuth volumes
 * @param isOpenShift   Indicates whether we run on OpenShift or not
 * @param volumeNamePrefix Prefix used for volume names
 * @param createOAuthSecretVolumes   Indicates whether OAuth secret volumes will be added to the list
 */
public static void configureClientAuthenticationVolumes(KafkaClientAuthentication authentication, List<Volume> volumeList, String oauthVolumeNamePrefix, boolean isOpenShift, String volumeNamePrefix, boolean createOAuthSecretVolumes) {
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            addNewVolume(volumeList, volumeNamePrefix, tlsAuth.getCertificateAndKey().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            addNewVolume(volumeList, volumeNamePrefix, passwordAuth.getPasswordSecret().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            addNewVolume(volumeList, volumeNamePrefix, scramAuth.getPasswordSecret().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            volumeList.addAll(configureOauthCertificateVolumes(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), isOpenShift));
            if (createOAuthSecretVolumes) {
                if (oauth.getClientSecret() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getClientSecret().getSecretName(), isOpenShift);
                }
                if (oauth.getAccessToken() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getAccessToken().getSecretName(), isOpenShift);
                }
                if (oauth.getRefreshToken() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getRefreshToken().getSecretName(), isOpenShift);
                }
            }
        }
    }
}
Also used : KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Aggregations

KafkaClientAuthenticationOAuth (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth)8 KafkaClientAuthenticationPlain (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)8 KafkaClientAuthenticationScram (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram)8 KafkaClientAuthenticationTls (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls)8 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)4 KafkaClientAuthentication (io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication)4 ArrayList (java.util.ArrayList)4 HashMap (java.util.HashMap)4 List (java.util.List)4 Volume (io.fabric8.kubernetes.api.model.Volume)2 VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)2 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)2 GenericSecretSource (io.strimzi.api.kafka.model.GenericSecretSource)2 KafkaJmxAuthentication (io.strimzi.api.kafka.model.KafkaJmxAuthentication)2 KafkaJmxAuthenticationPassword (io.strimzi.api.kafka.model.KafkaJmxAuthenticationPassword)2 KafkaMirrorMaker2ClusterSpec (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)2 ClientConfig (io.strimzi.kafka.oauth.client.ClientConfig)2 ServerConfig (io.strimzi.kafka.oauth.server.ServerConfig)2 Collections (java.util.Collections)2 Locale (java.util.Locale)2