Search in sources :

Example 1 with KafkaClientAuthenticationTls

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi by strimzi.

the class AuthenticationUtils method configureClientAuthenticationVolumes.

/**
 * Creates the Volumes used for authentication of Kafka client based components
 *
 * @param authentication    Authentication object from CRD
 * @param volumeList    List where the volumes will be added
 * @param oauthVolumeNamePrefix Prefix used for OAuth volumes
 * @param isOpenShift   Indicates whether we run on OpenShift or not
 * @param volumeNamePrefix Prefix used for volume names
 * @param createOAuthSecretVolumes   Indicates whether OAuth secret volumes will be added to the list
 */
public static void configureClientAuthenticationVolumes(KafkaClientAuthentication authentication, List<Volume> volumeList, String oauthVolumeNamePrefix, boolean isOpenShift, String volumeNamePrefix, boolean createOAuthSecretVolumes) {
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            addNewVolume(volumeList, volumeNamePrefix, tlsAuth.getCertificateAndKey().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            addNewVolume(volumeList, volumeNamePrefix, passwordAuth.getPasswordSecret().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            addNewVolume(volumeList, volumeNamePrefix, scramAuth.getPasswordSecret().getSecretName(), isOpenShift);
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            volumeList.addAll(configureOauthCertificateVolumes(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), isOpenShift));
            if (createOAuthSecretVolumes) {
                if (oauth.getClientSecret() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getClientSecret().getSecretName(), isOpenShift);
                }
                if (oauth.getAccessToken() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getAccessToken().getSecretName(), isOpenShift);
                }
                if (oauth.getRefreshToken() != null) {
                    addNewVolume(volumeList, volumeNamePrefix, oauth.getRefreshToken().getSecretName(), isOpenShift);
                }
            }
        }
    }
}
Also used : KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 2 with KafkaClientAuthenticationTls

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi by strimzi.

the class KafkaMirrorMaker2Cluster method getEnvVars.

@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:NPathComplexity" })
@Override
protected List<EnvVar> getEnvVars() {
    List<EnvVar> varList = super.getEnvVars();
    final StringBuilder clusterAliases = new StringBuilder();
    final StringBuilder clustersTrustedCerts = new StringBuilder();
    boolean hasClusterWithTls = false;
    final StringBuilder clustersTlsAuthCerts = new StringBuilder();
    final StringBuilder clustersTlsAuthKeys = new StringBuilder();
    final StringBuilder clustersSaslPasswordFiles = new StringBuilder();
    boolean hasClusterOauthTrustedCerts = false;
    final StringBuilder clustersOauthClientSecrets = new StringBuilder();
    final StringBuilder clustersOauthAccessTokens = new StringBuilder();
    final StringBuilder clustersOauthRefreshTokens = new StringBuilder();
    for (KafkaMirrorMaker2ClusterSpec mirrorMaker2Cluster : clusters) {
        String clusterAlias = mirrorMaker2Cluster.getAlias();
        if (clusterAliases.length() > 0) {
            clusterAliases.append(";");
        }
        clusterAliases.append(clusterAlias);
        if (mirrorMaker2Cluster.getTls() != null) {
            hasClusterWithTls = true;
        }
        getClusterTrustedCerts(clustersTrustedCerts, mirrorMaker2Cluster, clusterAlias);
        KafkaClientAuthentication authentication = mirrorMaker2Cluster.getAuthentication();
        if (authentication != null) {
            if (authentication instanceof KafkaClientAuthenticationTls) {
                KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
                if (tlsAuth.getCertificateAndKey() != null) {
                    appendCluster(clustersTlsAuthCerts, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getCertificate());
                    appendCluster(clustersTlsAuthKeys, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getKey());
                }
            } else if (authentication instanceof KafkaClientAuthenticationPlain) {
                KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationScram) {
                KafkaClientAuthenticationScram passwordAuth = (KafkaClientAuthenticationScram) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
                KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
                if (oauth.getTlsTrustedCertificates() != null && !oauth.getTlsTrustedCertificates().isEmpty()) {
                    hasClusterOauthTrustedCerts = true;
                }
                appendClusterOAuthSecretSource(clustersOauthClientSecrets, clusterAlias, oauth.getClientSecret());
                appendClusterOAuthSecretSource(clustersOauthAccessTokens, clusterAlias, oauth.getAccessToken());
                appendClusterOAuthSecretSource(clustersOauthRefreshTokens, clusterAlias, oauth.getRefreshToken());
            }
        }
    }
    varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_CLUSTERS, clusterAliases.toString()));
    if (hasClusterWithTls) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_CLUSTERS, "true"));
    }
    if (clustersTrustedCerts.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TRUSTED_CERTS_CLUSTERS, clustersTrustedCerts.toString()));
    }
    if (clustersTlsAuthCerts.length() > 0 || clustersTlsAuthKeys.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CLUSTERS, "true"));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CERTS_CLUSTERS, clustersTlsAuthCerts.toString()));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_KEYS_CLUSTERS, clustersTlsAuthKeys.toString()));
    }
    if (clustersSaslPasswordFiles.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_SASL_PASSWORD_FILES_CLUSTERS, clustersSaslPasswordFiles.toString()));
    }
    if (hasClusterOauthTrustedCerts) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_TRUSTED_CERTS, "true"));
    }
    if (clustersOauthClientSecrets.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_CLIENT_SECRETS_CLUSTERS, clustersOauthClientSecrets.toString()));
    }
    if (clustersOauthAccessTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_ACCESS_TOKENS_CLUSTERS, clustersOauthAccessTokens.toString()));
    }
    if (clustersOauthRefreshTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_REFRESH_TOKENS_CLUSTERS, clustersOauthRefreshTokens.toString()));
    }
    if (javaSystemProperties != null) {
        varList.add(buildEnvVar(ENV_VAR_STRIMZI_JAVA_SYSTEM_PROPERTIES, ModelUtils.getJavaSystemPropertiesToString(javaSystemProperties)));
    }
    return varList;
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 3 with KafkaClientAuthenticationTls

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi-kafka-operator by strimzi.

the class AuthenticationUtils method getClientAuthenticationProperties.

/**
 * Get a map of properties related to authentication in Kafka clients.
 *
 * @param authentication    Authentication object with auth configuration
 * @return Map of name/value pairs
 */
public static Map<String, String> getClientAuthenticationProperties(KafkaClientAuthentication authentication) {
    Map<String, String> properties = new HashMap<>(3);
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            properties.put(TLS_AUTH_CERT, String.format("%s/%s", tlsAuth.getCertificateAndKey().getSecretName(), tlsAuth.getCertificateAndKey().getCertificate()));
            properties.put(TLS_AUTH_KEY, String.format("%s/%s", tlsAuth.getCertificateAndKey().getSecretName(), tlsAuth.getCertificateAndKey().getKey()));
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            properties.put(SASL_USERNAME, passwordAuth.getUsername());
            properties.put(SASL_PASSWORD_FILE, String.format("%s/%s", passwordAuth.getPasswordSecret().getSecretName(), passwordAuth.getPasswordSecret().getPassword()));
            properties.put(SASL_MECHANISM, KafkaClientAuthenticationPlain.TYPE_PLAIN);
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            properties.put(SASL_USERNAME, scramAuth.getUsername());
            properties.put(SASL_PASSWORD_FILE, String.format("%s/%s", scramAuth.getPasswordSecret().getSecretName(), scramAuth.getPasswordSecret().getPassword()));
            properties.put(SASL_MECHANISM, scramAuth.getType());
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            properties.put(SASL_MECHANISM, KafkaClientAuthenticationOAuth.TYPE_OAUTH);
            List<String> options = new ArrayList<>(2);
            if (oauth.getClientId() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, oauth.getClientId()));
            if (oauth.getTokenEndpointUri() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri()));
            if (oauth.getScope() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_SCOPE, oauth.getScope()));
            if (oauth.getAudience() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_AUDIENCE, oauth.getAudience()));
            if (oauth.isDisableTlsHostnameVerification())
                options.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, ""));
            if (!oauth.isAccessTokenIsJwt())
                options.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_ACCESS_TOKEN_IS_JWT, false));
            if (oauth.getMaxTokenExpirySeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_MAX_TOKEN_EXPIRY_SECONDS, oauth.getMaxTokenExpirySeconds()));
            if (oauth.getConnectTimeoutSeconds() != null && oauth.getConnectTimeoutSeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_CONNECT_TIMEOUT_SECONDS, oauth.getConnectTimeoutSeconds()));
            if (oauth.getReadTimeoutSeconds() != null && oauth.getReadTimeoutSeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_READ_TIMEOUT_SECONDS, oauth.getReadTimeoutSeconds()));
            properties.put(OAUTH_CONFIG, String.join(" ", options));
        }
    }
    return properties;
}
Also used : KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) HashMap(java.util.HashMap) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) ArrayList(java.util.ArrayList) List(java.util.List) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 4 with KafkaClientAuthenticationTls

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi-kafka-operator by strimzi.

the class KafkaMirrorMaker2Cluster method getEnvVars.

@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:NPathComplexity" })
@Override
protected List<EnvVar> getEnvVars() {
    List<EnvVar> varList = super.getEnvVars();
    final StringBuilder clusterAliases = new StringBuilder();
    final StringBuilder clustersTrustedCerts = new StringBuilder();
    boolean hasClusterWithTls = false;
    final StringBuilder clustersTlsAuthCerts = new StringBuilder();
    final StringBuilder clustersTlsAuthKeys = new StringBuilder();
    final StringBuilder clustersSaslPasswordFiles = new StringBuilder();
    boolean hasClusterOauthTrustedCerts = false;
    final StringBuilder clustersOauthClientSecrets = new StringBuilder();
    final StringBuilder clustersOauthAccessTokens = new StringBuilder();
    final StringBuilder clustersOauthRefreshTokens = new StringBuilder();
    for (KafkaMirrorMaker2ClusterSpec mirrorMaker2Cluster : clusters) {
        String clusterAlias = mirrorMaker2Cluster.getAlias();
        if (clusterAliases.length() > 0) {
            clusterAliases.append(";");
        }
        clusterAliases.append(clusterAlias);
        if (mirrorMaker2Cluster.getTls() != null) {
            hasClusterWithTls = true;
        }
        getClusterTrustedCerts(clustersTrustedCerts, mirrorMaker2Cluster, clusterAlias);
        KafkaClientAuthentication authentication = mirrorMaker2Cluster.getAuthentication();
        if (authentication != null) {
            if (authentication instanceof KafkaClientAuthenticationTls) {
                KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
                if (tlsAuth.getCertificateAndKey() != null) {
                    appendCluster(clustersTlsAuthCerts, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getCertificate());
                    appendCluster(clustersTlsAuthKeys, clusterAlias, () -> tlsAuth.getCertificateAndKey().getSecretName() + "/" + tlsAuth.getCertificateAndKey().getKey());
                }
            } else if (authentication instanceof KafkaClientAuthenticationPlain) {
                KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationScram) {
                KafkaClientAuthenticationScram passwordAuth = (KafkaClientAuthenticationScram) authentication;
                appendClusterPasswordSecretSource(clustersSaslPasswordFiles, clusterAlias, passwordAuth.getPasswordSecret());
            } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
                KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
                if (oauth.getTlsTrustedCertificates() != null && !oauth.getTlsTrustedCertificates().isEmpty()) {
                    hasClusterOauthTrustedCerts = true;
                }
                appendClusterOAuthSecretSource(clustersOauthClientSecrets, clusterAlias, oauth.getClientSecret());
                appendClusterOAuthSecretSource(clustersOauthAccessTokens, clusterAlias, oauth.getAccessToken());
                appendClusterOAuthSecretSource(clustersOauthRefreshTokens, clusterAlias, oauth.getRefreshToken());
            }
        }
    }
    varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_CLUSTERS, clusterAliases.toString()));
    if (hasClusterWithTls) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_CLUSTERS, "true"));
    }
    if (clustersTrustedCerts.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TRUSTED_CERTS_CLUSTERS, clustersTrustedCerts.toString()));
    }
    if (clustersTlsAuthCerts.length() > 0 || clustersTlsAuthKeys.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CLUSTERS, "true"));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_CERTS_CLUSTERS, clustersTlsAuthCerts.toString()));
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_TLS_AUTH_KEYS_CLUSTERS, clustersTlsAuthKeys.toString()));
    }
    if (clustersSaslPasswordFiles.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_SASL_PASSWORD_FILES_CLUSTERS, clustersSaslPasswordFiles.toString()));
    }
    if (hasClusterOauthTrustedCerts) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_TRUSTED_CERTS, "true"));
    }
    if (clustersOauthClientSecrets.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_CLIENT_SECRETS_CLUSTERS, clustersOauthClientSecrets.toString()));
    }
    if (clustersOauthAccessTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_ACCESS_TOKENS_CLUSTERS, clustersOauthAccessTokens.toString()));
    }
    if (clustersOauthRefreshTokens.length() > 0) {
        varList.add(buildEnvVar(ENV_VAR_KAFKA_MIRRORMAKER_2_OAUTH_REFRESH_TOKENS_CLUSTERS, clustersOauthRefreshTokens.toString()));
    }
    if (javaSystemProperties != null) {
        varList.add(buildEnvVar(ENV_VAR_STRIMZI_JAVA_SYSTEM_PROPERTIES, ModelUtils.getJavaSystemPropertiesToString(javaSystemProperties)));
    }
    return varList;
}
Also used : KafkaClientAuthentication(io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication) KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) KafkaMirrorMaker2ClusterSpec(io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Example 5 with KafkaClientAuthenticationTls

use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi by strimzi.

the class AuthenticationUtils method getClientAuthenticationProperties.

/**
 * Get a map of properties related to authentication in Kafka clients.
 *
 * @param authentication    Authentication object with auth configuration
 * @return Map of name/value pairs
 */
public static Map<String, String> getClientAuthenticationProperties(KafkaClientAuthentication authentication) {
    Map<String, String> properties = new HashMap<>(3);
    if (authentication != null) {
        if (authentication instanceof KafkaClientAuthenticationTls) {
            KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
            properties.put(TLS_AUTH_CERT, String.format("%s/%s", tlsAuth.getCertificateAndKey().getSecretName(), tlsAuth.getCertificateAndKey().getCertificate()));
            properties.put(TLS_AUTH_KEY, String.format("%s/%s", tlsAuth.getCertificateAndKey().getSecretName(), tlsAuth.getCertificateAndKey().getKey()));
        } else if (authentication instanceof KafkaClientAuthenticationPlain) {
            KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
            properties.put(SASL_USERNAME, passwordAuth.getUsername());
            properties.put(SASL_PASSWORD_FILE, String.format("%s/%s", passwordAuth.getPasswordSecret().getSecretName(), passwordAuth.getPasswordSecret().getPassword()));
            properties.put(SASL_MECHANISM, KafkaClientAuthenticationPlain.TYPE_PLAIN);
        } else if (authentication instanceof KafkaClientAuthenticationScram) {
            KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
            properties.put(SASL_USERNAME, scramAuth.getUsername());
            properties.put(SASL_PASSWORD_FILE, String.format("%s/%s", scramAuth.getPasswordSecret().getSecretName(), scramAuth.getPasswordSecret().getPassword()));
            properties.put(SASL_MECHANISM, scramAuth.getType());
        } else if (authentication instanceof KafkaClientAuthenticationOAuth) {
            KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
            properties.put(SASL_MECHANISM, KafkaClientAuthenticationOAuth.TYPE_OAUTH);
            List<String> options = new ArrayList<>(2);
            if (oauth.getClientId() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_CLIENT_ID, oauth.getClientId()));
            if (oauth.getTokenEndpointUri() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri()));
            if (oauth.getScope() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_SCOPE, oauth.getScope()));
            if (oauth.getAudience() != null)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_AUDIENCE, oauth.getAudience()));
            if (oauth.isDisableTlsHostnameVerification())
                options.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, ""));
            if (!oauth.isAccessTokenIsJwt())
                options.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_ACCESS_TOKEN_IS_JWT, false));
            if (oauth.getMaxTokenExpirySeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_MAX_TOKEN_EXPIRY_SECONDS, oauth.getMaxTokenExpirySeconds()));
            if (oauth.getConnectTimeoutSeconds() != null && oauth.getConnectTimeoutSeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_CONNECT_TIMEOUT_SECONDS, oauth.getConnectTimeoutSeconds()));
            if (oauth.getReadTimeoutSeconds() != null && oauth.getReadTimeoutSeconds() > 0)
                options.add(String.format("%s=\"%s\"", ClientConfig.OAUTH_READ_TIMEOUT_SECONDS, oauth.getReadTimeoutSeconds()));
            properties.put(OAUTH_CONFIG, String.join(" ", options));
        }
    }
    return properties;
}
Also used : KafkaClientAuthenticationTls(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls) KafkaClientAuthenticationOAuth(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth) HashMap(java.util.HashMap) KafkaClientAuthenticationScram(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram) ArrayList(java.util.ArrayList) List(java.util.List) KafkaClientAuthenticationPlain(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)

Aggregations

KafkaClientAuthenticationOAuth (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationOAuth)8 KafkaClientAuthenticationPlain (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlain)8 KafkaClientAuthenticationScram (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationScram)8 KafkaClientAuthenticationTls (io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls)8 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)4 KafkaClientAuthentication (io.strimzi.api.kafka.model.authentication.KafkaClientAuthentication)4 ArrayList (java.util.ArrayList)4 HashMap (java.util.HashMap)4 List (java.util.List)4 Volume (io.fabric8.kubernetes.api.model.Volume)2 VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)2 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)2 GenericSecretSource (io.strimzi.api.kafka.model.GenericSecretSource)2 KafkaJmxAuthentication (io.strimzi.api.kafka.model.KafkaJmxAuthentication)2 KafkaJmxAuthenticationPassword (io.strimzi.api.kafka.model.KafkaJmxAuthenticationPassword)2 KafkaMirrorMaker2ClusterSpec (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)2 ClientConfig (io.strimzi.kafka.oauth.client.ClientConfig)2 ServerConfig (io.strimzi.kafka.oauth.server.ServerConfig)2 Collections (java.util.Collections)2 Locale (java.util.Locale)2