use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi by strimzi.
the class AuthenticationUtils method configureClientAuthenticationVolumeMounts.
/**
* Creates the VolumeMounts used for authentication of Kafka client based components
* @param authentication Authentication object from CRD
* @param volumeMountList List where the volume mounts will be added
* @param tlsVolumeMount Path where the TLS certs should be mounted
* @param passwordVolumeMount Path where passwords should be mounted
* @param oauthCertsVolumeMount Path where the OAuth certificates would be mounted
* @param oauthVolumeNamePrefix Prefix used for OAuth volume names
* @param volumeNamePrefix Prefix used for volume mount names
* @param mountOAuthSecretVolumes Indicates whether OAuth secret volume mounts will be added to the list
* @param oauthSecretsVolumeMount Path where the OAuth secrets would be mounted
*/
public static void configureClientAuthenticationVolumeMounts(KafkaClientAuthentication authentication, List<VolumeMount> volumeMountList, String tlsVolumeMount, String passwordVolumeMount, String oauthCertsVolumeMount, String oauthVolumeNamePrefix, String volumeNamePrefix, boolean mountOAuthSecretVolumes, String oauthSecretsVolumeMount) {
if (authentication != null) {
if (authentication instanceof KafkaClientAuthenticationTls) {
KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
// skipping if a volume mount with same Secret name was already added
if (!volumeMountList.stream().anyMatch(vm -> vm.getName().equals(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName()))) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName(), tlsVolumeMount + tlsAuth.getCertificateAndKey().getSecretName()));
}
} else if (authentication instanceof KafkaClientAuthenticationPlain) {
KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + passwordAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + passwordAuth.getPasswordSecret().getSecretName()));
} else if (authentication instanceof KafkaClientAuthenticationScram) {
KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + scramAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + scramAuth.getPasswordSecret().getSecretName()));
} else if (authentication instanceof KafkaClientAuthenticationOAuth) {
KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
volumeMountList.addAll(configureOauthCertificateVolumeMounts(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), oauthCertsVolumeMount));
if (mountOAuthSecretVolumes) {
if (oauth.getClientSecret() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getClientSecret().getSecretName(), oauthSecretsVolumeMount + oauth.getClientSecret().getSecretName()));
}
if (oauth.getAccessToken() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getAccessToken().getSecretName(), oauthSecretsVolumeMount + oauth.getAccessToken().getSecretName()));
}
if (oauth.getRefreshToken() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getRefreshToken().getSecretName(), oauthSecretsVolumeMount + oauth.getRefreshToken().getSecretName()));
}
}
}
}
}
use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi-kafka-operator by strimzi.
the class AuthenticationUtils method configureClientAuthenticationVolumeMounts.
/**
* Creates the VolumeMounts used for authentication of Kafka client based components
* @param authentication Authentication object from CRD
* @param volumeMountList List where the volume mounts will be added
* @param tlsVolumeMount Path where the TLS certs should be mounted
* @param passwordVolumeMount Path where passwords should be mounted
* @param oauthCertsVolumeMount Path where the OAuth certificates would be mounted
* @param oauthVolumeNamePrefix Prefix used for OAuth volume names
* @param volumeNamePrefix Prefix used for volume mount names
* @param mountOAuthSecretVolumes Indicates whether OAuth secret volume mounts will be added to the list
* @param oauthSecretsVolumeMount Path where the OAuth secrets would be mounted
*/
public static void configureClientAuthenticationVolumeMounts(KafkaClientAuthentication authentication, List<VolumeMount> volumeMountList, String tlsVolumeMount, String passwordVolumeMount, String oauthCertsVolumeMount, String oauthVolumeNamePrefix, String volumeNamePrefix, boolean mountOAuthSecretVolumes, String oauthSecretsVolumeMount) {
if (authentication != null) {
if (authentication instanceof KafkaClientAuthenticationTls) {
KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
// skipping if a volume mount with same Secret name was already added
if (!volumeMountList.stream().anyMatch(vm -> vm.getName().equals(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName()))) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + tlsAuth.getCertificateAndKey().getSecretName(), tlsVolumeMount + tlsAuth.getCertificateAndKey().getSecretName()));
}
} else if (authentication instanceof KafkaClientAuthenticationPlain) {
KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + passwordAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + passwordAuth.getPasswordSecret().getSecretName()));
} else if (authentication instanceof KafkaClientAuthenticationScram) {
KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + scramAuth.getPasswordSecret().getSecretName(), passwordVolumeMount + scramAuth.getPasswordSecret().getSecretName()));
} else if (authentication instanceof KafkaClientAuthenticationOAuth) {
KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
volumeMountList.addAll(configureOauthCertificateVolumeMounts(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), oauthCertsVolumeMount));
if (mountOAuthSecretVolumes) {
if (oauth.getClientSecret() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getClientSecret().getSecretName(), oauthSecretsVolumeMount + oauth.getClientSecret().getSecretName()));
}
if (oauth.getAccessToken() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getAccessToken().getSecretName(), oauthSecretsVolumeMount + oauth.getAccessToken().getSecretName()));
}
if (oauth.getRefreshToken() != null) {
volumeMountList.add(VolumeUtils.createVolumeMount(volumeNamePrefix + oauth.getRefreshToken().getSecretName(), oauthSecretsVolumeMount + oauth.getRefreshToken().getSecretName()));
}
}
}
}
}
use of io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationTls in project strimzi-kafka-operator by strimzi.
the class AuthenticationUtils method configureClientAuthenticationVolumes.
/**
* Creates the Volumes used for authentication of Kafka client based components
*
* @param authentication Authentication object from CRD
* @param volumeList List where the volumes will be added
* @param oauthVolumeNamePrefix Prefix used for OAuth volumes
* @param isOpenShift Indicates whether we run on OpenShift or not
* @param volumeNamePrefix Prefix used for volume names
* @param createOAuthSecretVolumes Indicates whether OAuth secret volumes will be added to the list
*/
public static void configureClientAuthenticationVolumes(KafkaClientAuthentication authentication, List<Volume> volumeList, String oauthVolumeNamePrefix, boolean isOpenShift, String volumeNamePrefix, boolean createOAuthSecretVolumes) {
if (authentication != null) {
if (authentication instanceof KafkaClientAuthenticationTls) {
KafkaClientAuthenticationTls tlsAuth = (KafkaClientAuthenticationTls) authentication;
addNewVolume(volumeList, volumeNamePrefix, tlsAuth.getCertificateAndKey().getSecretName(), isOpenShift);
} else if (authentication instanceof KafkaClientAuthenticationPlain) {
KafkaClientAuthenticationPlain passwordAuth = (KafkaClientAuthenticationPlain) authentication;
addNewVolume(volumeList, volumeNamePrefix, passwordAuth.getPasswordSecret().getSecretName(), isOpenShift);
} else if (authentication instanceof KafkaClientAuthenticationScram) {
KafkaClientAuthenticationScram scramAuth = (KafkaClientAuthenticationScram) authentication;
addNewVolume(volumeList, volumeNamePrefix, scramAuth.getPasswordSecret().getSecretName(), isOpenShift);
} else if (authentication instanceof KafkaClientAuthenticationOAuth) {
KafkaClientAuthenticationOAuth oauth = (KafkaClientAuthenticationOAuth) authentication;
volumeList.addAll(configureOauthCertificateVolumes(oauthVolumeNamePrefix, oauth.getTlsTrustedCertificates(), isOpenShift));
if (createOAuthSecretVolumes) {
if (oauth.getClientSecret() != null) {
addNewVolume(volumeList, volumeNamePrefix, oauth.getClientSecret().getSecretName(), isOpenShift);
}
if (oauth.getAccessToken() != null) {
addNewVolume(volumeList, volumeNamePrefix, oauth.getAccessToken().getSecretName(), isOpenShift);
}
if (oauth.getRefreshToken() != null) {
addNewVolume(volumeList, volumeNamePrefix, oauth.getRefreshToken().getSecretName(), isOpenShift);
}
}
}
}
}
Aggregations