Examples with KafkaListenerAuthentication io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication used on opensource projects

Search in sources :

Example 1 with KafkaListenerAuthentication

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication in project strimzi-kafka-operator by strimzi.

the class KafkaBrokerConfigurationBuilder method configureAuthentication.

/**
 * Configures authentication for a Kafka listener. This method is used only internally.
 *
 * @param listenerName  Name of the listener as used in the Kafka broker configuration file.
 * @param securityProtocol  List of security protocols enabled int he broker. The method will add the security
 *                          protocol configuration for this listener to this list (e.g. SASL_PLAINTEXT).
 * @param tls   Flag whether this protocol is using TLS or not
 * @param auth  The authentication confgiuration from the Kafka CR
 */
private void configureAuthentication(String listenerName, List<String> securityProtocol, boolean tls, KafkaListenerAuthentication auth) {
    String listenerNameInProperty = listenerName.toLowerCase(Locale.ENGLISH);
    String listenerNameInEnvVar = listenerName.replace("-", "_");
    if (auth instanceof KafkaListenerAuthenticationOAuth) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) auth;
        List<String> options = new ArrayList<>();
        options.addAll(getOAuthOptions(oauth));
        if (oauth.getClientSecret() != null) {
            options.add("oauth.client.secret=\"${STRIMZI_" + listenerNameInEnvVar + "_OAUTH_CLIENT_SECRET}\"");
        }
        if (oauth.getTlsTrustedCertificates() != null && oauth.getTlsTrustedCertificates().size() > 0) {
            options.add(String.format("oauth.ssl.truststore.location=\"/tmp/kafka/oauth-%s.truststore.p12\"", listenerNameInProperty));
            options.add("oauth.ssl.truststore.password=\"${CERTS_STORE_PASSWORD}\"");
            options.add("oauth.ssl.truststore.type=\"PKCS12\"");
        }
        StringBuilder enabledMechanisms = new StringBuilder();
        if (oauth.isEnableOauthBearer()) {
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub=\"thePrincipalName\" %s;", listenerNameInProperty, String.join(" ", options)));
            enabledMechanisms.append("OAUTHBEARER");
        }
        if (oauth.isEnablePlain()) {
            addOption(options, ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri());
            writer.println(String.format("listener.name.%s.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required %s;", listenerNameInProperty, String.join(" ", options)));
            if (enabledMechanisms.length() > 0) {
                enabledMechanisms.append(",");
            }
            enabledMechanisms.append("PLAIN");
        }
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=%s", listenerNameInProperty, enabledMechanisms));
        if (oauth.getMaxSecondsWithoutReauthentication() != null) {
            writer.println(String.format("listener.name.%s.connections.max.reauth.ms=%s", listenerNameInProperty, 1000 * oauth.getMaxSecondsWithoutReauthentication()));
        }
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationScramSha512) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        writer.println(String.format("listener.name.%s.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=SCRAM-SHA-512", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationTls) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
        writer.println(String.format("listener.name.%s.ssl.client.auth=required", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.location=/tmp/kafka/clients.truststore.p12", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.password=${CERTS_STORE_PASSWORD}", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.type=PKCS12", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationCustom) {
        KafkaListenerAuthenticationCustom customAuth = (KafkaListenerAuthenticationCustom) auth;
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, customAuth.isSasl())));
        KafkaListenerCustomAuthConfiguration config = new KafkaListenerCustomAuthConfiguration(reconciliation, customAuth.getListenerConfig().entrySet());
        config.asOrderedProperties().asMap().forEach((key, value) -> writer.println(String.format("listener.name.%s.%s=%s", listenerNameInProperty, key, value)));
    } else {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
    }
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Rack(io.strimzi.api.kafka.model.Rack) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) ArrayList(java.util.ArrayList) KafkaAuthorizationCustom(io.strimzi.api.kafka.model.KafkaAuthorizationCustom) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) GenericKafkaListenerConfiguration(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration) Locale(java.util.Locale) Duration(java.time.Duration) KafkaAuthorizationOpa(io.strimzi.api.kafka.model.KafkaAuthorizationOpa) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) PrintWriter(java.io.PrintWriter) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) StringWriter(java.io.StringWriter) ServerPlainConfig(io.strimzi.kafka.oauth.server.plain.ServerPlainConfig) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) Collectors(java.util.stream.Collectors) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationSimple(io.strimzi.api.kafka.model.KafkaAuthorizationSimple) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Example 2 with KafkaListenerAuthentication

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilder method configureAuthentication.

/**
 * Configures authentication for a Kafka listener. This method is used only internally.
 *
 * @param listenerName  Name of the listener as used in the Kafka broker configuration file.
 * @param securityProtocol  List of security protocols enabled int he broker. The method will add the security
 *                          protocol configuration for this listener to this list (e.g. SASL_PLAINTEXT).
 * @param tls   Flag whether this protocol is using TLS or not
 * @param auth  The authentication confgiuration from the Kafka CR
 */
private void configureAuthentication(String listenerName, List<String> securityProtocol, boolean tls, KafkaListenerAuthentication auth) {
    String listenerNameInProperty = listenerName.toLowerCase(Locale.ENGLISH);
    String listenerNameInEnvVar = listenerName.replace("-", "_");
    if (auth instanceof KafkaListenerAuthenticationOAuth) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) auth;
        List<String> options = new ArrayList<>();
        options.addAll(getOAuthOptions(oauth));
        if (oauth.getClientSecret() != null) {
            options.add("oauth.client.secret=\"${STRIMZI_" + listenerNameInEnvVar + "_OAUTH_CLIENT_SECRET}\"");
        }
        if (oauth.getTlsTrustedCertificates() != null && oauth.getTlsTrustedCertificates().size() > 0) {
            options.add(String.format("oauth.ssl.truststore.location=\"/tmp/kafka/oauth-%s.truststore.p12\"", listenerNameInProperty));
            options.add("oauth.ssl.truststore.password=\"${CERTS_STORE_PASSWORD}\"");
            options.add("oauth.ssl.truststore.type=\"PKCS12\"");
        }
        StringBuilder enabledMechanisms = new StringBuilder();
        if (oauth.isEnableOauthBearer()) {
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub=\"thePrincipalName\" %s;", listenerNameInProperty, String.join(" ", options)));
            enabledMechanisms.append("OAUTHBEARER");
        }
        if (oauth.isEnablePlain()) {
            addOption(options, ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri());
            writer.println(String.format("listener.name.%s.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required %s;", listenerNameInProperty, String.join(" ", options)));
            if (enabledMechanisms.length() > 0) {
                enabledMechanisms.append(",");
            }
            enabledMechanisms.append("PLAIN");
        }
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=%s", listenerNameInProperty, enabledMechanisms));
        if (oauth.getMaxSecondsWithoutReauthentication() != null) {
            writer.println(String.format("listener.name.%s.connections.max.reauth.ms=%s", listenerNameInProperty, 1000 * oauth.getMaxSecondsWithoutReauthentication()));
        }
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationScramSha512) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        writer.println(String.format("listener.name.%s.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=SCRAM-SHA-512", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationTls) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
        writer.println(String.format("listener.name.%s.ssl.client.auth=required", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.location=/tmp/kafka/clients.truststore.p12", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.password=${CERTS_STORE_PASSWORD}", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.type=PKCS12", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationCustom) {
        KafkaListenerAuthenticationCustom customAuth = (KafkaListenerAuthenticationCustom) auth;
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, customAuth.isSasl())));
        KafkaListenerCustomAuthConfiguration config = new KafkaListenerCustomAuthConfiguration(reconciliation, customAuth.getListenerConfig().entrySet());
        config.asOrderedProperties().asMap().forEach((key, value) -> writer.println(String.format("listener.name.%s.%s=%s", listenerNameInProperty, key, value)));
    } else {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
    }
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Rack(io.strimzi.api.kafka.model.Rack) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) ArrayList(java.util.ArrayList) KafkaAuthorizationCustom(io.strimzi.api.kafka.model.KafkaAuthorizationCustom) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) GenericKafkaListenerConfiguration(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration) Locale(java.util.Locale) Duration(java.time.Duration) KafkaAuthorizationOpa(io.strimzi.api.kafka.model.KafkaAuthorizationOpa) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) PrintWriter(java.io.PrintWriter) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) StringWriter(java.io.StringWriter) ServerPlainConfig(io.strimzi.kafka.oauth.server.plain.ServerPlainConfig) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) Collectors(java.util.stream.Collectors) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationSimple(io.strimzi.api.kafka.model.KafkaAuthorizationSimple) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Example 3 with KafkaListenerAuthentication

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication in project strimzi by strimzi.

the class HttpBridgeKafkaExternalListenersST method testWeirdUsername.

@SuppressWarnings({ "checkstyle:MethodLength" })
private void testWeirdUsername(ExtensionContext extensionContext, String weirdUserName, KafkaListenerAuthentication auth, KafkaBridgeSpec spec, SecurityProtocol securityProtocol) {
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3, 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(auth).build(), new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(auth).build()).endKafka().endSpec().build());
    BridgeClients kafkaBridgeClientJob = new BridgeClientsBuilder().withProducerName(clusterName + "-" + producerName).withConsumerName(clusterName + "-" + consumerName).withBootstrapAddress(KafkaBridgeResources.serviceName(clusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withPort(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNamespaceName(namespace).build();
    // Create topic
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).editMetadata().withNamespace(namespace).endMetadata().build());
    // Create user
    if (auth.getType().equals(Constants.TLS_LISTENER_DEFAULT_NAME)) {
        resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, weirdUserName).editMetadata().withNamespace(namespace).endMetadata().build());
    } else {
        resourceManager.createResource(extensionContext, KafkaUserTemplates.scramShaUser(clusterName, weirdUserName).editMetadata().withNamespace(namespace).endMetadata().build());
    }
    final String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(namespace, true, kafkaClientsName).build());
    // Deploy http bridge
    resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(clusterName, KafkaResources.tlsBootstrapAddress(clusterName), 1).editMetadata().withNamespace(namespace).endMetadata().withNewSpecLike(spec).withBootstrapServers(KafkaResources.tlsBootstrapAddress(clusterName)).withNewHttp(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNewConsumer().addToConfig(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest").endConsumer().endSpec().build());
    final Service service = KafkaBridgeUtils.createBridgeNodePortService(clusterName, namespace, BRIDGE_EXTERNAL_SERVICE);
    ServiceResource.createServiceResource(extensionContext, service, namespace);
    resourceManager.createResource(extensionContext, kafkaBridgeClientJob.consumerStrimziBridge());
    final String kafkaProducerExternalName = "kafka-producer-external" + new Random().nextInt(Integer.MAX_VALUE);
    final List<ListenerStatus> listenerStatusList = KafkaResource.kafkaClient().inNamespace(namespace).withName(clusterName).get().getStatus().getListeners();
    final String externalBootstrapServers = listenerStatusList.stream().filter(listener -> listener.getType().equals(Constants.EXTERNAL_LISTENER_DEFAULT_NAME)).findFirst().orElseThrow(RuntimeException::new).getBootstrapServers();
    final KafkaClients externalKafkaProducer = new KafkaClientsBuilder().withProducerName(kafkaProducerExternalName).withBootstrapAddress(externalBootstrapServers).withNamespaceName(namespace).withTopicName(topicName).withMessageCount(100).build();
    if (auth.getType().equals(Constants.TLS_LISTENER_DEFAULT_NAME)) {
        // tls producer
        resourceManager.createResource(extensionContext, externalKafkaProducer.producerTlsStrimzi(clusterName, weirdUserName));
    } else {
        // scram-sha producer
        resourceManager.createResource(extensionContext, externalKafkaProducer.producerScramShaStrimzi(clusterName, weirdUserName));
    }
    ClientUtils.waitForClientSuccess(kafkaProducerExternalName, namespace, MESSAGE_COUNT);
    // delete kafka producer job
    JobUtils.deleteJobWithWait(namespace, kafkaProducerExternalName);
    ClientUtils.waitForClientSuccess(clusterName + "-" + consumerName, namespace, MESSAGE_COUNT);
}
Also used : AbstractST(io.strimzi.systemtest.AbstractST) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) Random(java.util.Random) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Service(io.fabric8.kubernetes.api.model.Service) KafkaBridgeUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaBridgeUtils) Tag(org.junit.jupiter.api.Tag) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ServiceResource(io.strimzi.systemtest.resources.kubernetes.ServiceResource) KafkaBridgeResources(io.strimzi.api.kafka.model.KafkaBridgeResources) KafkaBridgeSpecBuilder(io.strimzi.api.kafka.model.KafkaBridgeSpecBuilder) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) JobUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.JobUtils) Constants(io.strimzi.systemtest.Constants) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) ConsumerConfig(org.apache.kafka.clients.consumer.ConsumerConfig) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) KafkaBridgeSpec(io.strimzi.api.kafka.model.KafkaBridgeSpec) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) ListenerStatus(io.strimzi.api.kafka.model.status.ListenerStatus) List(java.util.List) Logger(org.apache.logging.log4j.Logger) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) BRIDGE(io.strimzi.systemtest.Constants.BRIDGE) BridgeClients(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients) BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder) KafkaBridgeTemplates(io.strimzi.systemtest.templates.crd.KafkaBridgeTemplates) LogManager(org.apache.logging.log4j.LogManager) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) ListenerStatus(io.strimzi.api.kafka.model.status.ListenerStatus) BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder) Random(java.util.Random) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Service(io.fabric8.kubernetes.api.model.Service) BridgeClients(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients)

Example 4 with KafkaListenerAuthentication

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication in project strimzi-kafka-operator by strimzi.

the class HttpBridgeKafkaExternalListenersST method testWeirdUsername.

@SuppressWarnings({ "checkstyle:MethodLength" })
private void testWeirdUsername(ExtensionContext extensionContext, String weirdUserName, KafkaListenerAuthentication auth, KafkaBridgeSpec spec, SecurityProtocol securityProtocol) {
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3, 1).editMetadata().withNamespace(namespace).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(auth).build(), new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(auth).build()).endKafka().endSpec().build());
    BridgeClients kafkaBridgeClientJob = new BridgeClientsBuilder().withProducerName(clusterName + "-" + producerName).withConsumerName(clusterName + "-" + consumerName).withBootstrapAddress(KafkaBridgeResources.serviceName(clusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withPort(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNamespaceName(namespace).build();
    // Create topic
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).editMetadata().withNamespace(namespace).endMetadata().build());
    // Create user
    if (auth.getType().equals(Constants.TLS_LISTENER_DEFAULT_NAME)) {
        resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, weirdUserName).editMetadata().withNamespace(namespace).endMetadata().build());
    } else {
        resourceManager.createResource(extensionContext, KafkaUserTemplates.scramShaUser(clusterName, weirdUserName).editMetadata().withNamespace(namespace).endMetadata().build());
    }
    final String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(namespace, true, kafkaClientsName).build());
    // Deploy http bridge
    resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(clusterName, KafkaResources.tlsBootstrapAddress(clusterName), 1).editMetadata().withNamespace(namespace).endMetadata().withNewSpecLike(spec).withBootstrapServers(KafkaResources.tlsBootstrapAddress(clusterName)).withNewHttp(Constants.HTTP_BRIDGE_DEFAULT_PORT).withNewConsumer().addToConfig(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest").endConsumer().endSpec().build());
    final Service service = KafkaBridgeUtils.createBridgeNodePortService(clusterName, namespace, BRIDGE_EXTERNAL_SERVICE);
    ServiceResource.createServiceResource(extensionContext, service, namespace);
    resourceManager.createResource(extensionContext, kafkaBridgeClientJob.consumerStrimziBridge());
    final String kafkaProducerExternalName = "kafka-producer-external" + new Random().nextInt(Integer.MAX_VALUE);
    final List<ListenerStatus> listenerStatusList = KafkaResource.kafkaClient().inNamespace(namespace).withName(clusterName).get().getStatus().getListeners();
    final String externalBootstrapServers = listenerStatusList.stream().filter(listener -> listener.getType().equals(Constants.EXTERNAL_LISTENER_DEFAULT_NAME)).findFirst().orElseThrow(RuntimeException::new).getBootstrapServers();
    final KafkaClients externalKafkaProducer = new KafkaClientsBuilder().withProducerName(kafkaProducerExternalName).withBootstrapAddress(externalBootstrapServers).withNamespaceName(namespace).withTopicName(topicName).withMessageCount(100).build();
    if (auth.getType().equals(Constants.TLS_LISTENER_DEFAULT_NAME)) {
        // tls producer
        resourceManager.createResource(extensionContext, externalKafkaProducer.producerTlsStrimzi(clusterName, weirdUserName));
    } else {
        // scram-sha producer
        resourceManager.createResource(extensionContext, externalKafkaProducer.producerScramShaStrimzi(clusterName, weirdUserName));
    }
    ClientUtils.waitForClientSuccess(kafkaProducerExternalName, namespace, MESSAGE_COUNT);
    // delete kafka producer job
    JobUtils.deleteJobWithWait(namespace, kafkaProducerExternalName);
    ClientUtils.waitForClientSuccess(clusterName + "-" + consumerName, namespace, MESSAGE_COUNT);
}
Also used : AbstractST(io.strimzi.systemtest.AbstractST) ParallelTest(io.strimzi.systemtest.annotations.ParallelTest) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) Random(java.util.Random) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Service(io.fabric8.kubernetes.api.model.Service) KafkaBridgeUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaBridgeUtils) Tag(org.junit.jupiter.api.Tag) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ServiceResource(io.strimzi.systemtest.resources.kubernetes.ServiceResource) KafkaBridgeResources(io.strimzi.api.kafka.model.KafkaBridgeResources) KafkaBridgeSpecBuilder(io.strimzi.api.kafka.model.KafkaBridgeSpecBuilder) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) JobUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.JobUtils) Constants(io.strimzi.systemtest.Constants) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) ConsumerConfig(org.apache.kafka.clients.consumer.ConsumerConfig) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) KafkaBridgeSpec(io.strimzi.api.kafka.model.KafkaBridgeSpec) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) ListenerStatus(io.strimzi.api.kafka.model.status.ListenerStatus) List(java.util.List) Logger(org.apache.logging.log4j.Logger) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) BRIDGE(io.strimzi.systemtest.Constants.BRIDGE) BridgeClients(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients) BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder) KafkaBridgeTemplates(io.strimzi.systemtest.templates.crd.KafkaBridgeTemplates) LogManager(org.apache.logging.log4j.LogManager) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) ListenerStatus(io.strimzi.api.kafka.model.status.ListenerStatus) BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder) Random(java.util.Random) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Service(io.fabric8.kubernetes.api.model.Service) BridgeClients(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients)

Aggregations

KafkaResources (io.strimzi.api.kafka.model.KafkaResources)4 KafkaListenerAuthentication (io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication)4 KafkaListenerAuthenticationScramSha512 (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)4 KafkaListenerAuthenticationTls (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)4 List (java.util.List)4 Service (io.fabric8.kubernetes.api.model.Service)2 CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)2 KafkaBridgeResources (io.strimzi.api.kafka.model.KafkaBridgeResources)2 KafkaBridgeSpec (io.strimzi.api.kafka.model.KafkaBridgeSpec)2 KafkaBridgeSpecBuilder (io.strimzi.api.kafka.model.KafkaBridgeSpecBuilder)2 PasswordSecretSource (io.strimzi.api.kafka.model.PasswordSecretSource)2 GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)2 KafkaListenerType (io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)2 ListenerStatus (io.strimzi.api.kafka.model.status.ListenerStatus)2 AbstractST (io.strimzi.systemtest.AbstractST)2 Constants (io.strimzi.systemtest.Constants)2 BRIDGE (io.strimzi.systemtest.Constants.BRIDGE)2 EXTERNAL_CLIENTS_USED (io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED)2 NODEPORT_SUPPORTED (io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED)2 REGRESSION (io.strimzi.systemtest.Constants.REGRESSION)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial