Examples with KafkaListenerAuthenticationCustom io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom used on opensource projects

Search in sources :

Example 1 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi by strimzi.

the class KafkaCluster method getVolumeMounts.

private List<VolumeMount> getVolumeMounts() {
    List<VolumeMount> volumeMountList = new ArrayList<>();
    volumeMountList.addAll(VolumeUtils.createVolumeMounts(storage, mountPath, false));
    volumeMountList.add(createTempDirVolumeMount());
    volumeMountList.add(VolumeUtils.createVolumeMount(CLUSTER_CA_CERTS_VOLUME, CLUSTER_CA_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(BROKER_CERTS_VOLUME, BROKER_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(CLIENT_CA_CERTS_VOLUME, CLIENT_CA_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(logAndMetricsConfigVolumeName, logAndMetricsConfigMountPath));
    volumeMountList.add(VolumeUtils.createVolumeMount("ready-files", "/var/opt/kafka"));
    if (rack != null || isExposedWithNodePort()) {
        volumeMountList.add(VolumeUtils.createVolumeMount(INIT_VOLUME_NAME, INIT_VOLUME_MOUNT));
    }
    for (GenericKafkaListener listener : listeners) {
        String identifier = ListenersUtils.identifier(listener);
        if (listener.isTls() && listener.getConfiguration() != null && listener.getConfiguration().getBrokerCertChainAndKey() != null) {
            volumeMountList.add(VolumeUtils.createVolumeMount("custom-" + identifier + "-certs", "/opt/kafka/certificates/custom-" + identifier + "-certs"));
        }
        if (isListenerWithOAuth(listener)) {
            KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) listener.getAuth();
            volumeMountList.addAll(AuthenticationUtils.configureOauthCertificateVolumeMounts("oauth-" + identifier, oauth.getTlsTrustedCertificates(), OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-" + identifier + "-certs"));
        }
        if (isListenerWithCustomAuth(listener)) {
            KafkaListenerAuthenticationCustom custom = (KafkaListenerAuthenticationCustom) listener.getAuth();
            volumeMountList.addAll(AuthenticationUtils.configureGenericSecretVolumeMounts("custom-listener-" + identifier, custom.getSecrets(), CUSTOM_AUTHN_SECRETS_VOLUME_MOUNT + "/custom-listener-" + identifier));
        }
    }
    if (authorization instanceof KafkaAuthorizationKeycloak) {
        KafkaAuthorizationKeycloak keycloakAuthz = (KafkaAuthorizationKeycloak) authorization;
        volumeMountList.addAll(AuthenticationUtils.configureOauthCertificateVolumeMounts("authz-keycloak", keycloakAuthz.getTlsTrustedCertificates(), OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/authz-keycloak-certs"));
    }
    return volumeMountList;
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) ArrayList(java.util.ArrayList) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Example 2 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi-kafka-operator by strimzi.

the class KafkaBrokerConfigurationBuilder method configureAuthentication.

/**
 * Configures authentication for a Kafka listener. This method is used only internally.
 *
 * @param listenerName  Name of the listener as used in the Kafka broker configuration file.
 * @param securityProtocol  List of security protocols enabled int he broker. The method will add the security
 *                          protocol configuration for this listener to this list (e.g. SASL_PLAINTEXT).
 * @param tls   Flag whether this protocol is using TLS or not
 * @param auth  The authentication confgiuration from the Kafka CR
 */
private void configureAuthentication(String listenerName, List<String> securityProtocol, boolean tls, KafkaListenerAuthentication auth) {
    String listenerNameInProperty = listenerName.toLowerCase(Locale.ENGLISH);
    String listenerNameInEnvVar = listenerName.replace("-", "_");
    if (auth instanceof KafkaListenerAuthenticationOAuth) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) auth;
        List<String> options = new ArrayList<>();
        options.addAll(getOAuthOptions(oauth));
        if (oauth.getClientSecret() != null) {
            options.add("oauth.client.secret=\"${STRIMZI_" + listenerNameInEnvVar + "_OAUTH_CLIENT_SECRET}\"");
        }
        if (oauth.getTlsTrustedCertificates() != null && oauth.getTlsTrustedCertificates().size() > 0) {
            options.add(String.format("oauth.ssl.truststore.location=\"/tmp/kafka/oauth-%s.truststore.p12\"", listenerNameInProperty));
            options.add("oauth.ssl.truststore.password=\"${CERTS_STORE_PASSWORD}\"");
            options.add("oauth.ssl.truststore.type=\"PKCS12\"");
        }
        StringBuilder enabledMechanisms = new StringBuilder();
        if (oauth.isEnableOauthBearer()) {
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub=\"thePrincipalName\" %s;", listenerNameInProperty, String.join(" ", options)));
            enabledMechanisms.append("OAUTHBEARER");
        }
        if (oauth.isEnablePlain()) {
            addOption(options, ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri());
            writer.println(String.format("listener.name.%s.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required %s;", listenerNameInProperty, String.join(" ", options)));
            if (enabledMechanisms.length() > 0) {
                enabledMechanisms.append(",");
            }
            enabledMechanisms.append("PLAIN");
        }
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=%s", listenerNameInProperty, enabledMechanisms));
        if (oauth.getMaxSecondsWithoutReauthentication() != null) {
            writer.println(String.format("listener.name.%s.connections.max.reauth.ms=%s", listenerNameInProperty, 1000 * oauth.getMaxSecondsWithoutReauthentication()));
        }
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationScramSha512) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        writer.println(String.format("listener.name.%s.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=SCRAM-SHA-512", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationTls) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
        writer.println(String.format("listener.name.%s.ssl.client.auth=required", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.location=/tmp/kafka/clients.truststore.p12", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.password=${CERTS_STORE_PASSWORD}", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.type=PKCS12", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationCustom) {
        KafkaListenerAuthenticationCustom customAuth = (KafkaListenerAuthenticationCustom) auth;
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, customAuth.isSasl())));
        KafkaListenerCustomAuthConfiguration config = new KafkaListenerCustomAuthConfiguration(reconciliation, customAuth.getListenerConfig().entrySet());
        config.asOrderedProperties().asMap().forEach((key, value) -> writer.println(String.format("listener.name.%s.%s=%s", listenerNameInProperty, key, value)));
    } else {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
    }
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Rack(io.strimzi.api.kafka.model.Rack) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) ArrayList(java.util.ArrayList) KafkaAuthorizationCustom(io.strimzi.api.kafka.model.KafkaAuthorizationCustom) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) GenericKafkaListenerConfiguration(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration) Locale(java.util.Locale) Duration(java.time.Duration) KafkaAuthorizationOpa(io.strimzi.api.kafka.model.KafkaAuthorizationOpa) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) PrintWriter(java.io.PrintWriter) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) StringWriter(java.io.StringWriter) ServerPlainConfig(io.strimzi.kafka.oauth.server.plain.ServerPlainConfig) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) Collectors(java.util.stream.Collectors) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationSimple(io.strimzi.api.kafka.model.KafkaAuthorizationSimple) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Example 3 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilder method configureAuthentication.

/**
 * Configures authentication for a Kafka listener. This method is used only internally.
 *
 * @param listenerName  Name of the listener as used in the Kafka broker configuration file.
 * @param securityProtocol  List of security protocols enabled int he broker. The method will add the security
 *                          protocol configuration for this listener to this list (e.g. SASL_PLAINTEXT).
 * @param tls   Flag whether this protocol is using TLS or not
 * @param auth  The authentication confgiuration from the Kafka CR
 */
private void configureAuthentication(String listenerName, List<String> securityProtocol, boolean tls, KafkaListenerAuthentication auth) {
    String listenerNameInProperty = listenerName.toLowerCase(Locale.ENGLISH);
    String listenerNameInEnvVar = listenerName.replace("-", "_");
    if (auth instanceof KafkaListenerAuthenticationOAuth) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) auth;
        List<String> options = new ArrayList<>();
        options.addAll(getOAuthOptions(oauth));
        if (oauth.getClientSecret() != null) {
            options.add("oauth.client.secret=\"${STRIMZI_" + listenerNameInEnvVar + "_OAUTH_CLIENT_SECRET}\"");
        }
        if (oauth.getTlsTrustedCertificates() != null && oauth.getTlsTrustedCertificates().size() > 0) {
            options.add(String.format("oauth.ssl.truststore.location=\"/tmp/kafka/oauth-%s.truststore.p12\"", listenerNameInProperty));
            options.add("oauth.ssl.truststore.password=\"${CERTS_STORE_PASSWORD}\"");
            options.add("oauth.ssl.truststore.type=\"PKCS12\"");
        }
        StringBuilder enabledMechanisms = new StringBuilder();
        if (oauth.isEnableOauthBearer()) {
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub=\"thePrincipalName\" %s;", listenerNameInProperty, String.join(" ", options)));
            enabledMechanisms.append("OAUTHBEARER");
        }
        if (oauth.isEnablePlain()) {
            addOption(options, ServerPlainConfig.OAUTH_TOKEN_ENDPOINT_URI, oauth.getTokenEndpointUri());
            writer.println(String.format("listener.name.%s.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", listenerNameInProperty));
            writer.println(String.format("listener.name.%s.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required %s;", listenerNameInProperty, String.join(" ", options)));
            if (enabledMechanisms.length() > 0) {
                enabledMechanisms.append(",");
            }
            enabledMechanisms.append("PLAIN");
        }
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=%s", listenerNameInProperty, enabledMechanisms));
        if (oauth.getMaxSecondsWithoutReauthentication() != null) {
            writer.println(String.format("listener.name.%s.connections.max.reauth.ms=%s", listenerNameInProperty, 1000 * oauth.getMaxSecondsWithoutReauthentication()));
        }
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationScramSha512) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, true)));
        writer.println(String.format("listener.name.%s.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.sasl.enabled.mechanisms=SCRAM-SHA-512", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationTls) {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
        writer.println(String.format("listener.name.%s.ssl.client.auth=required", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.location=/tmp/kafka/clients.truststore.p12", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.password=${CERTS_STORE_PASSWORD}", listenerNameInProperty));
        writer.println(String.format("listener.name.%s.ssl.truststore.type=PKCS12", listenerNameInProperty));
        writer.println();
    } else if (auth instanceof KafkaListenerAuthenticationCustom) {
        KafkaListenerAuthenticationCustom customAuth = (KafkaListenerAuthenticationCustom) auth;
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, customAuth.isSasl())));
        KafkaListenerCustomAuthConfiguration config = new KafkaListenerCustomAuthConfiguration(reconciliation, customAuth.getListenerConfig().entrySet());
        config.asOrderedProperties().asMap().forEach((key, value) -> writer.println(String.format("listener.name.%s.%s=%s", listenerNameInProperty, key, value)));
    } else {
        securityProtocol.add(String.format("%s:%s", listenerName, getSecurityProtocol(tls, false)));
    }
}
Also used : KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Rack(io.strimzi.api.kafka.model.Rack) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) ArrayList(java.util.ArrayList) KafkaAuthorizationCustom(io.strimzi.api.kafka.model.KafkaAuthorizationCustom) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) GenericKafkaListenerConfiguration(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration) Locale(java.util.Locale) Duration(java.time.Duration) KafkaAuthorizationOpa(io.strimzi.api.kafka.model.KafkaAuthorizationOpa) KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512) PrintWriter(java.io.PrintWriter) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) StringWriter(java.io.StringWriter) ServerPlainConfig(io.strimzi.kafka.oauth.server.plain.ServerPlainConfig) ServerConfig(io.strimzi.kafka.oauth.server.ServerConfig) Collectors(java.util.stream.Collectors) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationSimple(io.strimzi.api.kafka.model.KafkaAuthorizationSimple) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Example 4 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi by strimzi.

the class KafkaCluster method getNonDataVolumes.

/**
 * Generates list of non-data volumes used by Kafka Pods. This includes tmp volumes, mounted secrets and config
 * maps.
 *
 * @param isOpenShift   Indicates whether we are on OpenShift or not
 *
 * @return              List of nondata volumes used by the ZooKeeper pods
 */
private List<Volume> getNonDataVolumes(boolean isOpenShift) {
    List<Volume> volumeList = new ArrayList<>();
    if (rack != null || isExposedWithNodePort()) {
        volumeList.add(VolumeUtils.createEmptyDirVolume(INIT_VOLUME_NAME, "1Mi", "Memory"));
    }
    volumeList.add(createTempDirVolume());
    volumeList.add(VolumeUtils.createSecretVolume(CLUSTER_CA_CERTS_VOLUME, AbstractModel.clusterCaCertSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createSecretVolume(BROKER_CERTS_VOLUME, KafkaCluster.brokersSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createSecretVolume(CLIENT_CA_CERTS_VOLUME, KafkaCluster.clientsCaCertSecretName(cluster), isOpenShift));
    volumeList.add(VolumeUtils.createConfigMapVolume(logAndMetricsConfigVolumeName, ancillaryConfigMapName));
    volumeList.add(VolumeUtils.createEmptyDirVolume("ready-files", "1Ki", "Memory"));
    for (GenericKafkaListener listener : listeners) {
        if (listener.isTls() && listener.getConfiguration() != null && listener.getConfiguration().getBrokerCertChainAndKey() != null) {
            CertAndKeySecretSource secretSource = listener.getConfiguration().getBrokerCertChainAndKey();
            Map<String, String> items = new HashMap<>(2);
            items.put(secretSource.getKey(), "tls.key");
            items.put(secretSource.getCertificate(), "tls.crt");
            volumeList.add(VolumeUtils.createSecretVolume("custom-" + ListenersUtils.identifier(listener) + "-certs", secretSource.getSecretName(), items, isOpenShift));
        }
        if (isListenerWithOAuth(listener)) {
            KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) listener.getAuth();
            volumeList.addAll(AuthenticationUtils.configureOauthCertificateVolumes("oauth-" + ListenersUtils.identifier(listener), oauth.getTlsTrustedCertificates(), isOpenShift));
        }
        if (isListenerWithCustomAuth(listener)) {
            KafkaListenerAuthenticationCustom custom = (KafkaListenerAuthenticationCustom) listener.getAuth();
            volumeList.addAll(AuthenticationUtils.configureGenericSecretVolumes("custom-listener-" + ListenersUtils.identifier(listener), custom.getSecrets(), isOpenShift));
        }
    }
    if (authorization instanceof KafkaAuthorizationKeycloak) {
        KafkaAuthorizationKeycloak keycloakAuthz = (KafkaAuthorizationKeycloak) authorization;
        volumeList.addAll(AuthenticationUtils.configureOauthCertificateVolumes("authz-keycloak", keycloakAuthz.getTlsTrustedCertificates(), isOpenShift));
    }
    return volumeList;
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Volume(io.fabric8.kubernetes.api.model.Volume) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource)

Example 5 with KafkaListenerAuthenticationCustom

use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom in project strimzi-kafka-operator by strimzi.

the class KafkaCluster method getVolumeMounts.

private List<VolumeMount> getVolumeMounts() {
    List<VolumeMount> volumeMountList = new ArrayList<>();
    volumeMountList.addAll(VolumeUtils.createVolumeMounts(storage, mountPath, false));
    volumeMountList.add(createTempDirVolumeMount());
    volumeMountList.add(VolumeUtils.createVolumeMount(CLUSTER_CA_CERTS_VOLUME, CLUSTER_CA_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(BROKER_CERTS_VOLUME, BROKER_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(CLIENT_CA_CERTS_VOLUME, CLIENT_CA_CERTS_VOLUME_MOUNT));
    volumeMountList.add(VolumeUtils.createVolumeMount(logAndMetricsConfigVolumeName, logAndMetricsConfigMountPath));
    volumeMountList.add(VolumeUtils.createVolumeMount("ready-files", "/var/opt/kafka"));
    if (rack != null || isExposedWithNodePort()) {
        volumeMountList.add(VolumeUtils.createVolumeMount(INIT_VOLUME_NAME, INIT_VOLUME_MOUNT));
    }
    for (GenericKafkaListener listener : listeners) {
        String identifier = ListenersUtils.identifier(listener);
        if (listener.isTls() && listener.getConfiguration() != null && listener.getConfiguration().getBrokerCertChainAndKey() != null) {
            volumeMountList.add(VolumeUtils.createVolumeMount("custom-" + identifier + "-certs", "/opt/kafka/certificates/custom-" + identifier + "-certs"));
        }
        if (isListenerWithOAuth(listener)) {
            KafkaListenerAuthenticationOAuth oauth = (KafkaListenerAuthenticationOAuth) listener.getAuth();
            volumeMountList.addAll(AuthenticationUtils.configureOauthCertificateVolumeMounts("oauth-" + identifier, oauth.getTlsTrustedCertificates(), OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/oauth-" + identifier + "-certs"));
        }
        if (isListenerWithCustomAuth(listener)) {
            KafkaListenerAuthenticationCustom custom = (KafkaListenerAuthenticationCustom) listener.getAuth();
            volumeMountList.addAll(AuthenticationUtils.configureGenericSecretVolumeMounts("custom-listener-" + identifier, custom.getSecrets(), CUSTOM_AUTHN_SECRETS_VOLUME_MOUNT + "/custom-listener-" + identifier));
        }
    }
    if (authorization instanceof KafkaAuthorizationKeycloak) {
        KafkaAuthorizationKeycloak keycloakAuthz = (KafkaAuthorizationKeycloak) authorization;
        volumeMountList.addAll(AuthenticationUtils.configureOauthCertificateVolumeMounts("authz-keycloak", keycloakAuthz.getTlsTrustedCertificates(), OAUTH_TRUSTED_CERTS_BASE_VOLUME_MOUNT + "/authz-keycloak-certs"));
    }
    return volumeMountList;
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) ArrayList(java.util.ArrayList) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)

Aggregations

KafkaAuthorizationKeycloak (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak)6 KafkaListenerAuthenticationCustom (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)6 KafkaListenerAuthenticationOAuth (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)6 GenericKafkaListener (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)6 ArrayList (java.util.ArrayList)6 VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)4 CertAndKeySecretSource (io.strimzi.api.kafka.model.CertAndKeySecretSource)4 Volume (io.fabric8.kubernetes.api.model.Volume)2 CruiseControlSpec (io.strimzi.api.kafka.model.CruiseControlSpec)2 KafkaAuthorization (io.strimzi.api.kafka.model.KafkaAuthorization)2 KafkaAuthorizationCustom (io.strimzi.api.kafka.model.KafkaAuthorizationCustom)2 KafkaAuthorizationOpa (io.strimzi.api.kafka.model.KafkaAuthorizationOpa)2 KafkaAuthorizationSimple (io.strimzi.api.kafka.model.KafkaAuthorizationSimple)2 KafkaResources (io.strimzi.api.kafka.model.KafkaResources)2 Rack (io.strimzi.api.kafka.model.Rack)2 KafkaListenerAuthentication (io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication)2 KafkaListenerAuthenticationScramSha512 (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)2 KafkaListenerAuthenticationTls (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)2 GenericKafkaListenerConfiguration (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfiguration)2 ServerConfig (io.strimzi.kafka.oauth.server.ServerConfig)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial