Example 16 with KafkaListenerAuthenticationOAuth
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testOAuthOptions.
@ParallelTest
public void testOAuthOptions() {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withValidIssuerUri("http://valid-issuer").withCheckIssuer(false).withCheckAudience(true).withJwksEndpointUri("http://jwks-endpoint").withIntrospectionEndpointUri("http://introspection-endpoint").withUserInfoEndpointUri("http://userinfo-endpoint").withJwksExpirySeconds(160).withJwksRefreshSeconds(50).withJwksMinRefreshPauseSeconds(5).withEnableECDSA(true).withUserNameClaim("preferred_username").withFallbackUserNameClaim("client_id").withFallbackUserNamePrefix("client-account-").withCheckAccessTokenType(false).withClientId("my-kafka-id").withAccessTokenIsJwt(false).withValidTokenType("access_token").withDisableTlsHostnameVerification(true).withMaxSecondsWithoutReauthentication(3600).withEnablePlain(true).withTokenEndpointUri("http://token").withCustomClaimCheck("@.aud && @.aud == 'something'").withConnectTimeoutSeconds(30).withReadTimeoutSeconds(60).withClientAudience("kafka").withClientScope("messaging").build();
List<String> expectedOptions = new ArrayList<>(5);
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CLIENT_ID, "my-kafka-id"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_VALID_ISSUER_URI, "http://valid-issuer"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CHECK_ISSUER, false));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CHECK_AUDIENCE, true));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CUSTOM_CLAIM_CHECK, "@.aud && @.aud == 'something'"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_SCOPE, "messaging"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_AUDIENCE, "kafka"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_JWKS_ENDPOINT_URI, "http://jwks-endpoint"));
expectedOptions.add(String.format("%s=\"%d\"", ServerConfig.OAUTH_JWKS_REFRESH_SECONDS, 50));
expectedOptions.add(String.format("%s=\"%d\"", ServerConfig.OAUTH_JWKS_EXPIRY_SECONDS, 160));
expectedOptions.add(String.format("%s=\"%d\"", ServerConfig.OAUTH_JWKS_REFRESH_MIN_PAUSE_SECONDS, 5));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_INTROSPECTION_ENDPOINT_URI, "http://introspection-endpoint"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_USERINFO_ENDPOINT_URI, "http://userinfo-endpoint"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_USERNAME_CLAIM, "preferred_username"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_FALLBACK_USERNAME_CLAIM, "client_id"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_FALLBACK_USERNAME_PREFIX, "client-account-"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_ACCESS_TOKEN_IS_JWT, false));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CHECK_ACCESS_TOKEN_TYPE, false));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_VALID_TOKEN_TYPE, "access_token"));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM, ""));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_CONNECT_TIMEOUT_SECONDS, 30));
expectedOptions.add(String.format("%s=\"%s\"", ServerConfig.OAUTH_READ_TIMEOUT_SECONDS, 60));
// enablePlain and tokenEndpointUri are handled separately from getOAuthOptions
List<String> actualOptions = KafkaBrokerConfigurationBuilder.getOAuthOptions(auth);
assertThat(actualOptions, is(equalTo(expectedOptions)));
}
Also used :
ArrayList(java.util.ArrayList)
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 17 with KafkaListenerAuthenticationOAuth
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth in project strimzi-kafka-operator by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationWithJwksMinRefreshPauseAndIntrospection.
@ParallelTest
public void testOAuthValidationWithJwksMinRefreshPauseAndIntrospection() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withJwksMinRefreshPauseSeconds(5).withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 18 with KafkaListenerAuthenticationOAuth
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth in project strimzi-kafka-operator by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationWithGroupsClaim.
@ParallelTest
public void testOAuthValidationWithGroupsClaim() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withValidIssuerUri("http://valid-issuer").withJwksEndpointUri("http://jwks-endpoint").withGroupsClaim("['bad'.'query']").build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 19 with KafkaListenerAuthenticationOAuth
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth in project strimzi-kafka-operator by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationWithJwksRefreshAndIntrospection.
@ParallelTest
public void testOAuthValidationWithJwksRefreshAndIntrospection() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withJwksRefreshSeconds(60).withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 20 with KafkaListenerAuthenticationOAuth
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth in project strimzi-kafka-operator by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationNoUriSpecified.
@ParallelTest
public void testOAuthValidationNoUriSpecified() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Aggregations
KafkaListenerAuthenticationOAuth (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)58
KafkaListenerAuthenticationOAuthBuilder (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)44
ParallelTest (io.strimzi.test.annotations.ParallelTest)44
GenericKafkaListener (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)12
ArrayList (java.util.ArrayList)10
KafkaAuthorizationKeycloak (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak)6
KafkaListenerAuthenticationCustom (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom)6
VolumeMount (io.fabric8.kubernetes.api.model.VolumeMount)4
CertAndKeySecretSource (io.strimzi.api.kafka.model.CertAndKeySecretSource)4
KafkaResources (io.strimzi.api.kafka.model.KafkaResources)4
List (java.util.List)4
Collectors (java.util.stream.Collectors)4
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)3
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)2
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)2
Volume (io.fabric8.kubernetes.api.model.Volume)2
ContainerEnvVar (io.strimzi.api.kafka.model.ContainerEnvVar)2
CruiseControlSpec (io.strimzi.api.kafka.model.CruiseControlSpec)2
KafkaAuthorization (io.strimzi.api.kafka.model.KafkaAuthorization)2
KafkaAuthorizationCustom (io.strimzi.api.kafka.model.KafkaAuthorizationCustom)2
