Example 1 with KafkaListenerAuthenticationOAuthBuilder
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder in project strimzi by strimzi.
the class ListenersValidatorTest method testValidateOauthPlain.
@ParallelTest
public void testValidateOauthPlain() {
KafkaListenerAuthenticationOAuthBuilder authBuilder = new KafkaListenerAuthenticationOAuthBuilder().withEnableOauthBearer(false);
GenericKafkaListenerBuilder listenerBuilder = new GenericKafkaListenerBuilder().withName("listener1").withPort(9900).withType(KafkaListenerType.INTERNAL).withAuth(authBuilder.build());
GenericKafkaListener listener = listenerBuilder.withAuth(authBuilder.build()).build();
List<GenericKafkaListener> listeners = asList(listener);
Exception exception = assertThrows(InvalidResourceException.class, () -> ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, listeners));
assertThat(exception.getMessage(), allOf(containsString("listener listener1: At least one of 'enablePlain', 'enableOauthBearer' has to be set to 'true'")));
// enable plain with neither introspectionEndpointUri nor jwksEndpointUri set
authBuilder.withEnablePlain(true);
listener = listenerBuilder.withAuth(authBuilder.build()).build();
List<GenericKafkaListener> listeners2 = asList(listener);
exception = assertThrows(InvalidResourceException.class, () -> ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, listeners2));
assertThat(exception.getMessage(), allOf(containsString("listener listener1: Introspection endpoint URI or JWKS endpoint URI has to be specified")));
// enable plain with jwksEndpointUri set but tokenEndpointUri not set
authBuilder.withJwksEndpointUri("http://localhost:8080/jwks").withCheckIssuer(false);
listener = listenerBuilder.withAuth(authBuilder.build()).build();
List<GenericKafkaListener> listeners3 = asList(listener);
assertDoesNotThrow(() -> ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, listeners3));
}
Also used :
GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 2 with KafkaListenerAuthenticationOAuthBuilder
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder in project strimzi by strimzi.
the class ListenersValidatorTest method testValidateCustomClaimCheckOauth.
@ParallelTest
public void testValidateCustomClaimCheckOauth() {
KafkaListenerAuthenticationOAuthBuilder authBuilder = new KafkaListenerAuthenticationOAuthBuilder().withCustomClaimCheck("invalid");
GenericKafkaListenerBuilder listenerBuilder = new GenericKafkaListenerBuilder().withName("listener1").withPort(9900).withType(KafkaListenerType.INTERNAL).withAuth(authBuilder.build());
GenericKafkaListener listener = listenerBuilder.withAuth(authBuilder.build()).build();
List<GenericKafkaListener> listeners = asList(listener);
Exception exception = assertThrows(InvalidResourceException.class, () -> ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, listeners));
assertThat(exception.getMessage(), allOf(containsString("listener listener1: 'customClaimCheck' value not a valid JsonPath filter query - Failed to parse filter query: \"invalid\"")));
// set valid JsonPath query
authBuilder.withCustomClaimCheck("@.valid == 'value'");
listener = listenerBuilder.withAuth(authBuilder.build()).build();
List<GenericKafkaListener> listeners2 = asList(listener);
exception = assertThrows(InvalidResourceException.class, () -> ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, listeners2));
assertThat(exception.getMessage(), allOf(not(containsString("listener listener1: 'customClaimCheck' value not a valid JsonPath filter query - Failed to parse query: \"invalid\" at position: 0"))));
}
Also used :
GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 3 with KafkaListenerAuthenticationOAuthBuilder
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder in project strimzi by strimzi.
the class KafkaClusterTest method testGenerateDeploymentWithOAuthWithClientSecret.
@ParallelTest
public void testGenerateDeploymentWithOAuthWithClientSecret() {
Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationOAuthBuilder().withClientId("my-client-id").withValidIssuerUri("http://valid-issuer").withIntrospectionEndpointUri("http://introspection").withNewClientSecret().withSecretName("my-secret-secret").withKey("my-secret-key").endClientSecret().build()).build()).endKafka().endSpec().build();
KafkaCluster kc = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
StatefulSet sts = kc.generateStatefulSet(true, null, null, null);
Container cont = sts.getSpec().getTemplate().getSpec().getContainers().get(0);
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getName(), is("my-secret-secret"));
assertThat(cont.getEnv().stream().filter(var -> "STRIMZI_PLAIN_9092_OAUTH_CLIENT_SECRET".equals(var.getName())).findFirst().orElseThrow().getValueFrom().getSecretKeyRef().getKey(), is("my-secret-key"));
}
Also used :
Container(io.fabric8.kubernetes.api.model.Container)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
Kafka(io.strimzi.api.kafka.model.Kafka)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 4 with KafkaListenerAuthenticationOAuthBuilder
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder in project strimzi by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationWithGroupsClaim.
@ParallelTest
public void testOAuthValidationWithGroupsClaim() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withValidIssuerUri("http://valid-issuer").withJwksEndpointUri("http://jwks-endpoint").withGroupsClaim("['bad'.'query']").build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 5 with KafkaListenerAuthenticationOAuthBuilder
use of io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder in project strimzi by strimzi.
the class KafkaClusterOAuthValidationTest method testOAuthValidationRefreshSecondsSetWithExpirySecondsNotSet.
@ParallelTest
public void testOAuthValidationRefreshSecondsSetWithExpirySecondsNotSet() {
assertThrows(InvalidResourceException.class, () -> {
KafkaListenerAuthenticationOAuth auth = new KafkaListenerAuthenticationOAuthBuilder().withValidIssuerUri("http://valid-issuer").withJwksEndpointUri("http://jwks-endpoint").withJwksRefreshSeconds(333).build();
ListenersValidator.validate(Reconciliation.DUMMY_RECONCILIATION, 3, getListeners(auth));
});
}
Also used :
KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)
KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Aggregations
KafkaListenerAuthenticationOAuthBuilder (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder)64
ParallelTest (io.strimzi.test.annotations.ParallelTest)64
KafkaListenerAuthenticationOAuth (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth)44
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)20
GenericKafkaListener (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)12
Kafka (io.strimzi.api.kafka.model.Kafka)10
KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)10
Container (io.fabric8.kubernetes.api.model.Container)8
StatefulSet (io.fabric8.kubernetes.api.model.apps.StatefulSet)8
ArrayList (java.util.ArrayList)8
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)6
ConfigMapKeySelectorBuilder (io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)6
ContainerPort (io.fabric8.kubernetes.api.model.ContainerPort)6
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)6
HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)6
HostAlias (io.fabric8.kubernetes.api.model.HostAlias)6
HostAliasBuilder (io.fabric8.kubernetes.api.model.HostAliasBuilder)6
IntOrString (io.fabric8.kubernetes.api.model.IntOrString)6
LabelSelectorBuilder (io.fabric8.kubernetes.api.model.LabelSelectorBuilder)6
LabelSelectorRequirementBuilder (io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder)6
