use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testCustomAuthConfigSetProtocolMapCorrectlyForPlainSasl.
@ParallelTest
public void testCustomAuthConfigSetProtocolMapCorrectlyForPlainSasl() {
GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("CUSTOM-LISTENER").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withNewKafkaListenerAuthenticationCustomAuth().withSasl(true).withListenerConfig(Map.of()).endKafkaListenerAuthenticationCustomAuth().build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
assertThat(configuration, configuration.contains("listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,CUSTOM-LISTENER-9092:SASL_PLAINTEXT"));
}
use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testWithPlainListenersWithSaslAuth.
@ParallelTest
public void testWithPlainListenersWithSaslAuth() {
GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withNewKafkaListenerAuthenticationScramSha512Auth().endKafkaListenerAuthenticationScramSha512Auth().build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,PLAIN-9092://0.0.0.0:9092", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,PLAIN-9092://${STRIMZI_PLAIN_9092_ADVERTISED_HOSTNAME}:${STRIMZI_PLAIN_9092_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,PLAIN-9092:SASL_PLAINTEXT", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "listener.name.plain-9092.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required;", "listener.name.plain-9092.sasl.enabled.mechanisms=SCRAM-SHA-512"));
}
use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testConnectionLimits.
@ParallelTest
public void testConnectionLimits() {
GenericKafkaListener listener1 = new GenericKafkaListenerBuilder().withName("listener1").withPort(9100).withType(KafkaListenerType.INTERNAL).withTls(false).withNewConfiguration().withMaxConnections(100).withMaxConnectionCreationRate(10).endConfiguration().build();
GenericKafkaListener listener2 = new GenericKafkaListenerBuilder().withName("listener2").withPort(9101).withType(KafkaListenerType.INTERNAL).withTls(false).withNewConfiguration().withMaxConnections(1000).withMaxConnectionCreationRate(50).endConfiguration().build();
GenericKafkaListener listener3 = new GenericKafkaListenerBuilder().withName("listener3").withPort(9102).withType(KafkaListenerType.INTERNAL).withTls(false).withNewConfiguration().endConfiguration().build();
GenericKafkaListener listener4 = new GenericKafkaListenerBuilder().withName("listener4").withPort(9103).withType(KafkaListenerType.INTERNAL).withTls(false).build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", asList(listener1, listener2, listener3, listener4), false).build();
assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listener.name.listener1-9100.max.connections=100", "listener.name.listener1-9100.max.connection.creation.rate=10", "listener.name.listener2-9101.max.connections=1000", "listener.name.listener2-9101.max.connection.creation.rate=50", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,LISTENER1-9100://0.0.0.0:9100,LISTENER2-9101://0.0.0.0:9101,LISTENER3-9102://0.0.0.0:9102,LISTENER4-9103://0.0.0.0:9103", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,LISTENER1-9100://${STRIMZI_LISTENER1_9100_ADVERTISED_HOSTNAME}:${STRIMZI_LISTENER1_9100_ADVERTISED_PORT},LISTENER2-9101://${STRIMZI_LISTENER2_9101_ADVERTISED_HOSTNAME}:${STRIMZI_LISTENER2_9101_ADVERTISED_PORT},LISTENER3-9102://${STRIMZI_LISTENER3_9102_ADVERTISED_HOSTNAME}:${STRIMZI_LISTENER3_9102_ADVERTISED_PORT},LISTENER4-9103://${STRIMZI_LISTENER4_9103_ADVERTISED_HOSTNAME}:${STRIMZI_LISTENER4_9103_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,LISTENER1-9100:PLAINTEXT,LISTENER2-9101:PLAINTEXT,LISTENER3-9102:PLAINTEXT,LISTENER4-9103:PLAINTEXT", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS"));
}
use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testWithExternalRouteListenersWithCustomCerts.
@ParallelTest
public void testWithExternalRouteListenersWithCustomCerts() {
GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.ROUTE).withTls(true).withNewConfiguration().withNewBrokerCertChainAndKey().withSecretName("my-secret").withKey("my.key").withCertificate("my.crt").endBrokerCertChainAndKey().endConfiguration().build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,EXTERNAL-9094://0.0.0.0:9094", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,EXTERNAL-9094://${STRIMZI_EXTERNAL_9094_ADVERTISED_HOSTNAME}:${STRIMZI_EXTERNAL_9094_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,EXTERNAL-9094:SSL", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "listener.name.external-9094.ssl.keystore.location=/tmp/kafka/custom-external-9094.keystore.p12", "listener.name.external-9094.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.external-9094.ssl.keystore.type=PKCS12"));
}
use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener in project strimzi-kafka-operator by strimzi.
the class KafkaBrokerConfigurationBuilderTest method testOauthConfigurationWithPlainOnly.
@ParallelTest
public void testOauthConfigurationWithPlainOnly() {
GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withNewKafkaListenerAuthenticationOAuth().withValidIssuerUri("http://valid-issuer").withJwksEndpointUri("http://jwks").withUserNameClaim("preferred_username").withMaxSecondsWithoutReauthentication(3600).withJwksMinRefreshPauseSeconds(5).withEnablePlain(true).withEnableOauthBearer(false).withTokenEndpointUri("http://token").withClientAudience("kafka").withClientScope("messaging").withConnectTimeoutSeconds(30).endKafkaListenerAuthenticationOAuth().build();
String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,PLAIN-9092://0.0.0.0:9092", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,PLAIN-9092://${STRIMZI_PLAIN_9092_ADVERTISED_HOSTNAME}:${STRIMZI_PLAIN_9092_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,PLAIN-9092:SASL_PLAINTEXT", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder", "listener.name.plain-9092.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", "listener.name.plain-9092.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri=\"http://valid-issuer\" oauth.scope=\"messaging\" oauth.audience=\"kafka\" oauth.jwks.endpoint.uri=\"http://jwks\" oauth.jwks.refresh.min.pause.seconds=\"5\" oauth.username.claim=\"preferred_username\" oauth.connect.timeout.seconds=\"30\" oauth.token.endpoint.uri=\"http://token\";", "listener.name.plain-9092.sasl.enabled.mechanisms=PLAIN", "listener.name.plain-9092.connections.max.reauth.ms=3600000"));
}
Aggregations