Search in sources :

Example 81 with GenericKafkaListenerBuilder

use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testOauthConfigurationWithPlainOnly.

@ParallelTest
public void testOauthConfigurationWithPlainOnly() {
    GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withNewKafkaListenerAuthenticationOAuth().withValidIssuerUri("http://valid-issuer").withJwksEndpointUri("http://jwks").withUserNameClaim("preferred_username").withMaxSecondsWithoutReauthentication(3600).withJwksMinRefreshPauseSeconds(5).withEnablePlain(true).withEnableOauthBearer(false).withTokenEndpointUri("http://token").withClientAudience("kafka").withClientScope("messaging").withConnectTimeoutSeconds(30).endKafkaListenerAuthenticationOAuth().build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
    assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,PLAIN-9092://0.0.0.0:9092", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,PLAIN-9092://${STRIMZI_PLAIN_9092_ADVERTISED_HOSTNAME}:${STRIMZI_PLAIN_9092_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,PLAIN-9092:SASL_PLAINTEXT", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder", "listener.name.plain-9092.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler", "listener.name.plain-9092.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri=\"http://valid-issuer\" oauth.scope=\"messaging\" oauth.audience=\"kafka\" oauth.jwks.endpoint.uri=\"http://jwks\" oauth.jwks.refresh.min.pause.seconds=\"5\" oauth.username.claim=\"preferred_username\" oauth.connect.timeout.seconds=\"30\" oauth.token.endpoint.uri=\"http://token\";", "listener.name.plain-9092.sasl.enabled.mechanisms=PLAIN", "listener.name.plain-9092.connections.max.reauth.ms=3600000"));
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 82 with GenericKafkaListenerBuilder

use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testWithExternalListenersNodePortWithTls.

@ParallelTest
public void testWithExternalListenersNodePortWithTls() {
    GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
    assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,EXTERNAL-9094://0.0.0.0:9094", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,EXTERNAL-9094://${STRIMZI_EXTERNAL_9094_ADVERTISED_HOSTNAME}:${STRIMZI_EXTERNAL_9094_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,EXTERNAL-9094:SSL", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "listener.name.external-9094.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.external-9094.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.external-9094.ssl.keystore.type=PKCS12"));
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 83 with GenericKafkaListenerBuilder

use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testOauthConfigurationWithoutOptions.

@ParallelTest
public void testOauthConfigurationWithoutOptions() {
    GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withNewKafkaListenerAuthenticationOAuth().endKafkaListenerAuthenticationOAuth().build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
    assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,PLAIN-9092://0.0.0.0:9092", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,PLAIN-9092://${STRIMZI_PLAIN_9092_ADVERTISED_HOSTNAME}:${STRIMZI_PLAIN_9092_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,PLAIN-9092:SASL_PLAINTEXT", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "listener.name.plain-9092.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler", "listener.name.plain-9092.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub=\"thePrincipalName\" ;", "listener.name.plain-9092.sasl.enabled.mechanisms=OAUTHBEARER", "principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder"));
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 84 with GenericKafkaListenerBuilder

use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder in project strimzi by strimzi.

the class KafkaBrokerConfigurationBuilderTest method testWithTlsListenersWithoutAuth.

@ParallelTest
public void testWithTlsListenersWithoutAuth() {
    GenericKafkaListener listener = new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).build();
    String configuration = new KafkaBrokerConfigurationBuilder(Reconciliation.DUMMY_RECONCILIATION).withListeners("my-cluster", "my-namespace", singletonList(listener), false).build();
    assertThat(configuration, isEquivalent("listener.name.controlplane-9090.ssl.client.auth=required", "listener.name.controlplane-9090.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.controlplane-9090.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.keystore.type=PKCS12", "listener.name.controlplane-9090.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.controlplane-9090.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.controlplane-9090.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.replication-9091.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.keystore.type=PKCS12", "listener.name.replication-9091.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12", "listener.name.replication-9091.ssl.truststore.password=${CERTS_STORE_PASSWORD}", "listener.name.replication-9091.ssl.truststore.type=PKCS12", "listener.name.replication-9091.ssl.client.auth=required", "listeners=CONTROLPLANE-9090://0.0.0.0:9090,REPLICATION-9091://0.0.0.0:9091,TLS-9093://0.0.0.0:9093", "advertised.listeners=CONTROLPLANE-9090://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9090,REPLICATION-9091://my-cluster-kafka-${STRIMZI_BROKER_ID}.my-cluster-kafka-brokers.my-namespace.svc:9091,TLS-9093://${STRIMZI_TLS_9093_ADVERTISED_HOSTNAME}:${STRIMZI_TLS_9093_ADVERTISED_PORT}", "listener.security.protocol.map=CONTROLPLANE-9090:SSL,REPLICATION-9091:SSL,TLS-9093:SSL", "inter.broker.listener.name=REPLICATION-9091", "sasl.enabled.mechanisms=", "ssl.secure.random.implementation=SHA1PRNG", "ssl.endpoint.identification.algorithm=HTTPS", "listener.name.tls-9093.ssl.keystore.location=/tmp/kafka/cluster.keystore.p12", "listener.name.tls-9093.ssl.keystore.password=${CERTS_STORE_PASSWORD}", "listener.name.tls-9093.ssl.keystore.type=PKCS12"));
}
Also used : GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 85 with GenericKafkaListenerBuilder

use of io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaClusterTest method testCustomCertificateTls.

@ParallelTest
public void testCustomCertificateTls() {
    String cert = "my-external-cert.crt";
    String key = "my.key";
    String secret = "my-secret";
    Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewConfiguration().withNewBrokerCertChainAndKey().withCertificate(cert).withKey(key).withSecretName(secret).endBrokerCertChainAndKey().endConfiguration().build()).endKafka().endSpec().build();
    KafkaCluster kc = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    StatefulSet sts = kc.generateStatefulSet(true, null, null, null);
    Volume vol = sts.getSpec().getTemplate().getSpec().getVolumes().stream().filter(v -> "custom-tls-9093-certs".equals(v.getName())).findFirst().orElse(null);
    assertThat(vol, is(notNullValue()));
    assertThat(vol.getSecret().getSecretName(), is(secret));
    assertThat(vol.getSecret().getItems().get(0).getKey(), is(key));
    assertThat(vol.getSecret().getItems().get(0).getPath(), is("tls.key"));
    assertThat(vol.getSecret().getItems().get(1).getKey(), is(cert));
    assertThat(vol.getSecret().getItems().get(1).getPath(), is("tls.crt"));
    VolumeMount mount = sts.getSpec().getTemplate().getSpec().getContainers().get(0).getVolumeMounts().stream().filter(v -> "custom-tls-9093-certs".equals(v.getName())).findFirst().orElse(null);
    assertThat(mount, is(notNullValue()));
    assertThat(mount.getName(), is("custom-tls-9093-certs"));
    assertThat(mount.getMountPath(), is("/opt/kafka/certificates/custom-tls-9093-certs"));
}
Also used : GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Volume(io.fabric8.kubernetes.api.model.Volume) Kafka(io.strimzi.api.kafka.model.Kafka) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Matchers.containsString(org.hamcrest.Matchers.containsString) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)355 ParallelTest (io.strimzi.test.annotations.ParallelTest)180 KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)126 Kafka (io.strimzi.api.kafka.model.Kafka)124 GenericKafkaListener (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)110 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)110 Tag (org.junit.jupiter.api.Tag)86 ParallelNamespaceTest (io.strimzi.systemtest.annotations.ParallelNamespaceTest)82 GenericKafkaListenerConfigurationBrokerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder)80 Matchers.containsString (org.hamcrest.Matchers.containsString)74 KafkaUser (io.strimzi.api.kafka.model.KafkaUser)62 InternalKafkaClient (io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient)56 Service (io.fabric8.kubernetes.api.model.Service)52 GenericKafkaListenerConfigurationBroker (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker)50 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)48 Reconciliation (io.strimzi.operator.common.Reconciliation)48 KafkaListenerType (io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)47 Labels (io.strimzi.operator.common.model.Labels)46 StatefulSet (io.fabric8.kubernetes.api.model.apps.StatefulSet)44 ArrayList (java.util.ArrayList)44