Examples with CertManager io.strimzi.certs.CertManager used on opensource projects

Search in sources :

Example 6 with CertManager

use of io.strimzi.certs.CertManager in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorIngressKafkaListenerTest method testIngressV1.

@Test
public void testIngressV1(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(NAME).withNamespace(NAMESPACE).endMetadata().withNewSpec().withNewKafka().withReplicas(3).withListeners(new GenericKafkaListenerBuilder().withName("ingress").withPort(9094).withTls(true).withType(KafkaListenerType.INGRESS).withNewConfiguration().withNewBootstrap().withHost("bootstrap.mydomain.tld").endBootstrap().withBrokers(new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(0).withHost("broker-0.mydomain.tld").build(), new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(1).withHost("broker-1.mydomain.tld").build(), new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(2).withHost("broker-2.mydomain.tld").build()).endConfiguration().build()).withNewEphemeralStorage().endEphemeralStorage().endKafka().withNewZookeeper().withReplicas(3).withNewEphemeralStorage().endEphemeralStorage().endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(NAMESPACE), eq(NAME))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(NAMESPACE), eq(NAME))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the KafkaSet operations
    StatefulSetOperator mockStsOps = supplier.stsOperations;
    when(mockStsOps.getAsync(eq(NAMESPACE), eq(KafkaCluster.kafkaClusterName(NAME)))).thenReturn(Future.succeededFuture());
    // Mock the StrimziPodSet operator
    CrdOperator<KubernetesClient, StrimziPodSet, StrimziPodSetList> mockPodSetOps = supplier.strimziPodSetOperator;
    when(mockPodSetOps.getAsync(any(), any())).thenReturn(Future.succeededFuture(null));
    // Mock the Pod operations
    PodOperator mockPodOps = supplier.podOperations;
    when(mockPodOps.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    // Mock ingress v1beta1 ops
    IngressV1Beta1Operator mockIngressV1Beta1ops = supplier.ingressV1Beta1Operations;
    ArgumentCaptor<io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress> ingressV1Beta1Captor = ArgumentCaptor.forClass(io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress.class);
    when(mockIngressV1Beta1ops.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    when(mockIngressV1Beta1ops.reconcile(any(), anyString(), anyString(), ingressV1Beta1Captor.capture())).thenReturn(Future.succeededFuture(ReconcileResult.created(new io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress())));
    when(mockIngressV1Beta1ops.hasIngressAddress(any(), eq(NAMESPACE), any(), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    // Mock ingress v1 ops
    IngressOperator mockIngressOps = supplier.ingressOperations;
    ArgumentCaptor<Ingress> ingressCaptor = ArgumentCaptor.forClass(Ingress.class);
    when(mockIngressOps.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    when(mockIngressOps.reconcile(any(), anyString(), anyString(), ingressCaptor.capture())).thenReturn(Future.succeededFuture(ReconcileResult.created(new Ingress())));
    when(mockIngressOps.hasIngressAddress(any(), eq(NAMESPACE), any(), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperator op = new MockKafkaAssemblyOperatorForIngressTests(vertx, new PlatformFeaturesAvailability(false, KubernetesVersion.V1_19), certManager, passwordGenerator, supplier, ResourceUtils.dummyClusterOperatorConfig(KafkaVersionTestUtils.getKafkaVersionLookup()));
    Reconciliation reconciliation = new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, NAMESPACE, NAME);
    Checkpoint async = context.checkpoint();
    op.reconcile(reconciliation).onComplete(context.succeeding(v -> context.verify(() -> {
        assertThat(ingressCaptor.getAllValues().size(), is(4));
        assertThat(ingressV1Beta1Captor.getAllValues().size(), is(0));
        verify(mockIngressV1Beta1ops, never()).list(any(), any());
        verify(mockIngressV1Beta1ops, never()).reconcile(any(), any(), any(), any());
        verify(mockIngressV1Beta1ops, never()).hasIngressAddress(any(), any(), any(), anyLong(), anyLong());
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IngressV1Beta1Operator(io.strimzi.operator.common.operator.resource.IngressV1Beta1Operator) ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong) IngressOperator(io.strimzi.operator.common.operator.resource.IngressOperator) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) CertManager(io.strimzi.certs.CertManager) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) AfterAll(org.junit.jupiter.api.AfterAll) ArgumentCaptor(org.mockito.ArgumentCaptor) KafkaCluster(io.strimzi.operator.cluster.model.KafkaCluster) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) PodOperator(io.strimzi.operator.common.operator.resource.PodOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator) StrimziPodSetList(io.strimzi.api.kafka.StrimziPodSetList) Collections.emptyList(java.util.Collections.emptyList) KubernetesVersion(io.strimzi.operator.KubernetesVersion) Vertx(io.vertx.core.Vertx) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) Labels(io.strimzi.operator.common.model.Labels) StrimziPodSet(io.strimzi.api.kafka.model.StrimziPodSet) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Checkpoint(io.vertx.junit5.Checkpoint) Kafka(io.strimzi.api.kafka.model.Kafka) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) StrimziPodSet(io.strimzi.api.kafka.model.StrimziPodSet) Kafka(io.strimzi.api.kafka.model.Kafka) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) IngressV1Beta1Operator(io.strimzi.operator.common.operator.resource.IngressV1Beta1Operator) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) PodOperator(io.strimzi.operator.common.operator.resource.PodOperator) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) Labels(io.strimzi.operator.common.model.Labels) StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator) StrimziPodSetList(io.strimzi.api.kafka.StrimziPodSetList) IngressOperator(io.strimzi.operator.common.operator.resource.IngressOperator) Checkpoint(io.vertx.junit5.Checkpoint) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Test(org.junit.jupiter.api.Test)

Example 7 with CertManager

use of io.strimzi.certs.CertManager in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorIngressKafkaListenerTest method testIngressV1Beta1.

@Test
public void testIngressV1Beta1(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(NAME).withNamespace(NAMESPACE).endMetadata().withNewSpec().withNewKafka().withReplicas(3).withListeners(new GenericKafkaListenerBuilder().withName("ingress").withPort(9094).withTls(true).withType(KafkaListenerType.INGRESS).withNewConfiguration().withNewBootstrap().withHost("bootstrap.mydomain.tld").endBootstrap().withBrokers(new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(0).withHost("broker-0.mydomain.tld").build(), new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(1).withHost("broker-1.mydomain.tld").build(), new GenericKafkaListenerConfigurationBrokerBuilder().withBroker(2).withHost("broker-2.mydomain.tld").build()).endConfiguration().build()).withNewEphemeralStorage().endEphemeralStorage().endKafka().withNewZookeeper().withReplicas(3).withNewEphemeralStorage().endEphemeralStorage().endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(NAMESPACE), eq(NAME))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(NAMESPACE), eq(NAME))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the KafkaSet operations
    StatefulSetOperator mockStsOps = supplier.stsOperations;
    when(mockStsOps.getAsync(eq(NAMESPACE), eq(KafkaCluster.kafkaClusterName(NAME)))).thenReturn(Future.succeededFuture());
    // Mock the StrimziPodSet operator
    CrdOperator<KubernetesClient, StrimziPodSet, StrimziPodSetList> mockPodSetOps = supplier.strimziPodSetOperator;
    when(mockPodSetOps.getAsync(any(), any())).thenReturn(Future.succeededFuture(null));
    // Mock the Pod operations
    PodOperator mockPodOps = supplier.podOperations;
    when(mockPodOps.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    // Mock ingress v1beta1 ops
    IngressV1Beta1Operator mockIngressV1Beta1ops = supplier.ingressV1Beta1Operations;
    ArgumentCaptor<io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress> ingressV1Beta1Captor = ArgumentCaptor.forClass(io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress.class);
    when(mockIngressV1Beta1ops.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    when(mockIngressV1Beta1ops.reconcile(any(), anyString(), anyString(), ingressV1Beta1Captor.capture())).thenReturn(Future.succeededFuture(ReconcileResult.created(new io.fabric8.kubernetes.api.model.networking.v1beta1.Ingress())));
    when(mockIngressV1Beta1ops.hasIngressAddress(any(), eq(NAMESPACE), any(), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    // Mock ingress v1 ops
    IngressOperator mockIngressOps = supplier.ingressOperations;
    ArgumentCaptor<Ingress> ingressCaptor = ArgumentCaptor.forClass(Ingress.class);
    when(mockIngressOps.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(emptyList()));
    when(mockIngressOps.reconcile(any(), anyString(), anyString(), ingressCaptor.capture())).thenReturn(Future.succeededFuture(ReconcileResult.created(new Ingress())));
    when(mockIngressOps.hasIngressAddress(any(), eq(NAMESPACE), any(), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperator op = new MockKafkaAssemblyOperatorForIngressTests(vertx, new PlatformFeaturesAvailability(false, KubernetesVersion.V1_16), certManager, passwordGenerator, supplier, ResourceUtils.dummyClusterOperatorConfig(KafkaVersionTestUtils.getKafkaVersionLookup()));
    Reconciliation reconciliation = new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, NAMESPACE, NAME);
    Checkpoint async = context.checkpoint();
    op.reconcile(reconciliation).onComplete(context.succeeding(v -> context.verify(() -> {
        assertThat(ingressCaptor.getAllValues().size(), is(0));
        assertThat(ingressV1Beta1Captor.getAllValues().size(), is(4));
        verify(mockIngressOps, never()).list(any(), any());
        verify(mockIngressOps, never()).reconcile(any(), any(), any(), any());
        verify(mockIngressOps, never()).hasIngressAddress(any(), any(), any(), anyLong(), anyLong());
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) IngressV1Beta1Operator(io.strimzi.operator.common.operator.resource.IngressV1Beta1Operator) ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong) IngressOperator(io.strimzi.operator.common.operator.resource.IngressOperator) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) CertManager(io.strimzi.certs.CertManager) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) AfterAll(org.junit.jupiter.api.AfterAll) ArgumentCaptor(org.mockito.ArgumentCaptor) KafkaCluster(io.strimzi.operator.cluster.model.KafkaCluster) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) PodOperator(io.strimzi.operator.common.operator.resource.PodOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator) StrimziPodSetList(io.strimzi.api.kafka.StrimziPodSetList) Collections.emptyList(java.util.Collections.emptyList) KubernetesVersion(io.strimzi.operator.KubernetesVersion) Vertx(io.vertx.core.Vertx) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) Mockito.never(org.mockito.Mockito.never) Labels(io.strimzi.operator.common.model.Labels) StrimziPodSet(io.strimzi.api.kafka.model.StrimziPodSet) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) Checkpoint(io.vertx.junit5.Checkpoint) Kafka(io.strimzi.api.kafka.model.Kafka) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) StrimziPodSet(io.strimzi.api.kafka.model.StrimziPodSet) Kafka(io.strimzi.api.kafka.model.Kafka) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) IngressV1Beta1Operator(io.strimzi.operator.common.operator.resource.IngressV1Beta1Operator) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) PodOperator(io.strimzi.operator.common.operator.resource.PodOperator) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) Labels(io.strimzi.operator.common.model.Labels) StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator) StrimziPodSetList(io.strimzi.api.kafka.StrimziPodSetList) IngressOperator(io.strimzi.operator.common.operator.resource.IngressOperator) Checkpoint(io.vertx.junit5.Checkpoint) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Test(org.junit.jupiter.api.Test)

Example 8 with CertManager

use of io.strimzi.certs.CertManager in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenNamespaceRbacScope.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'NAMESPACE', the cluster operator only
 * deploys and binds to Roles
 */
@Test
public void testRolesDeployedWhenNamespaceRbacScope(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled rolebindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), eq(namespace), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, configNamespaceRbacScope);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(2));
        assertThat(roleBindings, hasSize(2));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        verify(supplier.clusterRoleBindingOperator, never()).reconcile(any(), anyString(), any());
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Role(io.fabric8.kubernetes.api.model.rbac.Role) CertManager(io.strimzi.certs.CertManager) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleOperator(io.strimzi.operator.common.operator.resource.RoleOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) TypeSafeDiagnosingMatcher(org.hamcrest.TypeSafeDiagnosingMatcher) AfterAll(org.junit.jupiter.api.AfterAll) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) ArgumentCaptor(org.mockito.ArgumentCaptor) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Matchers.hasSize(org.hamcrest.Matchers.hasSize) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Description(org.hamcrest.Description) KubernetesVersion(io.strimzi.operator.KubernetesVersion) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) Vertx(io.vertx.core.Vertx) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) Mockito.never(org.mockito.Mockito.never) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Matcher(org.hamcrest.Matcher) Checkpoint(io.vertx.junit5.Checkpoint) Matchers.is(org.hamcrest.Matchers.is) EntityOperator(io.strimzi.operator.cluster.model.EntityOperator) Kafka(io.strimzi.api.kafka.model.Kafka) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Checkpoint(io.vertx.junit5.Checkpoint) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Test(org.junit.jupiter.api.Test)

Example 9 with CertManager

use of io.strimzi.certs.CertManager in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenNamespaceRbacScopeAndMultiWatchNamespace.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'NAMESPACE', the cluster operator
 * binds to ClusterRoles when it can't use Roles due to cross namespace permissions
 */
@Test
public void testRolesDeployedWhenNamespaceRbacScopeAndMultiWatchNamespace(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().withWatchedNamespace("other-ns").endUserOperator().withNewTopicOperator().withWatchedNamespace("another-ns").endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for Roles
    RoleOperator mockRoleOps = supplier.roleOperations;
    // Capture the names of reconciled Roles and their patched state
    ArgumentCaptor<String> roleNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Role> roleCaptor = ArgumentCaptor.forClass(Role.class);
    when(mockRoleOps.reconcile(any(), anyString(), roleNameCaptor.capture(), roleCaptor.capture())).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled RoleBindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), anyString(), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, configNamespaceRbacScope);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(4));
        assertThat(roleBindings, hasSize(4));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0).getMetadata().getNamespace(), is("another-ns"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(1).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(2), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(2).getMetadata().getNamespace(), is("other-ns"));
        assertThat(roleBindings.get(2), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        assertThat(roleBindingNames.get(3), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(3).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleBindings.get(3), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName(EntityOperator.getRoleName(clusterName)).build()));
        List<String> roleNames = roleNameCaptor.getAllValues();
        List<Role> roles = roleCaptor.getAllValues();
        assertThat(roleNames, hasSize(3));
        assertThat(roles, hasSize(3));
        // Check all Roles, easier to index by order applied
        assertThat(roleNames.get(0), is("test-instance-entity-operator"));
        assertThat(roles.get(0).getMetadata().getNamespace(), is("test-ns"));
        assertThat(roleNames.get(1), is("test-instance-entity-operator"));
        assertThat(roles.get(1).getMetadata().getNamespace(), is("other-ns"));
        assertThat(roleNames.get(2), is("test-instance-entity-operator"));
        assertThat(roles.get(2).getMetadata().getNamespace(), is("another-ns"));
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Role(io.fabric8.kubernetes.api.model.rbac.Role) CertManager(io.strimzi.certs.CertManager) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleOperator(io.strimzi.operator.common.operator.resource.RoleOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) TypeSafeDiagnosingMatcher(org.hamcrest.TypeSafeDiagnosingMatcher) AfterAll(org.junit.jupiter.api.AfterAll) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) ArgumentCaptor(org.mockito.ArgumentCaptor) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Matchers.hasSize(org.hamcrest.Matchers.hasSize) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Description(org.hamcrest.Description) KubernetesVersion(io.strimzi.operator.KubernetesVersion) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) Vertx(io.vertx.core.Vertx) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) Mockito.never(org.mockito.Mockito.never) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Matcher(org.hamcrest.Matcher) Checkpoint(io.vertx.junit5.Checkpoint) Matchers.is(org.hamcrest.Matchers.is) EntityOperator(io.strimzi.operator.cluster.model.EntityOperator) Kafka(io.strimzi.api.kafka.model.Kafka) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) RoleOperator(io.strimzi.operator.common.operator.resource.RoleOperator) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Role(io.fabric8.kubernetes.api.model.rbac.Role) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Checkpoint(io.vertx.junit5.Checkpoint) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Test(org.junit.jupiter.api.Test)

Example 10 with CertManager

use of io.strimzi.certs.CertManager in project strimzi-kafka-operator by strimzi.

the class KafkaAssemblyOperatorRbacScopeTest method testRolesDeployedWhenClusterRbacScope.

/**
 * This test checks that when STRIMZI_RBAC_SCOPE feature is set to 'CLUSTER', the cluster operator
 * binds to ClusterRoles
 */
@Test
public void testRolesDeployedWhenClusterRbacScope(VertxTestContext context) {
    Kafka kafka = new KafkaBuilder().withNewMetadata().withName(clusterName).withNamespace(namespace).endMetadata().withNewSpec().withNewKafka().withReplicas(3).endKafka().withNewZookeeper().withReplicas(3).endZookeeper().withNewEntityOperator().withNewUserOperator().endUserOperator().withNewTopicOperator().endTopicOperator().endEntityOperator().endSpec().build();
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the CRD Operator for Kafka resources
    CrdOperator mockKafkaOps = supplier.kafkaOperator;
    when(mockKafkaOps.getAsync(eq(namespace), eq(clusterName))).thenReturn(Future.succeededFuture(kafka));
    when(mockKafkaOps.get(eq(namespace), eq(clusterName))).thenReturn(kafka);
    when(mockKafkaOps.updateStatusAsync(any(), any(Kafka.class))).thenReturn(Future.succeededFuture());
    // Mock the operations for RoleBindings
    RoleBindingOperator mockRoleBindingOps = supplier.roleBindingOperations;
    // Capture the names of reconciled rolebindings and their patched state
    ArgumentCaptor<String> roleBindingNameCaptor = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<RoleBinding> roleBindingCaptor = ArgumentCaptor.forClass(RoleBinding.class);
    when(mockRoleBindingOps.reconcile(any(), eq(namespace), roleBindingNameCaptor.capture(), roleBindingCaptor.capture())).thenReturn(Future.succeededFuture());
    KafkaAssemblyOperatorRolesSubset kao = new KafkaAssemblyOperatorRolesSubset(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, config);
    Checkpoint async = context.checkpoint();
    kao.reconcile(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName)).onComplete(context.succeeding(v -> context.verify(() -> {
        List<String> roleBindingNames = roleBindingNameCaptor.getAllValues();
        List<RoleBinding> roleBindings = roleBindingCaptor.getAllValues();
        assertThat(roleBindingNames, hasSize(2));
        assertThat(roleBindings, hasSize(2));
        // Check all RoleBindings, easier to index by order applied
        assertThat(roleBindingNames.get(0), is("test-instance-entity-topic-operator-role"));
        assertThat(roleBindings.get(0), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        assertThat(roleBindingNames.get(1), is("test-instance-entity-user-operator-role"));
        assertThat(roleBindings.get(1), hasRoleRef(new RoleRefBuilder().withApiGroup("rbac.authorization.k8s.io").withKind("Role").withName("test-instance-entity-operator").build()));
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Role(io.fabric8.kubernetes.api.model.rbac.Role) CertManager(io.strimzi.certs.CertManager) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleOperator(io.strimzi.operator.common.operator.resource.RoleOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) TypeSafeDiagnosingMatcher(org.hamcrest.TypeSafeDiagnosingMatcher) AfterAll(org.junit.jupiter.api.AfterAll) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) ArgumentCaptor(org.mockito.ArgumentCaptor) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Matchers.hasSize(org.hamcrest.Matchers.hasSize) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Description(org.hamcrest.Description) KubernetesVersion(io.strimzi.operator.KubernetesVersion) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) Vertx(io.vertx.core.Vertx) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) Mockito.never(org.mockito.Mockito.never) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Matcher(org.hamcrest.Matcher) Checkpoint(io.vertx.junit5.Checkpoint) Matchers.is(org.hamcrest.Matchers.is) EntityOperator(io.strimzi.operator.cluster.model.EntityOperator) Kafka(io.strimzi.api.kafka.model.Kafka) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Checkpoint(io.vertx.junit5.Checkpoint) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator) Reconciliation(io.strimzi.operator.common.Reconciliation) RoleBinding(io.fabric8.kubernetes.api.model.rbac.RoleBinding) RoleBindingOperator(io.strimzi.operator.common.operator.resource.RoleBindingOperator) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) Test(org.junit.jupiter.api.Test)

Aggregations

Kafka (io.strimzi.api.kafka.model.Kafka)32 KafkaBuilder (io.strimzi.api.kafka.model.KafkaBuilder)32 CertManager (io.strimzi.certs.CertManager)32 KubernetesVersion (io.strimzi.operator.KubernetesVersion)32 PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)32 ClusterOperatorConfig (io.strimzi.operator.cluster.ClusterOperatorConfig)32 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)32 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)32 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)32 PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)32 Reconciliation (io.strimzi.operator.common.Reconciliation)32 Future (io.vertx.core.Future)32 Vertx (io.vertx.core.Vertx)32 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)32 AfterAll (org.junit.jupiter.api.AfterAll)32 BeforeAll (org.junit.jupiter.api.BeforeAll)32 Test (org.junit.jupiter.api.Test)32 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)32 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)32 Mockito.when (org.mockito.Mockito.when)32
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial