Example 6 with Ca
use of io.strimzi.operator.cluster.model.Ca in project strimzi-kafka-operator by strimzi.
the class MirrorMaker2IsolatedST method testKMM2RollAfterSecretsCertsUpdateScramSha.
/**
* Test mirroring messages by MirrorMaker 2.0 over tls transport using scram-sha-512 auth
* while user Scram passwords, CA cluster and clients certificates are changed.
*/
@ParallelNamespaceTest
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
@SuppressWarnings({ "checkstyle:MethodLength" })
void testKMM2RollAfterSecretsCertsUpdateScramSha(ExtensionContext extensionContext) {
TestStorage testStorage = new TestStorage(extensionContext);
String kafkaClusterSourceName = testStorage.getClusterName() + "-source";
String kafkaClusterTargetName = testStorage.getClusterName() + "-target";
String sourceMirroredTopicName = kafkaClusterSourceName + "." + testStorage.getTopicName();
String kafkaUserSourceName = testStorage.getUserName() + "-source";
String kafkaUserTargetName = testStorage.getUserName() + "-target";
// Deploy source kafka with tls listener and SCRAM-SHA authentication
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(kafkaClusterSourceName, 1, 1).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
// Deploy target kafka with tls listeners with tls and SCRAM-SHA authentication
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(kafkaClusterTargetName, 1, 1).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(kafkaClusterSourceName, testStorage.getTopicName()).build(), KafkaUserTemplates.scramShaUser(kafkaClusterSourceName, kafkaUserSourceName).build(), KafkaUserTemplates.scramShaUser(kafkaClusterTargetName, kafkaUserTargetName).build());
// Initialize PasswordSecretSource to set this as PasswordSecret in Source/Target MirrorMaker2 spec
PasswordSecretSource passwordSecretSource = new PasswordSecretSource();
passwordSecretSource.setSecretName(kafkaUserSourceName);
passwordSecretSource.setPassword("password");
PasswordSecretSource passwordSecretTarget = new PasswordSecretSource();
passwordSecretTarget.setSecretName(kafkaUserTargetName);
passwordSecretTarget.setPassword("password");
// Initialize CertSecretSource with certificate and secret names for source
CertSecretSource certSecretSource = new CertSecretSource();
certSecretSource.setCertificate("ca.crt");
certSecretSource.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterSourceName));
// Initialize CertSecretSource with certificate and secret names for target
CertSecretSource certSecretTarget = new CertSecretSource();
certSecretTarget.setCertificate("ca.crt");
certSecretTarget.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterTargetName));
resourceManager.createResource(extensionContext, KafkaMirrorMaker2Templates.kafkaMirrorMaker2(testStorage.getClusterName(), kafkaClusterTargetName, kafkaClusterSourceName, 1, true).editSpec().editMatchingCluster(spec -> spec.getAlias().equals(kafkaClusterSourceName)).withNewKafkaClientAuthenticationScramSha512().withUsername(kafkaUserSourceName).withPasswordSecret(passwordSecretSource).endKafkaClientAuthenticationScramSha512().withNewTls().withTrustedCertificates(certSecretSource).endTls().endCluster().editMatchingCluster(spec -> spec.getAlias().equals(kafkaClusterTargetName)).withNewKafkaClientAuthenticationScramSha512().withUsername(kafkaUserTargetName).withPasswordSecret(passwordSecretTarget).endKafkaClientAuthenticationScramSha512().withNewTls().withTrustedCertificates(certSecretTarget).endTls().endCluster().endSpec().build());
KafkaClients clients = new KafkaClientsBuilder().withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withUserName(kafkaUserSourceName).withNamespaceName(testStorage.getNamespaceName()).withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).build();
resourceManager.createResource(extensionContext, clients.producerScramShaTlsStrimzi(kafkaClusterSourceName), clients.consumerScramShaTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
clients = new KafkaClientsBuilder(clients).withTopicName(sourceMirroredTopicName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaUserTargetName).build();
LOGGER.info("Now messages should be mirrored to target topic and cluster");
resourceManager.createResource(extensionContext, clients.consumerScramShaTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Messages successfully mirrored");
String kmm2DeploymentName = KafkaMirrorMaker2Resources.deploymentName(testStorage.getClusterName());
Map<String, String> mmSnapshot = DeploymentUtils.depSnapshot(testStorage.getNamespaceName(), kmm2DeploymentName);
LOGGER.info("Changing KafkaUser sha-password on KMM2 Source and make sure it rolled");
Secret passwordSource = new SecretBuilder().withNewMetadata().withName(kafkaUserSourceName).endMetadata().addToData("password", "c291cmNlLXBhc3N3b3Jk").build();
kubeClient().patchSecret(testStorage.getNamespaceName(), kafkaUserSourceName, passwordSource);
mmSnapshot = DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), kmm2DeploymentName, 1, mmSnapshot);
LOGGER.info("Changing KafkaUser sha-password on KMM2 Target");
Secret passwordTarget = new SecretBuilder().withNewMetadata().withName(kafkaUserTargetName).endMetadata().addToData("password", "dGFyZ2V0LXBhc3N3b3Jk").build();
kubeClient().patchSecret(testStorage.getNamespaceName(), kafkaUserTargetName, passwordTarget);
DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), kmm2DeploymentName, 1, mmSnapshot);
clients = new KafkaClientsBuilder(clients).withTopicName(testStorage.getTopicName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withUserName(kafkaUserSourceName).build();
resourceManager.createResource(extensionContext, clients.producerScramShaTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientSuccess(testStorage.getProducerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
clients = new KafkaClientsBuilder(clients).withTopicName(sourceMirroredTopicName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaUserTargetName).build();
LOGGER.info("Now messages should be mirrored to target topic and cluster");
resourceManager.createResource(extensionContext, clients.consumerScramShaTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Messages successfully mirrored");
}
Also used :
KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource)
KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient)
KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Map(java.util.Map)
Tag(org.junit.jupiter.api.Tag)
StUtils(io.strimzi.systemtest.utils.StUtils)
BeforeAllOnce(io.strimzi.systemtest.BeforeAllOnce)
RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils)
ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
IsolatedSuite(io.strimzi.systemtest.annotations.IsolatedSuite)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
KafkaMirrorMaker2Templates(io.strimzi.systemtest.templates.crd.KafkaMirrorMaker2Templates)
INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
ClientUtils(io.strimzi.systemtest.utils.ClientUtils)
KafkaMirrorMaker2Resources(io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources)
KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2)
KafkaMirrorMaker2Status(io.strimzi.api.kafka.model.status.KafkaMirrorMaker2Status)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
Logger(org.apache.logging.log4j.Logger)
KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates)
KafkaMirrorMaker2Utils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMaker2Utils)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
Secret(io.fabric8.kubernetes.api.model.Secret)
Matchers.is(org.hamcrest.Matchers.is)
KafkaTopicResource(io.strimzi.systemtest.resources.crd.KafkaTopicResource)
SCALABILITY(io.strimzi.systemtest.Constants.SCALABILITY)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Assertions.assertDoesNotThrow(org.junit.jupiter.api.Assertions.assertDoesNotThrow)
AbstractST(io.strimzi.systemtest.AbstractST)
Environment(io.strimzi.systemtest.Environment)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
HashMap(java.util.HashMap)
ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils)
PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils)
JsonPathMatchers.hasJsonPath(org.valid4j.matchers.jsonpath.JsonPathMatchers.hasJsonPath)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
TestUtils(io.strimzi.test.TestUtils)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)
MIRROR_MAKER2(io.strimzi.systemtest.Constants.MIRROR_MAKER2)
KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates)
Ready(io.strimzi.systemtest.enums.CustomResourceStatus.Ready)
KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils)
Constants(io.strimzi.systemtest.Constants)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
SetupClusterOperator(io.strimzi.systemtest.resources.operator.SetupClusterOperator)
KafkaCmdClient(io.strimzi.systemtest.cli.KafkaCmdClient)
KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient)
KafkaTopic(io.strimzi.api.kafka.model.KafkaTopic)
DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates)
CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS)
KafkaMirrorMaker2Resource(io.strimzi.systemtest.resources.crd.KafkaMirrorMaker2Resource)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
LogManager(org.apache.logging.log4j.LogManager)
Collections(java.util.Collections)
REGRESSION(io.strimzi.systemtest.Constants.REGRESSION)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
Matchers.containsString(org.hamcrest.Matchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Example 7 with Ca
use of io.strimzi.operator.cluster.model.Ca in project strimzi-kafka-operator by strimzi.
the class MirrorMaker2IsolatedST method testKMM2RollAfterSecretsCertsUpdateTLS.
@ParallelNamespaceTest
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
@SuppressWarnings({ "checkstyle:MethodLength" })
void testKMM2RollAfterSecretsCertsUpdateTLS(ExtensionContext extensionContext) {
TestStorage testStorage = new TestStorage(extensionContext);
String kafkaClusterSourceName = testStorage.getClusterName() + "-source";
String kafkaClusterTargetName = testStorage.getClusterName() + "-target";
String sourceMirroredTopicName = kafkaClusterSourceName + "." + testStorage.getTopicName();
String kafkaUserSourceName = testStorage.getUserName() + "-source";
String kafkaUserTargetName = testStorage.getUserName() + "-target";
// Deploy source kafka with tls listener and mutual tls auth
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(kafkaClusterSourceName, 1).editSpec().editKafka().addToConfig("min.insync.replicas", 1).withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
// Deploy target kafka with tls listener and mutual tls auth
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(kafkaClusterTargetName, 1).editSpec().editKafka().addToConfig("min.insync.replicas", 1).withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(kafkaClusterSourceName, testStorage.getTopicName(), 3).build(), KafkaUserTemplates.tlsUser(kafkaClusterSourceName, kafkaUserSourceName).build(), KafkaUserTemplates.tlsUser(kafkaClusterTargetName, kafkaUserTargetName).build());
// Initialize CertSecretSource with certificate and secret names for source
CertSecretSource certSecretSource = new CertSecretSource();
certSecretSource.setCertificate("ca.crt");
certSecretSource.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterSourceName));
// Initialize CertSecretSource with certificate and secret names for target
CertSecretSource certSecretTarget = new CertSecretSource();
certSecretTarget.setCertificate("ca.crt");
certSecretTarget.setSecretName(KafkaResources.clusterCaCertificateSecretName(kafkaClusterTargetName));
resourceManager.createResource(extensionContext, KafkaMirrorMaker2Templates.kafkaMirrorMaker2(testStorage.getClusterName(), kafkaClusterTargetName, kafkaClusterSourceName, 1, true).editSpec().editMatchingCluster(spec -> spec.getAlias().equals(kafkaClusterSourceName)).withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(kafkaUserSourceName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withNewTls().withTrustedCertificates(certSecretSource).endTls().endCluster().editMatchingCluster(spec -> spec.getAlias().equals(kafkaClusterTargetName)).withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(kafkaUserTargetName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withNewTls().withTrustedCertificates(certSecretTarget).endTls().endCluster().editFirstMirror().editSourceConnector().addToConfig("refresh.topics.interval.seconds", 1).endSourceConnector().endMirror().endSpec().build());
String mm2DeploymentName = KafkaMirrorMaker2Resources.deploymentName(testStorage.getClusterName());
Map<String, String> mmSnapshot = DeploymentUtils.depSnapshot(testStorage.getNamespaceName(), mm2DeploymentName);
KafkaClients clients = new KafkaClientsBuilder().withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withUserName(kafkaUserSourceName).withNamespaceName(testStorage.getNamespaceName()).withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).build();
resourceManager.createResource(extensionContext, clients.producerTlsStrimzi(kafkaClusterSourceName), clients.consumerTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
clients = new KafkaClientsBuilder(clients).withTopicName(sourceMirroredTopicName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaUserTargetName).build();
LOGGER.info("Consumer in target cluster and topic should receive {} messages", MESSAGE_COUNT);
resourceManager.createResource(extensionContext, clients.consumerTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Messages successfully mirrored");
LabelSelector zkSourceSelector = KafkaResource.getLabelSelector(kafkaClusterSourceName, KafkaResources.zookeeperStatefulSetName(kafkaClusterSourceName));
LabelSelector kafkaSourceSelector = KafkaResource.getLabelSelector(kafkaClusterSourceName, KafkaResources.kafkaStatefulSetName(kafkaClusterSourceName));
LabelSelector zkTargetSelector = KafkaResource.getLabelSelector(kafkaClusterTargetName, KafkaResources.zookeeperStatefulSetName(kafkaClusterTargetName));
LabelSelector kafkaTargetSelector = KafkaResource.getLabelSelector(kafkaClusterTargetName, KafkaResources.kafkaStatefulSetName(kafkaClusterTargetName));
Map<String, String> kafkaSourcePods = PodUtils.podSnapshot(testStorage.getNamespaceName(), kafkaSourceSelector);
Map<String, String> zkSourcePods = PodUtils.podSnapshot(testStorage.getNamespaceName(), zkSourceSelector);
Map<String, String> eoSourcePods = DeploymentUtils.depSnapshot(testStorage.getNamespaceName(), KafkaResources.entityOperatorDeploymentName(kafkaClusterSourceName));
Map<String, String> kafkaTargetPods = PodUtils.podSnapshot(testStorage.getNamespaceName(), kafkaTargetSelector);
Map<String, String> zkTargetPods = PodUtils.podSnapshot(testStorage.getNamespaceName(), zkTargetSelector);
Map<String, String> eoTargetPods = DeploymentUtils.depSnapshot(testStorage.getNamespaceName(), KafkaResources.entityOperatorDeploymentName(kafkaClusterTargetName));
LOGGER.info("Renew Clients CA secret for Source cluster via annotation");
String sourceClientsCaSecretName = KafkaResources.clientsCaCertificateSecretName(kafkaClusterSourceName);
SecretUtils.annotateSecret(testStorage.getNamespaceName(), sourceClientsCaSecretName, Ca.ANNO_STRIMZI_IO_FORCE_RENEW, "true");
kafkaSourcePods = RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), kafkaSourceSelector, 1, kafkaSourcePods);
mmSnapshot = DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), mm2DeploymentName, 1, mmSnapshot);
LOGGER.info("Renew Clients CA secret for Target cluster via annotation");
String targetClientsCaSecretName = KafkaResources.clientsCaCertificateSecretName(kafkaClusterTargetName);
SecretUtils.annotateSecret(testStorage.getNamespaceName(), targetClientsCaSecretName, Ca.ANNO_STRIMZI_IO_FORCE_RENEW, "true");
kafkaTargetPods = RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), kafkaTargetSelector, 1, kafkaTargetPods);
mmSnapshot = DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), mm2DeploymentName, 1, mmSnapshot);
LOGGER.info("Send and receive messages after clients certs were removed");
clients = new KafkaClientsBuilder(clients).withTopicName(testStorage.getTopicName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withUserName(kafkaUserSourceName).build();
resourceManager.createResource(extensionContext, clients.producerTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientSuccess(testStorage.getProducerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Consumer in target cluster and topic should receive {} messages", MESSAGE_COUNT);
clients = new KafkaClientsBuilder(clients).withTopicName(sourceMirroredTopicName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaUserTargetName).build();
resourceManager.createResource(extensionContext, clients.consumerTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Messages successfully mirrored");
LOGGER.info("Renew Cluster CA secret for Source clusters via annotation");
String sourceClusterCaSecretName = KafkaResources.clusterCaCertificateSecretName(kafkaClusterSourceName);
SecretUtils.annotateSecret(testStorage.getNamespaceName(), sourceClusterCaSecretName, Ca.ANNO_STRIMZI_IO_FORCE_RENEW, "true");
RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), zkSourceSelector, 1, zkSourcePods);
RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), kafkaSourceSelector, 1, kafkaSourcePods);
DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), KafkaResources.entityOperatorDeploymentName(kafkaClusterSourceName), 1, eoSourcePods);
mmSnapshot = DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), mm2DeploymentName, 1, mmSnapshot);
LOGGER.info("Renew Cluster CA secret for Target clusters via annotation");
String targetClusterCaSecretName = KafkaResources.clusterCaCertificateSecretName(kafkaClusterTargetName);
SecretUtils.annotateSecret(testStorage.getNamespaceName(), targetClusterCaSecretName, Ca.ANNO_STRIMZI_IO_FORCE_RENEW, "true");
RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), zkTargetSelector, 1, zkTargetPods);
RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(testStorage.getNamespaceName(), kafkaTargetSelector, 1, kafkaTargetPods);
DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), KafkaResources.entityOperatorDeploymentName(kafkaClusterTargetName), 1, eoTargetPods);
DeploymentUtils.waitTillDepHasRolled(testStorage.getNamespaceName(), mm2DeploymentName, 1, mmSnapshot);
LOGGER.info("Send and receive messages after clients certs were removed");
clients = new KafkaClientsBuilder(clients).withTopicName(testStorage.getTopicName()).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterSourceName)).withUserName(kafkaUserSourceName).build();
resourceManager.createResource(extensionContext, clients.producerTlsStrimzi(kafkaClusterSourceName));
ClientUtils.waitForClientSuccess(testStorage.getProducerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Consumer in target cluster and topic should receive {} messages", MESSAGE_COUNT);
clients = new KafkaClientsBuilder(clients).withTopicName(sourceMirroredTopicName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(kafkaClusterTargetName)).withUserName(kafkaUserTargetName).build();
resourceManager.createResource(extensionContext, clients.consumerTlsStrimzi(kafkaClusterTargetName));
ClientUtils.waitForClientSuccess(testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
LOGGER.info("Messages successfully mirrored");
}
Also used :
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource)
KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient)
KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Map(java.util.Map)
Tag(org.junit.jupiter.api.Tag)
StUtils(io.strimzi.systemtest.utils.StUtils)
BeforeAllOnce(io.strimzi.systemtest.BeforeAllOnce)
RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils)
ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
IsolatedSuite(io.strimzi.systemtest.annotations.IsolatedSuite)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
KafkaMirrorMaker2Templates(io.strimzi.systemtest.templates.crd.KafkaMirrorMaker2Templates)
INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
PasswordSecretSource(io.strimzi.api.kafka.model.PasswordSecretSource)
ClientUtils(io.strimzi.systemtest.utils.ClientUtils)
KafkaMirrorMaker2Resources(io.strimzi.api.kafka.model.KafkaMirrorMaker2Resources)
KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2)
KafkaMirrorMaker2Status(io.strimzi.api.kafka.model.status.KafkaMirrorMaker2Status)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
Logger(org.apache.logging.log4j.Logger)
KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates)
KafkaMirrorMaker2Utils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMaker2Utils)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
Secret(io.fabric8.kubernetes.api.model.Secret)
Matchers.is(org.hamcrest.Matchers.is)
KafkaTopicResource(io.strimzi.systemtest.resources.crd.KafkaTopicResource)
SCALABILITY(io.strimzi.systemtest.Constants.SCALABILITY)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Assertions.assertDoesNotThrow(org.junit.jupiter.api.Assertions.assertDoesNotThrow)
AbstractST(io.strimzi.systemtest.AbstractST)
Environment(io.strimzi.systemtest.Environment)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
HashMap(java.util.HashMap)
ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils)
PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils)
JsonPathMatchers.hasJsonPath(org.valid4j.matchers.jsonpath.JsonPathMatchers.hasJsonPath)
DeploymentStrategy(io.strimzi.api.kafka.model.template.DeploymentStrategy)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
TestUtils(io.strimzi.test.TestUtils)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)
MIRROR_MAKER2(io.strimzi.systemtest.Constants.MIRROR_MAKER2)
KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates)
Ready(io.strimzi.systemtest.enums.CustomResourceStatus.Ready)
KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils)
Constants(io.strimzi.systemtest.Constants)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
SetupClusterOperator(io.strimzi.systemtest.resources.operator.SetupClusterOperator)
KafkaCmdClient(io.strimzi.systemtest.cli.KafkaCmdClient)
KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient)
KafkaTopic(io.strimzi.api.kafka.model.KafkaTopic)
DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates)
CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS)
KafkaMirrorMaker2Resource(io.strimzi.systemtest.resources.crd.KafkaMirrorMaker2Resource)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
LogManager(org.apache.logging.log4j.LogManager)
Collections(java.util.Collections)
REGRESSION(io.strimzi.systemtest.Constants.REGRESSION)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
Matchers.containsString(org.hamcrest.Matchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Example 8 with Ca
use of io.strimzi.operator.cluster.model.Ca in project strimzi-kafka-operator by strimzi.
the class SecurityST method testCertRegeneratedAfterInternalCAisDeleted.
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testCertRegeneratedAfterInternalCAisDeleted(ExtensionContext extensionContext) {
final TestStorage testStorage = new TestStorage(extensionContext, namespace);
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(testStorage.getClusterName(), 3, 1).build());
Map<String, String> kafkaPods = PodUtils.podSnapshot(testStorage.getNamespaceName(), testStorage.getKafkaSelector());
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(testStorage.getClusterName(), testStorage.getUserName()).build(), KafkaTopicTemplates.topic(testStorage.getClusterName(), testStorage.getTopicName()).build());
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(testStorage.getClusterName())).withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withNamespaceName(testStorage.getNamespaceName()).withUserName(testStorage.getUserName()).build();
List<Secret> secrets = kubeClient().listSecrets(testStorage.getNamespaceName()).stream().filter(secret -> secret.getMetadata().getName().startsWith(testStorage.getClusterName()) && secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
for (Secret s : secrets) {
LOGGER.info("Verifying that secret {} with name {} is present", s, s.getMetadata().getName());
assertThat(s.getData(), is(notNullValue()));
}
for (Secret s : secrets) {
LOGGER.info("Deleting secret {}", s.getMetadata().getName());
kubeClient().deleteSecret(testStorage.getNamespaceName(), s.getMetadata().getName());
}
PodUtils.verifyThatRunningPodsAreStable(testStorage.getNamespaceName(), KafkaResources.kafkaStatefulSetName(testStorage.getClusterName()));
RollingUpdateUtils.waitTillComponentHasRolled(testStorage.getNamespaceName(), testStorage.getKafkaSelector(), 3, kafkaPods);
for (Secret s : secrets) {
SecretUtils.waitForSecretReady(testStorage.getNamespaceName(), s.getMetadata().getName(), () -> {
});
}
List<Secret> regeneratedSecrets = kubeClient().listSecrets(testStorage.getNamespaceName()).stream().filter(secret -> secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
for (int i = 0; i < secrets.size(); i++) {
assertThat("Certificates has different cert UIDs", !secrets.get(i).getData().get("ca.crt").equals(regeneratedSecrets.get(i).getData().get("ca.crt")));
}
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerTlsStrimzi(testStorage.getClusterName()));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
Secret(io.fabric8.kubernetes.api.model.Secret)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation)
GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException)
Arrays(java.util.Arrays)
KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources)
SANITY(io.strimzi.systemtest.Constants.SANITY)
Date(java.util.Date)
KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource)
Random(java.util.Random)
AclOperation(io.strimzi.api.kafka.model.AclOperation)
KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils)
KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils)
Map(java.util.Map)
Tag(org.junit.jupiter.api.Tag)
StUtils(io.strimzi.systemtest.utils.StUtils)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils)
ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker)
INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils)
Collectors(java.util.stream.Collectors)
ClientUtils(io.strimzi.systemtest.utils.ClientUtils)
CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources)
KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
Logger(org.apache.logging.log4j.Logger)
KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates)
Secret(io.fabric8.kubernetes.api.model.Secret)
Matchers.containsString(org.hamcrest.Matchers.containsString)
AbstractST(io.strimzi.systemtest.AbstractST)
Environment(io.strimzi.systemtest.Environment)
IntStream(java.util.stream.IntStream)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates)
KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates)
ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite)
CONNECT(io.strimzi.systemtest.Constants.CONNECT)
LocalDateTime(java.time.LocalDateTime)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
HashMap(java.util.HashMap)
ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient)
ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext)
MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils)
ArrayList(java.util.ArrayList)
PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED)
SslConfigs(org.apache.kafka.common.config.SslConfigs)
ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE)
CoreMatchers.sameInstance(org.hamcrest.CoreMatchers.sameInstance)
KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates)
KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils)
KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
Constants(io.strimzi.systemtest.Constants)
Pod(io.fabric8.kubernetes.api.model.Pod)
Matchers(org.hamcrest.Matchers)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED)
KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient)
KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource)
DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates)
CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
LogManager(org.apache.logging.log4j.LogManager)
REGRESSION(io.strimzi.systemtest.Constants.REGRESSION)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources)
InputStream(java.io.InputStream)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 9 with Ca
use of io.strimzi.operator.cluster.model.Ca in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testNewKeyGetGeneratedWhenInRenewalPeriodAuto.
@Test
public void testNewKeyGetGeneratedWhenInRenewalPeriodAuto(Vertx vertx, VertxTestContext context) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
CertificateAuthority certificateAuthority = new CertificateAuthorityBuilder().withValidityDays(2).withRenewalDays(3).withGenerateCertificateAuthority(true).withCertificateExpirationPolicy(CertificateExpirationPolicy.REPLACE_KEY).build();
List<Secret> clusterCaSecrets = initialClusterCaSecrets(certificateAuthority);
Secret initialClusterCaKeySecret = clusterCaSecrets.get(0);
Secret initialClusterCaCertSecret = clusterCaSecrets.get(1);
assertThat(initialClusterCaCertSecret.getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(initialClusterCaCertSecret.getData().get(CA_CRT), is(notNullValue()));
assertThat(initialClusterCaCertSecret.getData().get(CA_STORE), is(notNullValue()));
assertThat(initialClusterCaCertSecret.getData().get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClusterCaCertSecret.getData()), is(true));
assertThat(initialClusterCaKeySecret.getData().keySet(), is(singleton(CA_KEY)));
assertThat(initialClusterCaKeySecret.getData().get(CA_KEY), is(notNullValue()));
List<Secret> clientsCaSecrets = initialClientsCaSecrets(certificateAuthority);
Secret initialClientsCaKeySecret = clientsCaSecrets.get(0);
Secret initialClientsCaCertSecret = clientsCaSecrets.get(1);
assertThat(initialClientsCaCertSecret.getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(initialClientsCaCertSecret.getData().get(CA_CRT), is(notNullValue()));
assertThat(initialClientsCaCertSecret.getData().get(CA_STORE), is(notNullValue()));
assertThat(initialClientsCaCertSecret.getData().get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClientsCaCertSecret.getData()), is(true));
assertThat(initialClientsCaKeySecret.getData().keySet(), is(singleton(CA_KEY)));
assertThat(initialClientsCaKeySecret.getData().get(CA_KEY), is(notNullValue()));
secrets.add(initialClusterCaCertSecret);
secrets.add(initialClusterCaKeySecret);
secrets.add(initialClientsCaCertSecret);
secrets.add(initialClientsCaKeySecret);
Checkpoint async = context.checkpoint();
reconcileCa(vertx, certificateAuthority, certificateAuthority).onComplete(context.succeeding(c -> context.verify(() -> {
assertThat(c.getAllValues(), hasSize(4));
Map<String, String> clusterCaCertData = c.getAllValues().get(0).getData();
assertThat(clusterCaCertData, aMapWithSize(4));
X509Certificate newX509ClusterCaCertStore = getCertificateFromTrustStore(CA_CRT, clusterCaCertData);
String oldClusterCaCertKey = clusterCaCertData.keySet().stream().filter(alias -> alias.startsWith("ca-")).findAny().orElseThrow();
X509Certificate oldX509ClusterCaCertStore = getCertificateFromTrustStore(oldClusterCaCertKey, clusterCaCertData);
String newClusterCaCert = clusterCaCertData.remove(CA_CRT);
String newClusterCaCertStore = clusterCaCertData.remove(CA_STORE);
String newClusterCaCertStorePassword = clusterCaCertData.remove(CA_STORE_PASSWORD);
assertThat(newClusterCaCert, is(not(initialClusterCaCertSecret.getData().get(CA_CRT))));
assertThat(newClusterCaCertStore, is(not(initialClusterCaCertSecret.getData().get(CA_STORE))));
assertThat(newClusterCaCertStorePassword, is(initialClusterCaCertSecret.getData().get(CA_STORE_PASSWORD)));
assertThat(newX509ClusterCaCertStore, is(x509Certificate(newClusterCaCert)));
Map.Entry<String, String> oldClusterCaCert = clusterCaCertData.entrySet().iterator().next();
assertThat(oldClusterCaCert.getValue(), is(initialClusterCaCertSecret.getData().get(CA_CRT)));
assertThat(oldX509ClusterCaCertStore, is(x509Certificate(String.valueOf(oldClusterCaCert.getValue()))));
assertThat(x509Certificate(newClusterCaCert).getSubjectDN().getName(), is("CN=cluster-ca v1, O=io.strimzi"));
Secret clusterCaKeySecret = c.getAllValues().get(1);
assertThat(clusterCaKeySecret.getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_KEY_GENERATION, "1"));
Map<String, String> clusterCaKeyData = clusterCaKeySecret.getData();
assertThat(clusterCaKeyData.keySet(), is(singleton(CA_KEY)));
String newClusterCaKey = clusterCaKeyData.remove(CA_KEY);
assertThat(newClusterCaKey, is(notNullValue()));
assertThat(newClusterCaKey, is(not(initialClusterCaKeySecret.getData().get(CA_KEY))));
Map<String, String> clientsCaCertData = c.getAllValues().get(2).getData();
assertThat(clientsCaCertData, aMapWithSize(4));
X509Certificate newX509ClientsCaCertStore = getCertificateFromTrustStore(CA_CRT, clientsCaCertData);
String oldClientsCaCertKey = clientsCaCertData.keySet().stream().filter(alias -> alias.startsWith("ca-")).findAny().orElseThrow();
X509Certificate oldX509ClientsCaCertStore = getCertificateFromTrustStore(oldClientsCaCertKey, clientsCaCertData);
String newClientsCaCert = clientsCaCertData.remove(CA_CRT);
String newClientsCaCertStore = clientsCaCertData.remove(CA_STORE);
String newClientsCaCertStorePassword = clientsCaCertData.remove(CA_STORE_PASSWORD);
assertThat(newClientsCaCert, is(not(initialClientsCaCertSecret.getData().get(CA_CRT))));
assertThat(newClientsCaCertStore, is(not(initialClientsCaCertSecret.getData().get(CA_STORE))));
assertThat(newClientsCaCertStorePassword, is(initialClientsCaCertSecret.getData().get(CA_STORE_PASSWORD)));
assertThat(newX509ClientsCaCertStore, is(x509Certificate(newClientsCaCert)));
Map.Entry<String, String> oldClientsCaCert = clientsCaCertData.entrySet().iterator().next();
assertThat(oldClientsCaCert.getValue(), is(initialClientsCaCertSecret.getData().get(CA_CRT)));
assertThat(oldX509ClientsCaCertStore, is(x509Certificate(String.valueOf(oldClientsCaCert.getValue()))));
assertThat(x509Certificate(newClientsCaCert).getSubjectDN().getName(), is("CN=clients-ca v1, O=io.strimzi"));
Secret clientsCaKeySecret = c.getAllValues().get(3);
assertThat(clientsCaKeySecret.getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_KEY_GENERATION, "1"));
Map<String, String> clientsCaKeyData = clientsCaKeySecret.getData();
assertThat(clientsCaKeyData.keySet(), is(singleton(CA_KEY)));
String newClientsCaKey = clientsCaKeyData.remove(CA_KEY);
assertThat(newClientsCaKey, is(notNullValue()));
assertThat(newClientsCaKey, is(not(initialClientsCaKeySecret.getData().get(CA_KEY))));
async.flag();
})));
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
BeforeEach(org.junit.jupiter.api.BeforeEach)
CertificateFactory(java.security.cert.CertificateFactory)
CA_KEY(io.strimzi.operator.cluster.model.Ca.CA_KEY)
Date(java.util.Date)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
KeyStoreException(java.security.KeyStoreException)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
CoreMatchers.instanceOf(org.hamcrest.CoreMatchers.instanceOf)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Collections.singleton(java.util.Collections.singleton)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
Map(java.util.Map)
PodOperator(io.strimzi.operator.common.operator.resource.PodOperator)
ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
Path(java.nio.file.Path)
AbstractModel(io.strimzi.operator.cluster.model.AbstractModel)
StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator)
ModelUtils(io.strimzi.operator.cluster.model.ModelUtils)
DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
KeyStore(java.security.KeyStore)
VertxExtension(io.vertx.junit5.VertxExtension)
Instant(java.time.Instant)
Future(io.vertx.core.Future)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
Subject(io.strimzi.certs.Subject)
Test(org.junit.jupiter.api.Test)
Objects(java.util.Objects)
Base64(java.util.Base64)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CA_STORE_PASSWORD(io.strimzi.operator.cluster.model.Ca.CA_STORE_PASSWORD)
Secret(io.fabric8.kubernetes.api.model.Secret)
CA_STORE(io.strimzi.operator.cluster.model.Ca.CA_STORE)
Checkpoint(io.vertx.junit5.Checkpoint)
ClusterCa(io.strimzi.operator.cluster.model.ClusterCa)
PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability)
Mockito.mock(org.mockito.Mockito.mock)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Matchers.aMapWithSize(org.hamcrest.Matchers.aMapWithSize)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
CertAndKey(io.strimzi.certs.CertAndKey)
Supplier(java.util.function.Supplier)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArrayList(java.util.ArrayList)
ArgumentCaptor(org.mockito.ArgumentCaptor)
ClusterOperator(io.strimzi.operator.cluster.ClusterOperator)
TestUtils(io.strimzi.test.TestUtils)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
Files(java.nio.file.Files)
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
Promise(io.vertx.core.Promise)
KubernetesVersion(io.strimzi.operator.KubernetesVersion)
Vertx(io.vertx.core.Vertx)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
TestUtils.set(io.strimzi.test.TestUtils.set)
Mockito.when(org.mockito.Mockito.when)
Reconciliation(io.strimzi.operator.common.Reconciliation)
CA_CRT(io.strimzi.operator.cluster.model.Ca.CA_CRT)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
Kafka(io.strimzi.api.kafka.model.Kafka)
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Checkpoint(io.vertx.junit5.Checkpoint)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
Map(java.util.Map)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.jupiter.api.Test)
Example 10 with Ca
use of io.strimzi.operator.cluster.model.Ca in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testNewKeyGeneratedWhenInRenewalPeriodAutoOutsideOfTimeWindow.
@Test
public void testNewKeyGeneratedWhenInRenewalPeriodAutoOutsideOfTimeWindow(Vertx vertx, VertxTestContext context) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
CertificateAuthority certificateAuthority = new CertificateAuthorityBuilder().withValidityDays(2).withRenewalDays(3).withGenerateCertificateAuthority(true).withCertificateExpirationPolicy(CertificateExpirationPolicy.REPLACE_KEY).build();
Kafka kafka = new KafkaBuilder().editOrNewMetadata().withName(NAME).withNamespace(NAMESPACE).endMetadata().withNewSpec().withClusterCa(certificateAuthority).withClientsCa(certificateAuthority).withMaintenanceTimeWindows("* 10-14 * * * ? *").endSpec().build();
List<Secret> clusterCaSecrets = initialClusterCaSecrets(certificateAuthority);
Secret initialClusterCaKeySecret = clusterCaSecrets.get(0);
Secret initialClusterCaCertSecret = clusterCaSecrets.get(1);
assertThat(initialClusterCaCertSecret.getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(initialClusterCaCertSecret.getData().get(CA_CRT), is(notNullValue()));
assertThat(initialClusterCaCertSecret.getData().get(CA_STORE), is(notNullValue()));
assertThat(initialClusterCaCertSecret.getData().get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClusterCaCertSecret.getData()), is(true));
assertThat(initialClusterCaKeySecret.getData().keySet(), is(singleton(CA_KEY)));
assertThat(initialClusterCaKeySecret.getData().get(CA_KEY), is(notNullValue()));
List<Secret> clientsCaSecrets = initialClientsCaSecrets(certificateAuthority);
Secret initialClientsCaKeySecret = clientsCaSecrets.get(0);
Secret initialClientsCaCertSecret = clientsCaSecrets.get(1);
assertThat(initialClientsCaCertSecret.getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(initialClientsCaCertSecret.getData().get(CA_CRT), is(notNullValue()));
assertThat(initialClientsCaCertSecret.getData().get(CA_STORE), is(notNullValue()));
assertThat(initialClientsCaCertSecret.getData().get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClientsCaCertSecret.getData()), is(true));
assertThat(initialClientsCaKeySecret.getData().keySet(), is(singleton(CA_KEY)));
assertThat(initialClientsCaKeySecret.getData().get(CA_KEY), is(notNullValue()));
secrets.add(initialClusterCaCertSecret);
secrets.add(initialClusterCaKeySecret);
secrets.add(initialClientsCaCertSecret);
secrets.add(initialClientsCaKeySecret);
Checkpoint async = context.checkpoint();
reconcileCa(vertx, kafka, () -> Date.from(Instant.parse("2018-11-26T09:00:00Z"))).onComplete(context.succeeding(c -> context.verify(() -> {
assertThat(c.getAllValues(), hasSize(4));
Map<String, String> clusterCaCertData = c.getAllValues().get(0).getData();
assertThat(c.getAllValues().get(0).getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_CERT_GENERATION, "0"));
assertThat(clusterCaCertData, aMapWithSize(3));
X509Certificate newX509ClusterCaCertStore = getCertificateFromTrustStore(CA_CRT, clusterCaCertData);
String newClusterCaCert = clusterCaCertData.remove(CA_CRT);
String newClusterCaCertStore = clusterCaCertData.remove(CA_STORE);
String newClusterCaCertStorePassword = clusterCaCertData.remove(CA_STORE_PASSWORD);
assertThat(newClusterCaCert, is(initialClusterCaCertSecret.getData().get(CA_CRT)));
assertThat(newClusterCaCertStore, is(initialClusterCaCertSecret.getData().get(CA_STORE)));
assertThat(newClusterCaCertStorePassword, is(initialClusterCaCertSecret.getData().get(CA_STORE_PASSWORD)));
assertThat(newX509ClusterCaCertStore, is(x509Certificate(newClusterCaCert)));
assertThat(x509Certificate(newClusterCaCert).getSubjectDN().getName(), is("CN=cluster-ca, O=io.strimzi"));
Secret clusterCaKeySecret = c.getAllValues().get(1);
assertThat(clusterCaKeySecret.getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_KEY_GENERATION, "0"));
Map<String, String> clusterCaKeyData = clusterCaKeySecret.getData();
assertThat(clusterCaKeyData.keySet(), is(singleton(CA_KEY)));
String newClusterCaKey = clusterCaKeyData.remove(CA_KEY);
assertThat(newClusterCaKey, is(notNullValue()));
assertThat(newClusterCaKey, is(initialClusterCaKeySecret.getData().get(CA_KEY)));
Map<String, String> clientsCaCertData = c.getAllValues().get(2).getData();
assertThat(c.getAllValues().get(2).getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_CERT_GENERATION, "0"));
assertThat(clientsCaCertData, aMapWithSize(3));
X509Certificate newX509ClientsCaCertStore = getCertificateFromTrustStore(CA_CRT, clientsCaCertData);
String newClientsCaCert = clientsCaCertData.remove(CA_CRT);
String newClientsCaCertStore = clientsCaCertData.remove(CA_STORE);
String newClientsCaCertStorePassword = clientsCaCertData.remove(CA_STORE_PASSWORD);
assertThat(newClientsCaCert, is(initialClientsCaCertSecret.getData().get(CA_CRT)));
assertThat(newClientsCaCertStore, is(initialClientsCaCertSecret.getData().get(CA_STORE)));
assertThat(newClientsCaCertStorePassword, is(initialClientsCaCertSecret.getData().get(CA_STORE_PASSWORD)));
assertThat(newX509ClientsCaCertStore, is(x509Certificate(newClientsCaCert)));
assertThat(x509Certificate(newClientsCaCert).getSubjectDN().getName(), is("CN=clients-ca, O=io.strimzi"));
Secret clientsCaKeySecret = c.getAllValues().get(3);
assertThat(clientsCaKeySecret.getMetadata().getAnnotations(), hasEntry(Ca.ANNO_STRIMZI_IO_CA_KEY_GENERATION, "0"));
Map<String, String> clientsCaKeyData = clientsCaKeySecret.getData();
assertThat(clientsCaKeyData.keySet(), is(singleton(CA_KEY)));
String newClientsCaKey = clientsCaKeyData.remove(CA_KEY);
assertThat(newClientsCaKey, is(notNullValue()));
assertThat(newClientsCaKey, is(initialClientsCaKeySecret.getData().get(CA_KEY)));
async.flag();
})));
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
BeforeEach(org.junit.jupiter.api.BeforeEach)
CertificateFactory(java.security.cert.CertificateFactory)
CA_KEY(io.strimzi.operator.cluster.model.Ca.CA_KEY)
Date(java.util.Date)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
KeyStoreException(java.security.KeyStoreException)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
CoreMatchers.instanceOf(org.hamcrest.CoreMatchers.instanceOf)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Collections.singleton(java.util.Collections.singleton)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
Map(java.util.Map)
PodOperator(io.strimzi.operator.common.operator.resource.PodOperator)
ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
Path(java.nio.file.Path)
AbstractModel(io.strimzi.operator.cluster.model.AbstractModel)
StatefulSetOperator(io.strimzi.operator.cluster.operator.resource.StatefulSetOperator)
ModelUtils(io.strimzi.operator.cluster.model.ModelUtils)
DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
KeyStore(java.security.KeyStore)
VertxExtension(io.vertx.junit5.VertxExtension)
Instant(java.time.Instant)
Future(io.vertx.core.Future)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
Subject(io.strimzi.certs.Subject)
Test(org.junit.jupiter.api.Test)
Objects(java.util.Objects)
Base64(java.util.Base64)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CA_STORE_PASSWORD(io.strimzi.operator.cluster.model.Ca.CA_STORE_PASSWORD)
Secret(io.fabric8.kubernetes.api.model.Secret)
CA_STORE(io.strimzi.operator.cluster.model.Ca.CA_STORE)
Checkpoint(io.vertx.junit5.Checkpoint)
ClusterCa(io.strimzi.operator.cluster.model.ClusterCa)
PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability)
Mockito.mock(org.mockito.Mockito.mock)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Matchers.aMapWithSize(org.hamcrest.Matchers.aMapWithSize)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
CertAndKey(io.strimzi.certs.CertAndKey)
Supplier(java.util.function.Supplier)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArrayList(java.util.ArrayList)
ArgumentCaptor(org.mockito.ArgumentCaptor)
ClusterOperator(io.strimzi.operator.cluster.ClusterOperator)
TestUtils(io.strimzi.test.TestUtils)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
Files(java.nio.file.Files)
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
Promise(io.vertx.core.Promise)
KubernetesVersion(io.strimzi.operator.KubernetesVersion)
Vertx(io.vertx.core.Vertx)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
TestUtils.set(io.strimzi.test.TestUtils.set)
Mockito.when(org.mockito.Mockito.when)
Reconciliation(io.strimzi.operator.common.Reconciliation)
CA_CRT(io.strimzi.operator.cluster.model.Ca.CA_CRT)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
Kafka(io.strimzi.api.kafka.model.Kafka)
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Checkpoint(io.vertx.junit5.Checkpoint)
Kafka(io.strimzi.api.kafka.model.Kafka)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.jupiter.api.Test)
Aggregations
Secret (io.fabric8.kubernetes.api.model.Secret)18
KafkaResources (io.strimzi.api.kafka.model.KafkaResources)18
Ca (io.strimzi.operator.cluster.model.Ca)18
Labels (io.strimzi.operator.common.model.Labels)18
List (java.util.List)18
Map (java.util.Map)18
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)16
TestUtils (io.strimzi.test.TestUtils)16
CoreMatchers.not (org.hamcrest.CoreMatchers.not)16
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)16
CertificateAuthority (io.strimzi.api.kafka.model.CertificateAuthority)14
ArrayList (java.util.ArrayList)14
Date (java.util.Date)14
OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)12
CertificateAuthorityBuilder (io.strimzi.api.kafka.model.CertificateAuthorityBuilder)12
Kafka (io.strimzi.api.kafka.model.Kafka)12
ClusterOperator (io.strimzi.operator.cluster.ClusterOperator)12
AbstractModel (io.strimzi.operator.cluster.model.AbstractModel)12
ClusterCa (io.strimzi.operator.cluster.model.ClusterCa)12
InvalidResourceException (io.strimzi.operator.cluster.model.InvalidResourceException)12
