Example 16 with InvalidResourceException
use of io.strimzi.operator.cluster.model.InvalidResourceException in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordIsEmpty.
@Test
public void testGenerateSecretUseDesiredPasswordIsEmpty() {
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").endMetadata().addToData("my-password", Base64.getEncoder().encodeToString("".getBytes(StandardCharsets.UTF_8))).build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, desiredPasswordSecret);
});
assertThat(e.getMessage(), is("The requested user password is empty."));
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 17 with InvalidResourceException
use of io.strimzi.operator.cluster.model.InvalidResourceException in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordMissingKey.
@Test
public void testGenerateSecretUseDesiredPasswordMissingKey() {
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").endMetadata().addToData("my-other-password", DESIRED_BASE64_PASSWORD).build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, desiredPasswordSecret);
});
assertThat(e.getMessage(), is("Secret my-secret does not contain the key my-password with requested user password."));
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 18 with InvalidResourceException
use of io.strimzi.operator.cluster.model.InvalidResourceException in project strimzi-kafka-operator by strimzi.
the class KafkaUserModelTest method testFromCrdScramShaUserWithEmptyPasswordThrows.
@Test
public void testFromCrdScramShaUserWithEmptyPasswordThrows() {
KafkaUser emptyPassword = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
KafkaUserModel.fromCrd(emptyPassword, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
});
assertThat(e.getMessage(), is("Resource requests custom SCRAM-SHA-512 password but doesn't specify the secret name and/or key"));
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 19 with InvalidResourceException
use of io.strimzi.operator.cluster.model.InvalidResourceException in project strimzi by strimzi.
the class KafkaUserModel method fromCrd.
/**
* Creates instance of KafkaUserModel from CRD definition.
*
* @param kafkaUser The Custom Resource based on which the model should be created.
* @param secretPrefix The prefix used to add to the name of the Secret generated from the KafkaUser resource.
* @param aclsAdminApiSupported Indicates whether Kafka Admin API can be used to manage ACL rights
* @return The user model.
*/
public static KafkaUserModel fromCrd(KafkaUser kafkaUser, String secretPrefix, boolean aclsAdminApiSupported) {
KafkaUserModel result = new KafkaUserModel(kafkaUser.getMetadata().getNamespace(), kafkaUser.getMetadata().getName(), Labels.fromResource(kafkaUser).withStrimziKind(kafkaUser.getKind()), secretPrefix);
validateTlsUsername(kafkaUser);
validateDesiredPassword(kafkaUser);
result.setOwnerReference(kafkaUser);
result.setAuthentication(kafkaUser.getSpec().getAuthentication());
if (kafkaUser.getSpec().getAuthorization() != null && kafkaUser.getSpec().getAuthorization().getType().equals(KafkaUserAuthorizationSimple.TYPE_SIMPLE)) {
if (aclsAdminApiSupported) {
KafkaUserAuthorizationSimple simple = (KafkaUserAuthorizationSimple) kafkaUser.getSpec().getAuthorization();
result.setSimpleAclRules(simple.getAcls());
} else {
throw new InvalidResourceException("Simple authorization ACL rules are configured but not supported in the Kafka cluster configuration.");
}
}
result.setQuotas(kafkaUser.getSpec().getQuotas());
if (kafkaUser.getSpec().getTemplate() != null && kafkaUser.getSpec().getTemplate().getSecret() != null && kafkaUser.getSpec().getTemplate().getSecret().getMetadata() != null) {
result.templateSecretLabels = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getLabels();
result.templateSecretAnnotations = kafkaUser.getSpec().getTemplate().getSecret().getMetadata().getAnnotations();
}
return result;
}
Also used :
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserAuthorizationSimple(io.strimzi.api.kafka.model.KafkaUserAuthorizationSimple)
Example 20 with InvalidResourceException
use of io.strimzi.operator.cluster.model.InvalidResourceException in project strimzi by strimzi.
the class KafkaUserModelTest method testGenerateSecretUseDesiredPasswordIsEmpty.
@Test
public void testGenerateSecretUseDesiredPasswordIsEmpty() {
KafkaUser user = new KafkaUserBuilder(scramShaUser).editSpec().withNewKafkaUserScramSha512ClientAuthentication().withNewPassword().withNewValueFrom().withNewSecretKeyRef("my-password", "my-secret", false).endValueFrom().endPassword().endKafkaUserScramSha512ClientAuthentication().endSpec().build();
Secret desiredPasswordSecret = new SecretBuilder().withNewMetadata().withName("my-secret").endMetadata().addToData("my-password", Base64.getEncoder().encodeToString("".getBytes(StandardCharsets.UTF_8))).build();
KafkaUserModel model = KafkaUserModel.fromCrd(user, UserOperatorConfig.DEFAULT_SECRET_PREFIX, UserOperatorConfig.DEFAULT_STRIMZI_ACLS_ADMIN_API_SUPPORTED);
InvalidResourceException e = assertThrows(InvalidResourceException.class, () -> {
model.maybeGeneratePassword(Reconciliation.DUMMY_RECONCILIATION, passwordGenerator, null, desiredPasswordSecret);
});
assertThat(e.getMessage(), is("The requested user password is empty."));
}
Also used :
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
InvalidResourceException(io.strimzi.operator.cluster.model.InvalidResourceException)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Aggregations
InvalidResourceException (io.strimzi.operator.cluster.model.InvalidResourceException)28
Test (org.junit.jupiter.api.Test)12
KafkaUser (io.strimzi.api.kafka.model.KafkaUser)10
KafkaUserBuilder (io.strimzi.api.kafka.model.KafkaUserBuilder)10
Condition (io.strimzi.api.kafka.model.status.Condition)10
StatusUtils (io.strimzi.operator.common.operator.resource.StatusUtils)10
Future (io.vertx.core.Future)10
Promise (io.vertx.core.Promise)10
Vertx (io.vertx.core.Vertx)10
Collections (java.util.Collections)10
Map (java.util.Map)10
Collectors (java.util.stream.Collectors)10
Secret (io.fabric8.kubernetes.api.model.Secret)8
CustomResource (io.fabric8.kubernetes.client.CustomResource)8
KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)8
Resource (io.fabric8.kubernetes.client.dsl.Resource)8
PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)8
ClusterOperatorConfig (io.strimzi.operator.cluster.ClusterOperatorConfig)8
ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)8
Annotations (io.strimzi.operator.common.Annotations)8
