Examples with PasswordGenerator io.strimzi.operator.common.PasswordGenerator used on opensource projects

Search in sources :

Example 66 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi-kafka-operator by strimzi.

the class CruiseControlReconcilerTest method reconcileEnabledCruiseControl.

@Test
public void reconcileEnabledCruiseControl(VertxTestContext context) {
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    DeploymentOperator mockDepOps = supplier.deploymentOperations;
    SecretOperator mockSecretOps = supplier.secretOperations;
    ServiceAccountOperator mockSaOps = supplier.serviceAccountOperations;
    ServiceOperator mockServiceOps = supplier.serviceOperations;
    NetworkPolicyOperator mockNetPolicyOps = supplier.networkPolicyOperator;
    ConfigMapOperator mockCmOps = supplier.configMapOperations;
    ArgumentCaptor<ServiceAccount> saCaptor = ArgumentCaptor.forClass(ServiceAccount.class);
    when(mockSaOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceAccountName(NAME)), saCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.secretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.apiSecretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Service> serviceCaptor = ArgumentCaptor.forClass(Service.class);
    when(mockServiceOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceName(NAME)), serviceCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<NetworkPolicy> netPolicyCaptor = ArgumentCaptor.forClass(NetworkPolicy.class);
    when(mockNetPolicyOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.networkPolicyName(NAME)), netPolicyCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<ConfigMap> cmCaptor = ArgumentCaptor.forClass(ConfigMap.class);
    when(mockCmOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.logAndMetricsConfigMapName(NAME)), cmCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Deployment> depCaptor = ArgumentCaptor.forClass(Deployment.class);
    when(mockDepOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), depCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockDepOps.waitForObserved(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    when(mockDepOps.readiness(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    Kafka kafka = new KafkaBuilder(ResourceUtils.createKafka(NAMESPACE, NAME, 3, "foo", 120, 30)).editSpec().withCruiseControl(cruiseControlSpec).endSpec().build();
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), NAME, ResourceUtils.createInitialCaCertSecret(NAMESPACE, NAME, AbstractModel.clusterCaCertSecretName(NAME), MockCertManager.clusterCaCert(), MockCertManager.clusterCaCertStore(), "123456"), ResourceUtils.createInitialCaKeySecret(NAMESPACE, NAME, AbstractModel.clusterCaKeySecretName(NAME), MockCertManager.clusterCaKey()));
    CruiseControlReconciler rcnclr = new CruiseControlReconciler(Reconciliation.DUMMY_RECONCILIATION, ResourceUtils.dummyClusterOperatorConfig(), supplier, kafka, VERSIONS, kafka.getSpec().getKafka().getStorage(), clusterCa);
    Checkpoint async = context.checkpoint();
    rcnclr.reconcile(false, null, null, Date::new).onComplete(context.succeeding(v -> context.verify(() -> {
        assertThat(saCaptor.getAllValues().size(), is(1));
        assertThat(saCaptor.getValue(), is(notNullValue()));
        assertThat(secretCaptor.getAllValues().size(), is(2));
        assertThat(secretCaptor.getAllValues().get(0), is(notNullValue()));
        assertThat(secretCaptor.getAllValues().get(1), is(notNullValue()));
        assertThat(serviceCaptor.getAllValues().size(), is(1));
        assertThat(serviceCaptor.getValue(), is(notNullValue()));
        assertThat(netPolicyCaptor.getAllValues().size(), is(1));
        assertThat(netPolicyCaptor.getValue(), is(notNullValue()));
        assertThat(cmCaptor.getAllValues().size(), is(1));
        assertThat(cmCaptor.getValue(), is(notNullValue()));
        assertThat(depCaptor.getAllValues().size(), is(1));
        assertThat(depCaptor.getValue(), is(notNullValue()));
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BrokerCapacityBuilder(io.strimzi.api.kafka.model.balancing.BrokerCapacityBuilder) ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) Date(java.util.Date) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) ArgumentCaptor(org.mockito.ArgumentCaptor) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Map(java.util.Map) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Service(io.fabric8.kubernetes.api.model.Service) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) AbstractModel(io.strimzi.operator.cluster.model.AbstractModel) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Secret(io.fabric8.kubernetes.api.model.Secret) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Service(io.fabric8.kubernetes.api.model.Service) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Test(org.junit.jupiter.api.Test)

Example 67 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi-kafka-operator by strimzi.

the class CruiseControlReconcilerTest method reconcileDisabledCruiseControl.

@Test
public void reconcileDisabledCruiseControl(VertxTestContext context) {
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    DeploymentOperator mockDepOps = supplier.deploymentOperations;
    SecretOperator mockSecretOps = supplier.secretOperations;
    ServiceAccountOperator mockSaOps = supplier.serviceAccountOperations;
    ServiceOperator mockServiceOps = supplier.serviceOperations;
    NetworkPolicyOperator mockNetPolicyOps = supplier.networkPolicyOperator;
    ConfigMapOperator mockCmOps = supplier.configMapOperations;
    ArgumentCaptor<ServiceAccount> saCaptor = ArgumentCaptor.forClass(ServiceAccount.class);
    when(mockSaOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceAccountName(NAME)), saCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.secretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.apiSecretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Service> serviceCaptor = ArgumentCaptor.forClass(Service.class);
    when(mockServiceOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceName(NAME)), serviceCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<NetworkPolicy> netPolicyCaptor = ArgumentCaptor.forClass(NetworkPolicy.class);
    when(mockNetPolicyOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.networkPolicyName(NAME)), netPolicyCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<ConfigMap> cmCaptor = ArgumentCaptor.forClass(ConfigMap.class);
    when(mockCmOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.logAndMetricsConfigMapName(NAME)), cmCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Deployment> depCaptor = ArgumentCaptor.forClass(Deployment.class);
    when(mockDepOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), depCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockDepOps.waitForObserved(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    when(mockDepOps.readiness(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    Kafka kafka = ResourceUtils.createKafka(NAMESPACE, NAME, 3, "foo", 120, 30);
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), NAME, ResourceUtils.createInitialCaCertSecret(NAMESPACE, NAME, AbstractModel.clusterCaCertSecretName(NAME), MockCertManager.clusterCaCert(), MockCertManager.clusterCaCertStore(), "123456"), ResourceUtils.createInitialCaKeySecret(NAMESPACE, NAME, AbstractModel.clusterCaKeySecretName(NAME), MockCertManager.clusterCaKey()));
    CruiseControlReconciler rcnclr = new CruiseControlReconciler(Reconciliation.DUMMY_RECONCILIATION, ResourceUtils.dummyClusterOperatorConfig(), supplier, kafka, VERSIONS, kafka.getSpec().getKafka().getStorage(), clusterCa);
    Checkpoint async = context.checkpoint();
    rcnclr.reconcile(false, null, null, Date::new).onComplete(context.succeeding(v -> context.verify(() -> {
        assertThat(saCaptor.getAllValues().size(), is(1));
        assertThat(saCaptor.getValue(), is(nullValue()));
        assertThat(secretCaptor.getAllValues().size(), is(2));
        assertThat(secretCaptor.getAllValues().get(0), is(nullValue()));
        assertThat(secretCaptor.getAllValues().get(1), is(nullValue()));
        assertThat(serviceCaptor.getAllValues().size(), is(1));
        assertThat(serviceCaptor.getValue(), is(nullValue()));
        assertThat(netPolicyCaptor.getAllValues().size(), is(1));
        assertThat(netPolicyCaptor.getValue(), is(nullValue()));
        assertThat(cmCaptor.getAllValues().size(), is(1));
        assertThat(cmCaptor.getValue(), is(nullValue()));
        assertThat(depCaptor.getAllValues().size(), is(1));
        assertThat(depCaptor.getValue(), is(nullValue()));
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BrokerCapacityBuilder(io.strimzi.api.kafka.model.balancing.BrokerCapacityBuilder) ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) Date(java.util.Date) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) ArgumentCaptor(org.mockito.ArgumentCaptor) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Map(java.util.Map) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Service(io.fabric8.kubernetes.api.model.Service) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) AbstractModel(io.strimzi.operator.cluster.model.AbstractModel) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Secret(io.fabric8.kubernetes.api.model.Secret) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Service(io.fabric8.kubernetes.api.model.Service) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Test(org.junit.jupiter.api.Test)

Example 68 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi-kafka-operator by strimzi.

the class ClusterCaTest method testNotRemoveOldCertificateWithCustomCa.

@ParallelTest
public void testNotRemoveOldCertificateWithCustomCa() {
    Map<String, String> clusterCaCertData = new HashMap<>();
    clusterCaCertData.put(Ca.CA_CRT, Base64.getEncoder().encodeToString("dummy-crt".getBytes()));
    clusterCaCertData.put(Ca.CA_STORE, Base64.getEncoder().encodeToString("dummy-p12".getBytes()));
    clusterCaCertData.put(Ca.CA_STORE_PASSWORD, Base64.getEncoder().encodeToString("dummy-password".getBytes()));
    Secret clusterCaCert = new SecretBuilder().withNewMetadata().withName("my-cluster-cluster-ca-cert").endMetadata().withData(clusterCaCertData).build();
    Map<String, String> clusterCaKeyData = new HashMap<>();
    clusterCaKeyData.put(Ca.CA_KEY, Base64.getEncoder().encodeToString("dummy-key".getBytes()));
    Secret clusterCaKey = new SecretBuilder().withNewMetadata().withName("my-cluster-cluster-ca").endMetadata().withData(clusterCaKeyData).build();
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), cluster, clusterCaCert, clusterCaKey, 0, 0, false, CertificateExpirationPolicy.RENEW_CERTIFICATE);
    // simulate a renewal with new private key ...
    clusterCaKeyData.put(Ca.CA_KEY, Base64.getEncoder().encodeToString("new-dummy-key".getBytes()));
    clusterCaKey.setData(clusterCaKeyData);
    // ... also saving the old certificate
    clusterCaCertData.put("ca-2023-03-23T09-00-00Z.crt", clusterCaCertData.get(Ca.CA_CRT));
    clusterCaCertData.put(Ca.CA_CRT, Base64.getEncoder().encodeToString("new-dummy-crt".getBytes()));
    clusterCaCertData.put(Ca.CA_STORE, Base64.getEncoder().encodeToString("updated-dummy-p12".getBytes()));
    clusterCaCert.setData(clusterCaCertData);
    clusterCa.maybeDeleteOldCerts();
    // checking that the cluster CA related Secret was not touched by the operator
    Map<String, String> clusterCaCertDataInSecret = clusterCa.caCertSecret().getData();
    assertThat(clusterCaCertDataInSecret.size(), is(4));
    assertThat(new String(Base64.getDecoder().decode(clusterCaCertDataInSecret.get(Ca.CA_CRT))).equals("new-dummy-crt"), is(true));
    assertThat(new String(Base64.getDecoder().decode(clusterCaCertDataInSecret.get(Ca.CA_STORE))).equals("updated-dummy-p12"), is(true));
    assertThat(new String(Base64.getDecoder().decode(clusterCaCertDataInSecret.get(Ca.CA_STORE_PASSWORD))).equals("dummy-password"), is(true));
    assertThat(new String(Base64.getDecoder().decode(clusterCaCertDataInSecret.get("ca-2023-03-23T09-00-00Z.crt"))).equals("dummy-crt"), is(true));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) HashMap(java.util.HashMap) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 69 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi-kafka-operator by strimzi.

the class ClusterCaTest method testRemoveExpiredCertificate.

@ParallelTest
public void testRemoveExpiredCertificate() {
    // simulate certificate creation at following time, with expire at 365 days later (by default)
    String instantExpected = "2022-03-23T09:00:00Z";
    Clock clock = Clock.fixed(Instant.parse(instantExpected), UTC);
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
    clusterCa.setClock(clock);
    clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
    assertThat(clusterCa.caCertSecret().getData().size(), is(3));
    // force key replacement so certificate renewal ...
    Secret caKeySecretWithReplaceAnno = new SecretBuilder(clusterCa.caKeySecret()).editMetadata().addToAnnotations(Ca.ANNO_STRIMZI_IO_FORCE_REPLACE, "true").endMetadata().build();
    // ... simulated at the following time, with expire at 365 days later (by default)
    instantExpected = "2022-03-23T11:00:00Z";
    clock = Clock.fixed(Instant.parse(instantExpected), UTC);
    clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, clusterCa.caCertSecret(), caKeySecretWithReplaceAnno);
    clusterCa.setClock(clock);
    clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
    assertThat(clusterCa.caCertSecret().getData().size(), is(4));
    assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(true));
    // running a CA reconcile simulated at following time (365 days later) expecting expired certificate being removed
    instantExpected = "2023-03-23T10:00:00Z";
    clock = Clock.fixed(Instant.parse(instantExpected), UTC);
    clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), cluster, clusterCa.caCertSecret(), clusterCa.caKeySecret());
    clusterCa.setClock(clock);
    clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
    assertThat(clusterCa.caCertSecret().getData().size(), is(3));
    assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(false));
}
Also used : OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Clock(java.time.Clock) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 70 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class ClusterCaTest method testRemoveOldCertificate.

@ParallelTest
public void testRemoveOldCertificate() {
    // simulate certificate creation at following time, with expire at 365 days later (by default)
    String instantExpected = "2022-03-23T09:00:00Z";
    Clock clock = Clock.fixed(Instant.parse(instantExpected), UTC);
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
    clusterCa.setClock(clock);
    clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
    assertThat(clusterCa.caCertSecret().getData().size(), is(3));
    // force key replacement so certificate renewal ...
    Secret caKeySecretWithReplaceAnno = new SecretBuilder(clusterCa.caKeySecret()).editMetadata().addToAnnotations(Ca.ANNO_STRIMZI_IO_FORCE_REPLACE, "true").endMetadata().build();
    // ... simulated at the following time, with expire at 365 days later (by default)
    instantExpected = "2022-03-23T11:00:00Z";
    clock = Clock.fixed(Instant.parse(instantExpected), UTC);
    clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, clusterCa.caCertSecret(), caKeySecretWithReplaceAnno);
    clusterCa.setClock(clock);
    clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
    assertThat(clusterCa.caCertSecret().getData().size(), is(4));
    assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(true));
    clusterCa.maybeDeleteOldCerts();
    assertThat(clusterCa.caCertSecret().getData().size(), is(3));
    assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(false));
}
Also used : OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Clock(java.time.Clock) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)136 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)110 Reconciliation (io.strimzi.operator.common.Reconciliation)104 PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)102 Future (io.vertx.core.Future)96 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)94 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)94 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)94 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)94 Mockito.when (org.mockito.Mockito.when)94 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)92 KubernetesVersion (io.strimzi.operator.KubernetesVersion)90 Vertx (io.vertx.core.Vertx)90 CoreMatchers.is (org.hamcrest.CoreMatchers.is)88 AfterAll (org.junit.jupiter.api.AfterAll)88 BeforeAll (org.junit.jupiter.api.BeforeAll)88 Test (org.junit.jupiter.api.Test)86 ArgumentCaptor (org.mockito.ArgumentCaptor)86 MockCertManager (io.strimzi.operator.common.operator.MockCertManager)84 Checkpoint (io.vertx.junit5.Checkpoint)82
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial