Example 71 with PasswordGenerator
use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.
the class ClusterCaTest method testIsExpiringCertificate.
@ParallelTest
public void testIsExpiringCertificate() {
// simulate certificate creation at following time, with expire at 365 days later (by default) and renewal days at 30 (by default)
String instantExpected = "2022-03-30T09:00:00Z";
Clock clock = Clock.fixed(Instant.parse(instantExpected), UTC);
ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
clusterCa.setClock(clock);
clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
// check certificate expiration out of the renewal period, certificate is not expiring
instantExpected = "2023-02-15T09:00:00Z";
clock = Clock.fixed(Instant.parse(instantExpected), UTC);
clusterCa.setClock(clock);
assertThat(clusterCa.isExpiring(clusterCa.caCertSecret(), Ca.CA_CRT), is(false));
// check certificate expiration within the renewal period, certificate is expiring
instantExpected = "2023-03-15T09:00:00Z";
clock = Clock.fixed(Instant.parse(instantExpected), UTC);
clusterCa.setClock(clock);
assertThat(clusterCa.isExpiring(clusterCa.caCertSecret(), Ca.CA_CRT), is(true));
}
Also used :
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
Clock(java.time.Clock)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 72 with PasswordGenerator
use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.
the class ClusterCaTest method testRemoveExpiredCertificate.
@ParallelTest
public void testRemoveExpiredCertificate() {
// simulate certificate creation at following time, with expire at 365 days later (by default)
String instantExpected = "2022-03-23T09:00:00Z";
Clock clock = Clock.fixed(Instant.parse(instantExpected), UTC);
ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
clusterCa.setClock(clock);
clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
assertThat(clusterCa.caCertSecret().getData().size(), is(3));
// force key replacement so certificate renewal ...
Secret caKeySecretWithReplaceAnno = new SecretBuilder(clusterCa.caKeySecret()).editMetadata().addToAnnotations(Ca.ANNO_STRIMZI_IO_FORCE_REPLACE, "true").endMetadata().build();
// ... simulated at the following time, with expire at 365 days later (by default)
instantExpected = "2022-03-23T11:00:00Z";
clock = Clock.fixed(Instant.parse(instantExpected), UTC);
clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, clusterCa.caCertSecret(), caKeySecretWithReplaceAnno);
clusterCa.setClock(clock);
clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
assertThat(clusterCa.caCertSecret().getData().size(), is(4));
assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(true));
// running a CA reconcile simulated at following time (365 days later) expecting expired certificate being removed
instantExpected = "2023-03-23T10:00:00Z";
clock = Clock.fixed(Instant.parse(instantExpected), UTC);
clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), cluster, clusterCa.caCertSecret(), clusterCa.caKeySecret());
clusterCa.setClock(clock);
clusterCa.createRenewOrReplace(namespace, cluster, emptyMap(), emptyMap(), emptyMap(), null, true);
assertThat(clusterCa.caCertSecret().getData().size(), is(3));
assertThat(clusterCa.caCertSecret().getData().containsKey("ca-2023-03-23T09-00-00Z.crt"), is(false));
}
Also used :
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
Secret(io.fabric8.kubernetes.api.model.Secret)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
Clock(java.time.Clock)
ParallelTest(io.strimzi.test.annotations.ParallelTest)
Example 73 with PasswordGenerator
use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.
the class CruiseControl method generateCruiseControlApiCredentials.
/**
* Creates Cruise Control API auth usernames, passwords, and credentials file
*
* @return Map containing Cruise Control API auth credentials
*/
public static Map<String, String> generateCruiseControlApiCredentials() {
PasswordGenerator passwordGenerator = new PasswordGenerator(16);
String apiAdminPassword = passwordGenerator.generate();
String apiUserPassword = passwordGenerator.generate();
/*
* Create Cruise Control API auth credentials file following Jetty's
* HashLoginService's file format: username: password [,rolename ...]
*/
String authCredentialsFile = API_ADMIN_NAME + ": " + apiAdminPassword + "," + API_ADMIN_ROLE + "\n" + API_USER_NAME + ": " + apiUserPassword + "," + API_USER_ROLE + "\n";
Map<String, String> data = new HashMap<>(3);
data.put(API_ADMIN_PASSWORD_KEY, Util.encodeToBase64(apiAdminPassword));
data.put(API_USER_PASSWORD_KEY, Util.encodeToBase64(apiUserPassword));
data.put(API_AUTH_FILE_KEY, Util.encodeToBase64(authCredentialsFile));
return data;
}
Also used :
HashMap(java.util.HashMap)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
Example 74 with PasswordGenerator
use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.
the class KafkaAssemblyOperatorMockTest method init.
/*
* init is equivalent to a @BeforeEach method
* since this is a parameterized set, the tests params are only available at test start
* This must be called before each test
*/
private void init(Params params) {
setFields(params);
cluster = new KafkaBuilder().withNewMetadata().withName(CLUSTER_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withNewSpec().withNewKafka().withReplicas(kafkaReplicas).withStorage(kafkaStorage).withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).build(), new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).build()).withResources(resources).endKafka().withNewZookeeper().withReplicas(zkReplicas).withStorage(zkStorage).endZookeeper().withNewEntityOperator().withNewTopicOperator().endTopicOperator().withNewUserOperator().endUserOperator().endEntityOperator().endSpec().build();
// Configure the Kubernetes Mock
mockKube = new MockKube2.MockKube2Builder(client).withKafkaCrd().withInitialKafkas(cluster).withStrimziPodSetCrd().withDeploymentController().withPodController().withStatefulSetController().withServiceController().build();
mockKube.start();
PlatformFeaturesAvailability pfa = new PlatformFeaturesAvailability(false, kubernetesVersion);
ResourceOperatorSupplier supplier = supplierWithMocks();
ClusterOperatorConfig config = ResourceUtils.dummyClusterOperatorConfig(VERSIONS);
operator = new KafkaAssemblyOperator(vertx, pfa, new MockCertManager(), new PasswordGenerator(10, "a", "a"), supplier, config);
}
Also used :
ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)
MockCertManager(io.strimzi.operator.common.operator.MockCertManager)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
MockKube2(io.strimzi.test.mockkube2.MockKube2)
PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability)
ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
Example 75 with PasswordGenerator
use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.
the class KafkaAssemblyOperatorNonParametrizedTest method testDeleteClusterRoleBindings.
@Test
public void testDeleteClusterRoleBindings(VertxTestContext context) {
ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
ClusterRoleBindingOperator mockCrbOps = supplier.clusterRoleBindingOperator;
ArgumentCaptor<ClusterRoleBinding> desiredCrb = ArgumentCaptor.forClass(ClusterRoleBinding.class);
when(mockCrbOps.reconcile(any(), eq(KafkaResources.initContainerClusterRoleBindingName(NAME, NAMESPACE)), desiredCrb.capture())).thenReturn(Future.succeededFuture());
KafkaAssemblyOperator op = new KafkaAssemblyOperator(vertx, new PlatformFeaturesAvailability(false, KubernetesVersion.V1_16), certManager, passwordGenerator, supplier, ResourceUtils.dummyClusterOperatorConfig(1L));
Reconciliation reconciliation = new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, NAMESPACE, NAME);
Checkpoint async = context.checkpoint();
op.delete(reconciliation).onComplete(context.succeeding(c -> context.verify(() -> {
assertThat(desiredCrb.getValue(), is(nullValue()));
Mockito.verify(mockCrbOps, times(1)).reconcile(any(), any(), any());
async.flag();
})));
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
Date(java.util.Date)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
ClusterRoleBindingOperator(io.strimzi.operator.common.operator.resource.ClusterRoleBindingOperator)
Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions)
AfterAll(org.junit.jupiter.api.AfterAll)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
Collections.singleton(java.util.Collections.singleton)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Map(java.util.Map)
PodOperator(io.strimzi.operator.common.operator.resource.PodOperator)
ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)
ResourceUtils(io.strimzi.operator.cluster.ResourceUtils)
AbstractModel(io.strimzi.operator.cluster.model.AbstractModel)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
VertxExtension(io.vertx.junit5.VertxExtension)
Future(io.vertx.core.Future)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)
Secret(io.fabric8.kubernetes.api.model.Secret)
Checkpoint(io.vertx.junit5.Checkpoint)
PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability)
ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
HashMap(java.util.HashMap)
OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference)
KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder)
ArgumentCaptor(org.mockito.ArgumentCaptor)
ClusterOperator(io.strimzi.operator.cluster.ClusterOperator)
KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
Matchers.hasEntry(org.hamcrest.Matchers.hasEntry)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
OwnerReferenceBuilder(io.fabric8.kubernetes.api.model.OwnerReferenceBuilder)
KubernetesVersion(io.strimzi.operator.KubernetesVersion)
Vertx(io.vertx.core.Vertx)
Mockito.times(org.mockito.Mockito.times)
Mockito.when(org.mockito.Mockito.when)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Mockito(org.mockito.Mockito)
Kafka(io.strimzi.api.kafka.model.Kafka)
OpenSslCertManager(io.strimzi.certs.OpenSslCertManager)
ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)
Checkpoint(io.vertx.junit5.Checkpoint)
PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
Reconciliation(io.strimzi.operator.common.Reconciliation)
ClusterRoleBindingOperator(io.strimzi.operator.common.operator.resource.ClusterRoleBindingOperator)
Test(org.junit.jupiter.api.Test)
Aggregations
PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)136
ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)110
Reconciliation (io.strimzi.operator.common.Reconciliation)104
PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)102
Future (io.vertx.core.Future)96
ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)94
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)94
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)94
ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)94
Mockito.when (org.mockito.Mockito.when)94
KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)92
KubernetesVersion (io.strimzi.operator.KubernetesVersion)90
Vertx (io.vertx.core.Vertx)90
CoreMatchers.is (org.hamcrest.CoreMatchers.is)88
AfterAll (org.junit.jupiter.api.AfterAll)88
BeforeAll (org.junit.jupiter.api.BeforeAll)88
Test (org.junit.jupiter.api.Test)86
ArgumentCaptor (org.mockito.ArgumentCaptor)86
MockCertManager (io.strimzi.operator.common.operator.MockCertManager)84
Checkpoint (io.vertx.junit5.Checkpoint)82
