Search in sources :

Example 21 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class VolumeResizingTest method testVolumesResizing.

@Test
public void testVolumesResizing() {
    Kafka kafka = getKafkaCrd();
    KafkaCluster kafkaCluster = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafka, VERSIONS);
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    // Mock the PVC Operator
    PvcOperator mockPvcOps = supplier.pvcOperations;
    List<PersistentVolumeClaim> realPvcs = kafkaCluster.generatePersistentVolumeClaims(kafka.getSpec().getKafka().getStorage());
    for (PersistentVolumeClaim pvc : realPvcs) {
        pvc.setStatus(new PersistentVolumeClaimStatusBuilder().withPhase("Bound").withConditions(new PersistentVolumeClaimConditionBuilder().withStatus("True").withType("Resizing").build()).withCapacity(singletonMap("storage", new Quantity("10Gi"))).build());
    }
    when(mockPvcOps.getAsync(eq(namespace), ArgumentMatchers.startsWith("data-"))).thenAnswer(invocation -> {
        String pvcName = invocation.getArgument(1);
        return Future.succeededFuture(realPvcs.stream().filter(pvc -> pvcName.equals(pvc.getMetadata().getName())).findFirst().orElse(null));
    });
    ArgumentCaptor<PersistentVolumeClaim> pvcCaptor = ArgumentCaptor.forClass(PersistentVolumeClaim.class);
    when(mockPvcOps.reconcile(any(), anyString(), anyString(), pvcCaptor.capture())).thenReturn(Future.succeededFuture());
    // Mock the StorageClass Operator
    StorageClassOperator mockSco = supplier.storageClassOperations;
    when(mockSco.getAsync(eq("mysc"))).thenAnswer(invocation -> {
        StorageClass sc = new StorageClassBuilder().withNewMetadata().withName("mysc").endMetadata().withAllowVolumeExpansion(true).build();
        return Future.succeededFuture(sc);
    });
    MockKafkaAssemblyOperator kao = new MockKafkaAssemblyOperator(vertx, new PlatformFeaturesAvailability(false, kubernetesVersion), certManager, passwordGenerator, supplier, config);
    kao.resizeVolumes(new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, namespace, clusterName), kafka, kafkaCluster.generatePersistentVolumeClaims(kafka.getSpec().getKafka().getStorage()), kafkaCluster).onComplete(res -> {
        assertThat(res.succeeded(), is(true));
        // The volumes are resizing => no reconciliation
        assertThat(pvcCaptor.getAllValues().size(), is(0));
    });
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) ArgumentMatchers(org.mockito.ArgumentMatchers) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) CertManager(io.strimzi.certs.CertManager) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) PersistentVolumeClaimConditionBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimConditionBuilder) AfterAll(org.junit.jupiter.api.AfterAll) ArgumentCaptor(org.mockito.ArgumentCaptor) KafkaCluster(io.strimzi.operator.cluster.model.KafkaCluster) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) BeforeAll(org.junit.jupiter.api.BeforeAll) PersistentVolumeClaimStatusBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimStatusBuilder) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Collections.singletonMap(java.util.Collections.singletonMap) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) KubernetesVersion(io.strimzi.operator.KubernetesVersion) Vertx(io.vertx.core.Vertx) StorageClassOperator(io.strimzi.operator.common.operator.resource.StorageClassOperator) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Mockito.when(org.mockito.Mockito.when) PvcOperator(io.strimzi.operator.common.operator.resource.PvcOperator) Future(io.vertx.core.Future) StorageClassBuilder(io.fabric8.kubernetes.api.model.storage.StorageClassBuilder) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) List(java.util.List) StorageClass(io.fabric8.kubernetes.api.model.storage.StorageClass) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Kafka(io.strimzi.api.kafka.model.Kafka) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) PersistentVolumeClaimStatusBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimStatusBuilder) KafkaCluster(io.strimzi.operator.cluster.model.KafkaCluster) StorageClassOperator(io.strimzi.operator.common.operator.resource.StorageClassOperator) StorageClass(io.fabric8.kubernetes.api.model.storage.StorageClass) Kafka(io.strimzi.api.kafka.model.Kafka) Quantity(io.fabric8.kubernetes.api.model.Quantity) StorageClassBuilder(io.fabric8.kubernetes.api.model.storage.StorageClassBuilder) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) PvcOperator(io.strimzi.operator.common.operator.resource.PvcOperator) PersistentVolumeClaimConditionBuilder(io.fabric8.kubernetes.api.model.PersistentVolumeClaimConditionBuilder) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) PlatformFeaturesAvailability(io.strimzi.operator.PlatformFeaturesAvailability) Reconciliation(io.strimzi.operator.common.Reconciliation) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Test(org.junit.jupiter.api.Test)

Example 22 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class KafkaCluster method generateJmxSecret.

/**
 * Generate the Secret containing the username and password to secure the jmx port on the kafka brokers
 *
 * @return The generated Secret
 */
public Secret generateJmxSecret() {
    Map<String, String> data = new HashMap<>(2);
    String[] keys = { SECRET_JMX_USERNAME_KEY, SECRET_JMX_PASSWORD_KEY };
    PasswordGenerator passwordGenerator = new PasswordGenerator(16);
    for (String key : keys) {
        data.put(key, Base64.getEncoder().encodeToString(passwordGenerator.generate().getBytes(StandardCharsets.US_ASCII)));
    }
    return createJmxSecret(KafkaCluster.jmxSecretName(cluster), data);
}
Also used : HashMap(java.util.HashMap) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)

Example 23 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class KafkaCluster method generateJmxSecret.

/**
 * Generate the Secret containing the username and password to secure the jmx port on the Kafka brokers.
 *
 * @param currentSecret The existing Secret with the current JMX credentials. Null if no secret exists yet.
 *
 * @return The generated Secret
 */
public Secret generateJmxSecret(Secret currentSecret) {
    if (isJmxAuthenticated) {
        PasswordGenerator passwordGenerator = new PasswordGenerator(16);
        Map<String, String> data = new HashMap<>(2);
        if (currentSecret != null && currentSecret.getData() != null) {
            data.put(SECRET_JMX_USERNAME_KEY, currentSecret.getData().computeIfAbsent(SECRET_JMX_USERNAME_KEY, (key) -> Util.encodeToBase64(passwordGenerator.generate())));
            data.put(SECRET_JMX_PASSWORD_KEY, currentSecret.getData().computeIfAbsent(SECRET_JMX_PASSWORD_KEY, (key) -> Util.encodeToBase64(passwordGenerator.generate())));
        } else {
            data.put(SECRET_JMX_USERNAME_KEY, Util.encodeToBase64(passwordGenerator.generate()));
            data.put(SECRET_JMX_PASSWORD_KEY, Util.encodeToBase64(passwordGenerator.generate()));
        }
        return createJmxSecret(KafkaResources.kafkaJmxSecretName(cluster), data);
    } else {
        return null;
    }
}
Also used : VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy) KafkaClusterSpec(io.strimzi.api.kafka.model.KafkaClusterSpec) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) Storage(io.strimzi.api.kafka.model.storage.Storage) HTTPIngressPath(io.fabric8.kubernetes.api.model.networking.v1.HTTPIngressPath) Rack(io.strimzi.api.kafka.model.Rack) ServicePort(io.fabric8.kubernetes.api.model.ServicePort) Annotations(io.strimzi.operator.common.Annotations) IngressTLS(io.fabric8.kubernetes.api.model.networking.v1.IngressTLS) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) Route(io.fabric8.openshift.api.model.Route) IngressRule(io.fabric8.kubernetes.api.model.networking.v1.IngressRule) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) IngressTLSBuilder(io.fabric8.kubernetes.api.model.networking.v1.IngressTLSBuilder) KafkaClusterTemplate(io.strimzi.api.kafka.model.template.KafkaClusterTemplate) Map(java.util.Map) ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder) JsonObject(io.vertx.core.json.JsonObject) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) KafkaSpec(io.strimzi.api.kafka.model.KafkaSpec) Affinity(io.fabric8.kubernetes.api.model.Affinity) IngressBuilder(io.fabric8.kubernetes.api.model.networking.v1.IngressBuilder) ProbeBuilder(io.strimzi.api.kafka.model.ProbeBuilder) Probe(io.strimzi.api.kafka.model.Probe) StatusUtils(io.strimzi.operator.common.operator.resource.StatusUtils) SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder) RouteBuilder(io.fabric8.openshift.api.model.RouteBuilder) ListenersUtils.isListenerWithOAuth(io.strimzi.operator.cluster.model.ListenersUtils.isListenerWithOAuth) Set(java.util.Set) RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Collectors(java.util.stream.Collectors) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) StrimziPodSet(io.strimzi.api.kafka.model.StrimziPodSet) Collections.addAll(java.util.Collections.addAll) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Secret(io.fabric8.kubernetes.api.model.Secret) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Condition(io.strimzi.api.kafka.model.status.Condition) ClusterOperatorConfig(io.strimzi.operator.cluster.ClusterOperatorConfig) Uuid(org.apache.kafka.common.Uuid) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) Container(io.fabric8.kubernetes.api.model.Container) Subject(io.fabric8.kubernetes.api.model.rbac.Subject) HashMap(java.util.HashMap) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) KafkaAuthorization(io.strimzi.api.kafka.model.KafkaAuthorization) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) ListenersUtils.isListenerWithCustomAuth(io.strimzi.operator.cluster.model.ListenersUtils.isListenerWithCustomAuth) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) KafkaSpecChecker(io.strimzi.operator.cluster.operator.resource.KafkaSpecChecker) Volume(io.fabric8.kubernetes.api.model.Volume) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder) CertAndKeySecretSource(io.strimzi.api.kafka.model.CertAndKeySecretSource) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) KafkaAuthorizationKeycloak(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak) KafkaListenerAuthenticationCustom(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustom) IOException(java.io.IOException) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) KafkaListenerAuthenticationOAuth(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuth) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort) Logging(io.strimzi.api.kafka.model.Logging) Reconciliation(io.strimzi.operator.common.Reconciliation) JsonArray(io.vertx.core.json.JsonArray) IngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.IngressRuleBuilder) Util(io.strimzi.operator.common.Util) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) Kafka(io.strimzi.api.kafka.model.Kafka) CRUISE_CONTROL_METRIC_REPORTER(io.strimzi.operator.cluster.model.CruiseControl.CRUISE_CONTROL_METRIC_REPORTER) HTTPIngressPathBuilder(io.fabric8.kubernetes.api.model.networking.v1.HTTPIngressPathBuilder) Collections(java.util.Collections) HashMap(java.util.HashMap) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)

Example 24 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class Main method run.

static CompositeFuture run(Vertx vertx, KubernetesClient client, PlatformFeaturesAvailability pfa, ClusterOperatorConfig config) {
    Util.printEnvInfo();
    ResourceOperatorSupplier resourceOperatorSupplier = new ResourceOperatorSupplier(vertx, client, pfa, config.getOperationTimeoutMs());
    KafkaAssemblyOperator kafkaClusterOperations = null;
    KafkaConnectAssemblyOperator kafkaConnectClusterOperations = null;
    KafkaMirrorMaker2AssemblyOperator kafkaMirrorMaker2AssemblyOperator = null;
    KafkaMirrorMakerAssemblyOperator kafkaMirrorMakerAssemblyOperator = null;
    KafkaBridgeAssemblyOperator kafkaBridgeAssemblyOperator = null;
    KafkaRebalanceAssemblyOperator kafkaRebalanceAssemblyOperator = null;
    if (!config.isPodSetReconciliationOnly()) {
        OpenSslCertManager certManager = new OpenSslCertManager();
        PasswordGenerator passwordGenerator = new PasswordGenerator(12, "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789");
        kafkaClusterOperations = new KafkaAssemblyOperator(vertx, pfa, certManager, passwordGenerator, resourceOperatorSupplier, config);
        kafkaConnectClusterOperations = new KafkaConnectAssemblyOperator(vertx, pfa, resourceOperatorSupplier, config);
        kafkaMirrorMaker2AssemblyOperator = new KafkaMirrorMaker2AssemblyOperator(vertx, pfa, resourceOperatorSupplier, config);
        kafkaMirrorMakerAssemblyOperator = new KafkaMirrorMakerAssemblyOperator(vertx, pfa, certManager, passwordGenerator, resourceOperatorSupplier, config);
        kafkaBridgeAssemblyOperator = new KafkaBridgeAssemblyOperator(vertx, pfa, certManager, passwordGenerator, resourceOperatorSupplier, config);
        kafkaRebalanceAssemblyOperator = new KafkaRebalanceAssemblyOperator(vertx, resourceOperatorSupplier, config);
    }
    @SuppressWarnings({ "rawtypes" }) List<Future> futures = new ArrayList<>(config.getNamespaces().size());
    for (String namespace : config.getNamespaces()) {
        Promise<String> prom = Promise.promise();
        futures.add(prom.future());
        ClusterOperator operator = new ClusterOperator(namespace, config, client, kafkaClusterOperations, kafkaConnectClusterOperations, kafkaMirrorMakerAssemblyOperator, kafkaMirrorMaker2AssemblyOperator, kafkaBridgeAssemblyOperator, kafkaRebalanceAssemblyOperator, resourceOperatorSupplier);
        vertx.deployVerticle(operator, res -> {
            if (res.succeeded()) {
                if (config.getCustomResourceSelector() != null) {
                    LOGGER.info("Cluster Operator verticle started in namespace {} with label selector {}", namespace, config.getCustomResourceSelector());
                } else {
                    LOGGER.info("Cluster Operator verticle started in namespace {} without label selector", namespace);
                }
            } else {
                LOGGER.error("Cluster Operator verticle in namespace {} failed to start", namespace, res.cause());
                System.exit(1);
            }
            prom.handle(res);
        });
    }
    return CompositeFuture.join(futures);
}
Also used : KafkaAssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaAssemblyOperator) KafkaBridgeAssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaBridgeAssemblyOperator) KafkaMirrorMaker2AssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaMirrorMaker2AssemblyOperator) ArrayList(java.util.ArrayList) KafkaConnectAssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaConnectAssemblyOperator) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) CompositeFuture(io.vertx.core.CompositeFuture) Future(io.vertx.core.Future) KafkaMirrorMakerAssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaMirrorMakerAssemblyOperator) KafkaRebalanceAssemblyOperator(io.strimzi.operator.cluster.operator.assembly.KafkaRebalanceAssemblyOperator)

Example 25 with PasswordGenerator

use of io.strimzi.operator.common.PasswordGenerator in project strimzi by strimzi.

the class KafkaConnectCluster method generateJmxSecret.

/**
 * Generate the Secret containing the username and password to secure the jmx port on the kafka connect workers
 *
 * @return The generated Secret
 */
public Secret generateJmxSecret() {
    Map<String, String> data = new HashMap<>(2);
    String[] keys = { SECRET_JMX_USERNAME_KEY, SECRET_JMX_PASSWORD_KEY };
    PasswordGenerator passwordGenerator = new PasswordGenerator(16);
    for (String key : keys) {
        data.put(key, Base64.getEncoder().encodeToString(passwordGenerator.generate().getBytes(StandardCharsets.US_ASCII)));
    }
    return createJmxSecret(KafkaConnectCluster.jmxSecretName(cluster), data);
}
Also used : HashMap(java.util.HashMap) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator)

Aggregations

PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)136 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)110 Reconciliation (io.strimzi.operator.common.Reconciliation)104 PlatformFeaturesAvailability (io.strimzi.operator.PlatformFeaturesAvailability)102 Future (io.vertx.core.Future)96 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)94 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)94 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)94 ArgumentMatchers.eq (org.mockito.ArgumentMatchers.eq)94 Mockito.when (org.mockito.Mockito.when)94 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)92 KubernetesVersion (io.strimzi.operator.KubernetesVersion)90 Vertx (io.vertx.core.Vertx)90 CoreMatchers.is (org.hamcrest.CoreMatchers.is)88 AfterAll (org.junit.jupiter.api.AfterAll)88 BeforeAll (org.junit.jupiter.api.BeforeAll)88 Test (org.junit.jupiter.api.Test)86 ArgumentCaptor (org.mockito.ArgumentCaptor)86 MockCertManager (io.strimzi.operator.common.operator.MockCertManager)84 Checkpoint (io.vertx.junit5.Checkpoint)82