use of io.strimzi.operator.common.model.Labels in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method reconcileCa.
private Future<ArgumentCaptor<Secret>> reconcileCa(Vertx vertx, Kafka kafka, Supplier<Date> dateSupplier) {
ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
SecretOperator secretOps = supplier.secretOperations;
DeploymentOperator deploymentOps = supplier.deploymentOperations;
StatefulSetOperator stsOps = supplier.stsOperations;
PodOperator podOps = supplier.podOperations;
when(secretOps.list(eq(NAMESPACE), any())).thenAnswer(invocation -> {
Map<String, String> requiredLabels = ((Labels) invocation.getArgument(1)).toMap();
return secrets.stream().filter(s -> {
Map<String, String> labels = s.getMetadata().getLabels();
labels.keySet().retainAll(requiredLabels.keySet());
return labels.equals(requiredLabels);
}).collect(Collectors.toList());
});
ArgumentCaptor<Secret> c = ArgumentCaptor.forClass(Secret.class);
when(secretOps.reconcile(any(), eq(NAMESPACE), eq(AbstractModel.clusterCaCertSecretName(NAME)), c.capture())).thenAnswer(i -> Future.succeededFuture(ReconcileResult.noop(i.getArgument(0))));
when(secretOps.reconcile(any(), eq(NAMESPACE), eq(AbstractModel.clusterCaKeySecretName(NAME)), c.capture())).thenAnswer(i -> Future.succeededFuture(ReconcileResult.noop(i.getArgument(0))));
when(secretOps.reconcile(any(), eq(NAMESPACE), eq(KafkaResources.clientsCaCertificateSecretName(NAME)), c.capture())).thenAnswer(i -> Future.succeededFuture(ReconcileResult.noop(i.getArgument(0))));
when(secretOps.reconcile(any(), eq(NAMESPACE), eq(KafkaResources.clientsCaKeySecretName(NAME)), c.capture())).thenAnswer(i -> Future.succeededFuture(ReconcileResult.noop(i.getArgument(0))));
when(secretOps.reconcile(any(), eq(NAMESPACE), eq(ClusterOperator.secretName(NAME)), any())).thenAnswer(i -> Future.succeededFuture(ReconcileResult.created(i.getArgument(0))));
when(deploymentOps.getAsync(eq(NAMESPACE), any())).thenReturn(Future.succeededFuture());
when(stsOps.getAsync(eq(NAMESPACE), any())).thenReturn(Future.succeededFuture());
when(podOps.listAsync(eq(NAMESPACE), any(Labels.class))).thenReturn(Future.succeededFuture(List.of()));
KafkaAssemblyOperator op = new KafkaAssemblyOperator(vertx, new PlatformFeaturesAvailability(false, KubernetesVersion.V1_16), certManager, passwordGenerator, supplier, ResourceUtils.dummyClusterOperatorConfig(1L));
Reconciliation reconciliation = new Reconciliation("test-trigger", Kafka.RESOURCE_KIND, NAMESPACE, NAME);
Promise<ArgumentCaptor<Secret>> reconcileCasComplete = Promise.promise();
op.new ReconciliationState(reconciliation, kafka).reconcileCas(dateSupplier).onComplete(ar -> {
// If failed then return the throwable of the reconcileCas
if (ar.succeeded()) {
reconcileCasComplete.complete(c);
} else {
reconcileCasComplete.fail(ar.cause());
}
});
return reconcileCasComplete.future();
}
use of io.strimzi.operator.common.model.Labels in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithRenewingCa.
@Test
public void testRenewalOfDeploymentCertificatesWithRenewingCa() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(true);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(false);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.operator.common.model.Labels in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithNullSecret.
@Test
public void testRenewalOfDeploymentCertificatesWithNullSecret() throws IOException {
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, null, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.operator.common.model.Labels in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewal.
@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewal() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(false);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.operator.common.model.Labels in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow.
@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(false);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, false);
assertThat(newSecret.getData(), hasEntry("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())));
}
Aggregations