Example 6 with SimpleAclRule
use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.
the class KafkaUserOperatorTest method testReconcileNewTlsUser.
@Test
public void testReconcileNewTlsUser(VertxTestContext context) {
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
KafkaUser user = ResourceUtils.createKafkaUserTls();
Secret clientsCa = ResourceUtils.createClientsCaCertSecret();
Secret clientsCaKey = ResourceUtils.createClientsCaKeySecret();
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
when(mockSecretOps.getAsync(anyString(), eq(clientsCa.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCa));
when(mockSecretOps.getAsync(anyString(), eq(clientsCaKey.getMetadata().getName()))).thenReturn(Future.succeededFuture(clientsCaKey));
when(mockSecretOps.getAsync(anyString(), eq(user.getMetadata().getName()))).thenReturn(Future.succeededFuture(null));
when(mockCrdOps.get(eq(user.getMetadata().getNamespace()), eq(user.getMetadata().getName()))).thenReturn(user);
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.reconcile(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME)).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
Secret captured = capturedSecrets.get(0);
assertThat(captured.getMetadata().getName(), is(user.getMetadata().getName()));
assertThat(captured.getMetadata().getNamespace(), is(user.getMetadata().getNamespace()));
assertThat(captured.getMetadata().getLabels(), is(Labels.fromMap(user.getMetadata().getLabels()).withStrimziKind(KafkaUser.RESOURCE_KIND).withKubernetesName(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).withKubernetesInstance(ResourceUtils.NAME).withKubernetesPartOf(ResourceUtils.NAME).withKubernetesManagedBy(KafkaUserModel.KAFKA_USER_OPERATOR_NAME).toMap()));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("ca.crt"))), is("clients-ca-crt"));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.crt"))), is("crt file"));
assertThat(new String(Base64.getDecoder().decode(captured.getData().get("user.key"))), is("key file"));
List<String> capturedAclNames = aclNameCaptor.getAllValues();
assertThat(capturedAclNames, hasSize(2));
assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
assertThat(capturedAcls, hasSize(2));
Set<SimpleAclRule> aclRules = capturedAcls.get(0);
assertThat(aclRules, hasSize(ResourceUtils.createExpectedSimpleAclRules(user).size()));
assertThat(aclRules, is(ResourceUtils.createExpectedSimpleAclRules(user)));
assertThat(capturedAcls.get(1), is(nullValue()));
async.flag();
})));
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
Arrays(java.util.Arrays)
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
AfterAll(org.junit.jupiter.api.AfterAll)
MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Arrays.asList(java.util.Arrays.asList)
Map(java.util.Map)
KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
VertxOptions(io.vertx.core.VertxOptions)
Set(java.util.Set)
VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions)
VertxExtension(io.vertx.junit5.VertxExtension)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
Future(io.vertx.core.Future)
StandardCharsets(java.nio.charset.StandardCharsets)
Test(org.junit.jupiter.api.Test)
Base64(java.util.Base64)
List(java.util.List)
KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas)
Labels(io.strimzi.operator.common.model.Labels)
Secret(io.fabric8.kubernetes.api.model.Secret)
Optional(java.util.Optional)
Checkpoint(io.vertx.junit5.Checkpoint)
MockCertManager(io.strimzi.operator.common.operator.MockCertManager)
Mockito.mock(org.mockito.Mockito.mock)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
CertManager(io.strimzi.certs.CertManager)
HashSet(java.util.HashSet)
ResourceUtils(io.strimzi.operator.user.ResourceUtils)
ArgumentCaptor(org.mockito.ArgumentCaptor)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Promise(io.vertx.core.Promise)
Vertx(io.vertx.core.Vertx)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
Mockito.when(org.mockito.Mockito.when)
KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel)
Mockito.verify(org.mockito.Mockito.verify)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Mockito.never(org.mockito.Mockito.never)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Set(java.util.Set)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
HashSet(java.util.HashSet)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
Checkpoint(io.vertx.junit5.Checkpoint)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Reconciliation(io.strimzi.operator.common.Reconciliation)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 7 with SimpleAclRule
use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.
the class KafkaUserOperatorTest method testUpdateUserNoAuthenticationAndNoAuthorization.
/**
* Tests what happens when the TlsClientAuthentication and SimpleAuthorization are disabled for the user
* (delete entries from the spec of the KafkaUser resource)
*/
@Test
public void testUpdateUserNoAuthenticationAndNoAuthorization(VertxTestContext context) {
CrdOperator mockCrdOps = mock(CrdOperator.class);
SecretOperator mockSecretOps = mock(SecretOperator.class);
SimpleAclOperator aclOps = mock(SimpleAclOperator.class);
ScramCredentialsOperator scramOps = mock(ScramCredentialsOperator.class);
QuotasOperator quotasOps = mock(QuotasOperator.class);
ArgumentCaptor<String> secretNamespaceCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> secretNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
when(mockSecretOps.reconcile(any(), secretNamespaceCaptor.capture(), secretNameCaptor.capture(), secretCaptor.capture())).thenReturn(Future.succeededFuture());
when(mockSecretOps.getAsync(anyString(), eq(ResourceUtils.NAME))).thenReturn(Future.succeededFuture(null));
when(scramOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
ArgumentCaptor<String> aclNameCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Set<SimpleAclRule>> aclRulesCaptor = ArgumentCaptor.forClass(Set.class);
when(aclOps.reconcile(any(), aclNameCaptor.capture(), aclRulesCaptor.capture())).thenReturn(Future.succeededFuture());
KafkaUser user = ResourceUtils.createKafkaUserTls();
user.getSpec().setAuthorization(null);
user.getSpec().setAuthentication(null);
when(mockCrdOps.getAsync(anyString(), anyString())).thenReturn(Future.succeededFuture(user));
when(mockCrdOps.updateStatusAsync(any(), any(KafkaUser.class))).thenReturn(Future.succeededFuture());
KafkaUserOperator op = new KafkaUserOperator(vertx, mockCertManager, mockCrdOps, mockSecretOps, scramOps, quotasOps, aclOps, ResourceUtils.createUserOperatorConfig());
when(quotasOps.reconcile(any(), any(), any())).thenReturn(Future.succeededFuture());
Checkpoint async = context.checkpoint();
op.createOrUpdate(new Reconciliation("test-trigger", KafkaUser.RESOURCE_KIND, ResourceUtils.NAMESPACE, ResourceUtils.NAME), user).onComplete(context.succeeding(v -> context.verify(() -> {
List<String> capturedNames = secretNameCaptor.getAllValues();
assertThat(capturedNames, hasSize(1));
assertThat(capturedNames.get(0), is(ResourceUtils.NAME));
List<String> capturedNamespaces = secretNamespaceCaptor.getAllValues();
assertThat(capturedNamespaces, hasSize(1));
assertThat(capturedNamespaces.get(0), is(ResourceUtils.NAMESPACE));
List<Secret> capturedSecrets = secretCaptor.getAllValues();
assertThat(capturedSecrets, hasSize(1));
Secret captured = capturedSecrets.get(0);
assertThat(captured, is(nullValue()));
List<String> capturedAclNames = aclNameCaptor.getAllValues();
assertThat(capturedAclNames, hasSize(2));
assertThat(capturedAclNames.get(0), is(KafkaUserModel.getTlsUserName(ResourceUtils.NAME)));
assertThat(capturedAclNames.get(1), is(KafkaUserModel.getScramUserName(ResourceUtils.NAME)));
List<Set<SimpleAclRule>> capturedAcls = aclRulesCaptor.getAllValues();
assertThat(capturedAcls, hasSize(2));
assertThat(capturedAcls.get(0), is(nullValue()));
assertThat(capturedAcls.get(1), is(nullValue()));
async.flag();
})));
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
Arrays(java.util.Arrays)
LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Collections.singletonList(java.util.Collections.singletonList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
AfterAll(org.junit.jupiter.api.AfterAll)
MicrometerMetricsOptions(io.vertx.micrometer.MicrometerMetricsOptions)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Arrays.asList(java.util.Arrays.asList)
Map(java.util.Map)
KafkaUserStatus(io.strimzi.api.kafka.model.status.KafkaUserStatus)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
VertxOptions(io.vertx.core.VertxOptions)
Set(java.util.Set)
VertxPrometheusOptions(io.vertx.micrometer.VertxPrometheusOptions)
VertxExtension(io.vertx.junit5.VertxExtension)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
Future(io.vertx.core.Future)
StandardCharsets(java.nio.charset.StandardCharsets)
Test(org.junit.jupiter.api.Test)
Base64(java.util.Base64)
List(java.util.List)
KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas)
Labels(io.strimzi.operator.common.model.Labels)
Secret(io.fabric8.kubernetes.api.model.Secret)
Optional(java.util.Optional)
Checkpoint(io.vertx.junit5.Checkpoint)
MockCertManager(io.strimzi.operator.common.operator.MockCertManager)
Mockito.mock(org.mockito.Mockito.mock)
VertxTestContext(io.vertx.junit5.VertxTestContext)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
CertManager(io.strimzi.certs.CertManager)
HashSet(java.util.HashSet)
ResourceUtils(io.strimzi.operator.user.ResourceUtils)
ArgumentCaptor(org.mockito.ArgumentCaptor)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue)
ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Promise(io.vertx.core.Promise)
Vertx(io.vertx.core.Vertx)
KafkaUserBuilder(io.strimzi.api.kafka.model.KafkaUserBuilder)
Mockito.when(org.mockito.Mockito.when)
KafkaUserModel(io.strimzi.operator.user.model.KafkaUserModel)
Mockito.verify(org.mockito.Mockito.verify)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Mockito.never(org.mockito.Mockito.never)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Set(java.util.Set)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
HashSet(java.util.HashSet)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator)
Secret(io.fabric8.kubernetes.api.model.Secret)
Checkpoint(io.vertx.junit5.Checkpoint)
CrdOperator(io.strimzi.operator.common.operator.resource.CrdOperator)
Reconciliation(io.strimzi.operator.common.Reconciliation)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
Test(org.junit.jupiter.api.Test)
Example 8 with SimpleAclRule
use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.
the class KafkaUserOperator method reconcileCredentialsQuotasAndAcls.
/**
* Reconciles the credentials, quotas and ACLs
*
* @param reconciliation Unique identification for the reconciliation
* @param user Model describing the KafkaUser
* @param userStatus Status subresource of the KafkaUser custom resource
*
* @return Future describing the result
*/
private CompositeFuture reconcileCredentialsQuotasAndAcls(Reconciliation reconciliation, KafkaUserModel user, KafkaUserStatus userStatus) {
Set<SimpleAclRule> tlsAcls = null;
Set<SimpleAclRule> scramOrNoneAcls = null;
KafkaUserQuotas tlsQuotas = null;
KafkaUserQuotas scramOrNoneQuotas = null;
if (user.isTlsUser() || user.isTlsExternalUser()) {
tlsAcls = user.getSimpleAclRules();
tlsQuotas = user.getQuotas();
} else if (user.isScramUser() || user.isNoneUser()) {
scramOrNoneAcls = user.getSimpleAclRules();
scramOrNoneQuotas = user.getQuotas();
}
// Reconcile the user SCRAM-SHA-512 credentials
Future<ReconcileResult<String>> scramCredentialsFuture = scramCredentialsOperator.reconcile(reconciliation, user.getName(), user.getScramSha512Password());
// Quotas need to reconciled for both regular and TLS username. It will be (possibly) set for one user and deleted for the other
Future<ReconcileResult<KafkaUserQuotas>> tlsQuotasFuture = quotasOperator.reconcile(reconciliation, KafkaUserModel.getTlsUserName(reconciliation.name()), tlsQuotas);
Future<ReconcileResult<KafkaUserQuotas>> quotasFuture = quotasOperator.reconcile(reconciliation, KafkaUserModel.getScramUserName(reconciliation.name()), scramOrNoneQuotas);
// Reconcile the user secret generated by the user operator with the credentials
Future<ReconcileResult<Secret>> userSecretFuture = reconcileUserSecret(reconciliation, user, userStatus);
// ACLs need to reconciled for both regular and TLS username. It will be (possibly) set for one user and deleted for the other
Future<ReconcileResult<Set<SimpleAclRule>>> aclsTlsUserFuture;
Future<ReconcileResult<Set<SimpleAclRule>>> aclsScramUserFuture;
if (config.isAclsAdminApiSupported()) {
aclsTlsUserFuture = aclOperations.reconcile(reconciliation, KafkaUserModel.getTlsUserName(reconciliation.name()), tlsAcls);
aclsScramUserFuture = aclOperations.reconcile(reconciliation, KafkaUserModel.getScramUserName(reconciliation.name()), scramOrNoneAcls);
} else {
aclsTlsUserFuture = Future.succeededFuture(ReconcileResult.noop(null));
aclsScramUserFuture = Future.succeededFuture(ReconcileResult.noop(null));
}
return CompositeFuture.join(scramCredentialsFuture, tlsQuotasFuture, quotasFuture, aclsTlsUserFuture, aclsScramUserFuture, userSecretFuture);
}
Also used :
KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas)
ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Example 9 with SimpleAclRule
use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.
the class KafkaUserModel method setSimpleAclRules.
/**
* Sets the list of ACL rules for Simple authorization.
*
* @param rules List of ACL rules which should be applied to this user.
*/
public void setSimpleAclRules(List<AclRule> rules) {
Set<SimpleAclRule> simpleAclRules = new HashSet<>();
for (AclRule rule : rules) {
simpleAclRules.add(SimpleAclRule.fromCrd(rule));
}
this.simpleAclRules = simpleAclRules;
}
Also used :
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
AclRule(io.strimzi.api.kafka.model.AclRule)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
HashSet(java.util.HashSet)
Example 10 with SimpleAclRule
use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.
the class SimpleAclOperatorTest method testReconcileInternalUpdateCreatesNewAclsAndDeletesOldAcls.
@Test
public void testReconcileInternalUpdateCreatesNewAclsAndDeletesOldAcls(VertxTestContext context) {
Admin mockAdminClient = mock(AdminClient.class);
SimpleAclOperator aclOp = new SimpleAclOperator(vertx, mockAdminClient);
ResourcePattern resource1 = new ResourcePattern(ResourceType.TOPIC, "my-topic", PatternType.LITERAL);
ResourcePattern resource2 = new ResourcePattern(ResourceType.TOPIC, "my-topic2", PatternType.LITERAL);
KafkaPrincipal foo = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=foo");
AclBinding readAclBinding = new AclBinding(resource1, new AccessControlEntry(foo.toString(), "*", org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
AclBinding writeAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*", org.apache.kafka.common.acl.AclOperation.WRITE, AclPermissionType.ALLOW));
SimpleAclRuleResource resource = new SimpleAclRuleResource("my-topic2", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL);
SimpleAclRule rule1 = new SimpleAclRule(AclRuleType.ALLOW, resource, "*", AclOperation.WRITE);
ArgumentCaptor<Collection<AclBinding>> aclBindingsCaptor = ArgumentCaptor.forClass(Collection.class);
ArgumentCaptor<Collection<AclBindingFilter>> aclBindingFiltersCaptor = ArgumentCaptor.forClass(Collection.class);
assertDoesNotThrow(() -> {
mockDescribeAcls(mockAdminClient, null, Collections.singleton(readAclBinding));
mockCreateAcls(mockAdminClient, aclBindingsCaptor);
mockDeleteAcls(mockAdminClient, Collections.singleton(readAclBinding), aclBindingFiltersCaptor);
});
Checkpoint async = context.checkpoint();
aclOp.reconcile(Reconciliation.DUMMY_RECONCILIATION, "CN=foo", new LinkedHashSet(asList(rule1))).onComplete(context.succeeding(rr -> context.verify(() -> {
// Create Write rule for resource 2
Collection<AclBinding> capturedAclBindings = aclBindingsCaptor.getValue();
assertThat(capturedAclBindings, hasSize(1));
assertThat(capturedAclBindings, hasItem(writeAclBinding));
Set<ResourcePattern> capturedResourcePatterns = capturedAclBindings.stream().map(AclBinding::pattern).collect(Collectors.toSet());
assertThat(capturedResourcePatterns, hasSize(1));
assertThat(capturedResourcePatterns, hasItem(resource2));
// Delete read rule for resource 1
Collection<AclBindingFilter> capturedAclBindingFilters = aclBindingFiltersCaptor.getValue();
assertThat(capturedAclBindingFilters, hasSize(1));
assertThat(capturedAclBindingFilters, hasItem(readAclBinding.toFilter()));
Set<ResourcePatternFilter> capturedResourcePatternFilters = capturedAclBindingFilters.stream().map(AclBindingFilter::patternFilter).collect(Collectors.toSet());
assertThat(capturedResourcePatternFilters, hasSize(1));
assertThat(capturedResourcePatternFilters, hasItem(resource1.toFilter()));
async.flag();
})));
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
VertxTestContext(io.vertx.junit5.VertxTestContext)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter)
AclPermissionType(org.apache.kafka.common.acl.AclPermissionType)
AclOperation(io.strimzi.api.kafka.model.AclOperation)
PatternType(org.apache.kafka.common.resource.PatternType)
Matchers.hasItems(org.hamcrest.Matchers.hasItems)
DeleteAclsResult(org.apache.kafka.clients.admin.DeleteAclsResult)
AclResourcePatternType(io.strimzi.api.kafka.model.AclResourcePatternType)
AdminClient(org.apache.kafka.clients.admin.AdminClient)
AfterAll(org.junit.jupiter.api.AfterAll)
HashSet(java.util.HashSet)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
ArgumentCaptor(org.mockito.ArgumentCaptor)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Arrays.asList(java.util.Arrays.asList)
AclBinding(org.apache.kafka.common.acl.AclBinding)
Admin(org.apache.kafka.clients.admin.Admin)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
LinkedHashSet(java.util.LinkedHashSet)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Collections.emptyList(java.util.Collections.emptyList)
Collection(java.util.Collection)
Vertx(io.vertx.core.Vertx)
Set(java.util.Set)
KafkaFuture(org.apache.kafka.common.KafkaFuture)
ResourcePattern(org.apache.kafka.common.resource.ResourcePattern)
Mockito.when(org.mockito.Mockito.when)
VertxExtension(io.vertx.junit5.VertxExtension)
Collectors(java.util.stream.Collectors)
SimpleAclRuleResource(io.strimzi.operator.user.model.acl.SimpleAclRuleResource)
Test(org.junit.jupiter.api.Test)
Reconciliation(io.strimzi.operator.common.Reconciliation)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
ResourceType(org.apache.kafka.common.resource.ResourceType)
CreateAclsResult(org.apache.kafka.clients.admin.CreateAclsResult)
SimpleAclRuleResourceType(io.strimzi.operator.user.model.acl.SimpleAclRuleResourceType)
Checkpoint(io.vertx.junit5.Checkpoint)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
AclRuleType(io.strimzi.api.kafka.model.AclRuleType)
DescribeAclsResult(org.apache.kafka.clients.admin.DescribeAclsResult)
ResourcePatternFilter(org.apache.kafka.common.resource.ResourcePatternFilter)
Collections(java.util.Collections)
Assertions.assertDoesNotThrow(org.junit.jupiter.api.Assertions.assertDoesNotThrow)
Mockito.mock(org.mockito.Mockito.mock)
AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter)
ResourcePatternFilter(org.apache.kafka.common.resource.ResourcePatternFilter)
ResourcePattern(org.apache.kafka.common.resource.ResourcePattern)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
Admin(org.apache.kafka.clients.admin.Admin)
Checkpoint(io.vertx.junit5.Checkpoint)
SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)
Collection(java.util.Collection)
AclBinding(org.apache.kafka.common.acl.AclBinding)
SimpleAclRuleResource(io.strimzi.operator.user.model.acl.SimpleAclRuleResource)
Test(org.junit.jupiter.api.Test)
Aggregations
SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)42
HashSet (java.util.HashSet)36
Reconciliation (io.strimzi.operator.common.Reconciliation)26
Vertx (io.vertx.core.Vertx)26
Checkpoint (io.vertx.junit5.Checkpoint)26
VertxExtension (io.vertx.junit5.VertxExtension)26
VertxTestContext (io.vertx.junit5.VertxTestContext)26
Arrays.asList (java.util.Arrays.asList)26
Set (java.util.Set)26
CoreMatchers.is (org.hamcrest.CoreMatchers.is)26
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)26
Matchers.hasSize (org.hamcrest.Matchers.hasSize)26
AfterAll (org.junit.jupiter.api.AfterAll)26
BeforeAll (org.junit.jupiter.api.BeforeAll)26
Test (org.junit.jupiter.api.Test)26
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)26
ArgumentCaptor (org.mockito.ArgumentCaptor)26
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)26
Mockito.mock (org.mockito.Mockito.mock)26
Mockito.when (org.mockito.Mockito.when)26
