Examples with INTERNAL_CLIENTS_USED io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED used on opensource projects

Search in sources :

Example 1 with INTERNAL_CLIENTS_USED

use of io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED in project strimzi by strimzi.

the class KafkaST method testAppDomainLabels.

@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testAppDomainLabels(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3, 1).build());
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(false, clusterName + "-" + Constants.KAFKA_CLIENTS).build());
    final String kafkaClientsPodName = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, clusterName + "-" + Constants.KAFKA_CLIENTS).get(0).getMetadata().getName();
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(kafkaClientsPodName).withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withListenerName(Constants.PLAIN_LISTENER_DEFAULT_NAME).build();
    Map<String, String> labels;
    LOGGER.info("---> PODS <---");
    List<Pod> pods = kubeClient(namespaceName).listPods(namespaceName, clusterName).stream().filter(pod -> pod.getMetadata().getName().startsWith(clusterName)).filter(pod -> !pod.getMetadata().getName().startsWith(clusterName + "-" + Constants.KAFKA_CLIENTS)).collect(Collectors.toList());
    for (Pod pod : pods) {
        LOGGER.info("Getting labels from {} pod", pod.getMetadata().getName());
        verifyAppLabels(pod.getMetadata().getLabels());
    }
    LOGGER.info("---> STATEFUL SETS <---");
    Map<String, String> kafkaLabels = StUtils.getLabelsOfStatefulSetOrStrimziPodSet(namespaceName, KafkaResources.kafkaStatefulSetName(clusterName));
    LOGGER.info("Getting labels from stateful set of kafka resource");
    verifyAppLabels(kafkaLabels);
    Map<String, String> zooLabels = StUtils.getLabelsOfStatefulSetOrStrimziPodSet(namespaceName, KafkaResources.zookeeperStatefulSetName(clusterName));
    LOGGER.info("Getting labels from stateful set of zookeeper resource");
    verifyAppLabels(zooLabels);
    LOGGER.info("---> SERVICES <---");
    List<Service> services = kubeClient(namespaceName).listServices(namespaceName).stream().filter(service -> service.getMetadata().getName().startsWith(clusterName)).collect(Collectors.toList());
    for (Service service : services) {
        LOGGER.info("Getting labels from {} service", service.getMetadata().getName());
        verifyAppLabels(service.getMetadata().getLabels());
    }
    LOGGER.info("---> SECRETS <---");
    List<Secret> secrets = kubeClient(namespaceName).listSecrets(namespaceName).stream().filter(secret -> secret.getMetadata().getName().startsWith(clusterName) && secret.getType().equals("Opaque")).collect(Collectors.toList());
    for (Secret secret : secrets) {
        LOGGER.info("Getting labels from {} secret", secret.getMetadata().getName());
        verifyAppLabelsForSecretsAndConfigMaps(secret.getMetadata().getLabels());
    }
    LOGGER.info("---> CONFIG MAPS <---");
    List<ConfigMap> configMaps = kubeClient(namespaceName).listConfigMapsInSpecificNamespace(namespaceName, clusterName);
    for (ConfigMap configMap : configMaps) {
        LOGGER.info("Getting labels from {} config map", configMap.getMetadata().getName());
        verifyAppLabelsForSecretsAndConfigMaps(configMap.getMetadata().getLabels());
    }
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesPlain(), internalKafkaClient.receiveMessagesPlain());
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaClusterSpec(io.strimzi.api.kafka.model.KafkaClusterSpec) CoreMatchers(org.hamcrest.CoreMatchers) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient) Matchers.not(org.hamcrest.Matchers.not) ExecResult(io.strimzi.test.executor.ExecResult) KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) KafkaResources.kafkaStatefulSetName(io.strimzi.api.kafka.model.KafkaResources.kafkaStatefulSetName) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PersistentVolumeClaimUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PersistentVolumeClaimUtils) EntityTopicOperatorSpec(io.strimzi.api.kafka.model.EntityTopicOperatorSpec) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Arrays.asList(java.util.Arrays.asList) SystemProperty(io.strimzi.api.kafka.model.SystemProperty) Duration(java.time.Duration) Map(java.util.Map) ConfigMapUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.ConfigMapUtils) Tag(org.junit.jupiter.api.Tag) ServiceUtils(io.strimzi.systemtest.utils.kubeUtils.objects.ServiceUtils) StUtils(io.strimzi.systemtest.utils.StUtils) RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils) JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) StUtils.configMap2Properties(io.strimzi.systemtest.utils.StUtils.configMap2Properties) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Instant(java.time.Instant) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) Collectors(java.util.stream.Collectors) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) Logger(org.apache.logging.log4j.Logger) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) KafkaTopicResource(io.strimzi.systemtest.resources.crd.KafkaTopicResource) Matchers.anyOf(org.hamcrest.Matchers.anyOf) CRUISE_CONTROL(io.strimzi.systemtest.Constants.CRUISE_CONTROL) Matchers.containsString(org.hamcrest.Matchers.containsString) AbstractST(io.strimzi.systemtest.AbstractST) ZookeeperClusterSpec(io.strimzi.api.kafka.model.ZookeeperClusterSpec) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) LOADBALANCER_SUPPORTED(io.strimzi.systemtest.Constants.LOADBALANCER_SUPPORTED) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaResources.zookeeperStatefulSetName(io.strimzi.api.kafka.model.KafkaResources.zookeeperStatefulSetName) HashMap(java.util.HashMap) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) StUtils.stringToProperties(io.strimzi.systemtest.utils.StUtils.stringToProperties) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder) PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils) KafkaTopicList(io.strimzi.api.kafka.KafkaTopicList) Matchers.emptyOrNullString(org.hamcrest.Matchers.emptyOrNullString) TestUtils(io.strimzi.test.TestUtils) TestUtils.fromYamlString(io.strimzi.test.TestUtils.fromYamlString) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) EntityOperatorSpec(io.strimzi.api.kafka.model.EntityOperatorSpec) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) Properties(java.util.Properties) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Constants(io.strimzi.systemtest.Constants) Pod(io.fabric8.kubernetes.api.model.Pod) EntityUserOperatorSpec(io.strimzi.api.kafka.model.EntityUserOperatorSpec) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) KafkaCmdClient(io.strimzi.systemtest.cli.KafkaCmdClient) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) KafkaTopic(io.strimzi.api.kafka.model.KafkaTopic) DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils) Matchers.hasItem(org.hamcrest.Matchers.hasItem) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) Kafka(io.strimzi.api.kafka.model.Kafka) LogManager(org.apache.logging.log4j.LogManager) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) Pod(io.fabric8.kubernetes.api.model.Pod) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) Service(io.fabric8.kubernetes.api.model.Service) Matchers.containsString(org.hamcrest.Matchers.containsString) Matchers.emptyOrNullString(org.hamcrest.Matchers.emptyOrNullString) TestUtils.fromYamlString(io.strimzi.test.TestUtils.fromYamlString) Secret(io.fabric8.kubernetes.api.model.Secret) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 2 with INTERNAL_CLIENTS_USED

use of io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED in project strimzi by strimzi.

the class SecurityST method testCertRegeneratedAfterInternalCAisDeleted.

@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testCertRegeneratedAfterInternalCAisDeleted(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final LabelSelector kafkaSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.kafkaStatefulSetName(clusterName));
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(clusterName, 3, 1).build());
    Map<String, String> kafkaPods = PodUtils.podSnapshot(namespaceName, kafkaSelector);
    KafkaUser user = KafkaUserTemplates.tlsUser(namespaceName, clusterName, userName).build();
    resourceManager.createResource(extensionContext, user);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, clusterName + "-" + Constants.KAFKA_CLIENTS, user).build());
    String defaultKafkaClientsPodName = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, clusterName + "-" + Constants.KAFKA_CLIENTS).get(0).getMetadata().getName();
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(defaultKafkaClientsPodName).withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withKafkaUsername(userName).withListenerName(Constants.TLS_LISTENER_DEFAULT_NAME).build();
    // TODO
    List<Secret> secrets = kubeClient(namespaceName).listSecrets(namespaceName).stream().filter(secret -> secret.getMetadata().getName().startsWith(clusterName) && secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
    for (Secret s : secrets) {
        LOGGER.info("Verifying that secret {} with name {} is present", s, s.getMetadata().getName());
        assertThat(s.getData(), is(notNullValue()));
    }
    for (Secret s : secrets) {
        LOGGER.info("Deleting secret {}", s.getMetadata().getName());
        kubeClient(namespaceName).deleteSecret(namespaceName, s.getMetadata().getName());
    }
    PodUtils.verifyThatRunningPodsAreStable(namespaceName, KafkaResources.kafkaStatefulSetName(clusterName));
    RollingUpdateUtils.waitTillComponentHasRolled(namespaceName, kafkaSelector, 3, kafkaPods);
    for (Secret s : secrets) {
        SecretUtils.waitForSecretReady(namespaceName, s.getMetadata().getName(), () -> {
        });
    }
    List<Secret> regeneratedSecrets = kubeClient(namespaceName).listSecrets(namespaceName).stream().filter(secret -> secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
    for (int i = 0; i < secrets.size(); i++) {
        assertThat("Certificates has different cert UIDs", !secrets.get(i).getData().get("ca.crt").equals(regeneratedSecrets.get(i).getData().get("ca.crt")));
    }
    LOGGER.info("Checking consumed messages to pod:{}", defaultKafkaClientsPodName);
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName) KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Duration(java.time.Duration) Map(java.util.Map) Tag(org.junit.jupiter.api.Tag) RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils) ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils) Logger(org.apache.logging.log4j.Logger) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.containsString(org.hamcrest.Matchers.containsString) AbstractST(io.strimzi.systemtest.AbstractST) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) CONNECT(io.strimzi.systemtest.Constants.CONNECT) LocalDateTime(java.time.LocalDateTime) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER) ArrayList(java.util.ArrayList) PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SslConfigs(org.apache.kafka.common.config.SslConfigs) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority) Constants(io.strimzi.systemtest.Constants) Pod(io.fabric8.kubernetes.api.model.Pod) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) IOException(java.io.IOException) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) File(java.io.File) KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource) DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUserUtils) CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException) Date(java.util.Date) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient) Random(java.util.Random) STRIMZI_INTERMEDIATE_CA(io.strimzi.systemtest.security.SystemTestCertManager.STRIMZI_INTERMEDIATE_CA) AclOperation(io.strimzi.api.kafka.model.AclOperation) KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource) SystemTestCertManager.convertPrivateKeyToPKCS8File(io.strimzi.systemtest.security.SystemTestCertManager.convertPrivateKeyToPKCS8File) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) Ca(io.strimzi.operator.cluster.model.Ca) KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils) StUtils(io.strimzi.systemtest.utils.StUtils) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) Collectors(java.util.stream.Collectors) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) Secret(io.fabric8.kubernetes.api.model.Secret) IntStream(java.util.stream.IntStream) KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates) CoreMatchers.not(org.hamcrest.CoreMatchers.not) HashMap(java.util.HashMap) SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers(org.hamcrest.Matchers) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) LogManager(org.apache.logging.log4j.LogManager) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InputStream(java.io.InputStream) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers.containsString(org.hamcrest.Matchers.containsString) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 3 with INTERNAL_CLIENTS_USED

use of io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED in project strimzi by strimzi.

the class SecurityST method testCaRenewalBreakInMiddle.

@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testCaRenewalBreakInMiddle(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final LabelSelector kafkaSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.kafkaStatefulSetName(clusterName));
    final LabelSelector zkSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.zookeeperStatefulSetName(clusterName));
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(clusterName, 3, 3).editSpec().withNewClusterCa().withRenewalDays(1).withValidityDays(3).endClusterCa().endSpec().build());
    KafkaUser user = KafkaUserTemplates.tlsUser(clusterName, userName).build();
    resourceManager.createResource(extensionContext, user);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, clusterName + "-" + Constants.KAFKA_CLIENTS, user).build());
    String defaultKafkaClientsPodName = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, clusterName + "-" + Constants.KAFKA_CLIENTS).get(0).getMetadata().getName();
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(defaultKafkaClientsPodName).withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withKafkaUsername(userName).withMessageCount(MESSAGE_COUNT).withListenerName(Constants.TLS_LISTENER_DEFAULT_NAME).build();
    internalKafkaClient = internalKafkaClient.toBuilder().withUsingPodName(defaultKafkaClientsPodName).build();
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
    Map<String, String> zkPods = PodUtils.podSnapshot(namespaceName, zkSelector);
    Map<String, String> kafkaPods = PodUtils.podSnapshot(namespaceName, kafkaSelector);
    Map<String, String> eoPods = DeploymentUtils.depSnapshot(namespaceName, KafkaResources.entityOperatorDeploymentName(clusterName));
    InputStream secretInputStream = getClass().getClassLoader().getResourceAsStream("security-st-certs/expired-cluster-ca.crt");
    String clusterCaCert = TestUtils.readResource(secretInputStream);
    SecretUtils.createSecret(namespaceName, clusterCaCertificateSecretName(clusterName), "ca.crt", clusterCaCert);
    KafkaResource.replaceKafkaResourceInSpecificNamespace(clusterName, k -> {
        k.getSpec().getZookeeper().setResources(new ResourceRequirementsBuilder().addToRequests("cpu", new Quantity("100000m")).build());
        k.getSpec().setClusterCa(new CertificateAuthorityBuilder().withRenewalDays(4).withValidityDays(7).build());
    }, namespaceName);
    TestUtils.waitFor("Waiting for some kafka pod to be in the pending phase because of selected high cpu resource", Constants.GLOBAL_POLL_INTERVAL, Constants.GLOBAL_TIMEOUT, () -> {
        List<Pod> pendingPods = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, KafkaResources.zookeeperStatefulSetName(clusterName)).stream().filter(pod -> pod.getStatus().getPhase().equals("Pending")).collect(Collectors.toList());
        if (pendingPods.isEmpty()) {
            LOGGER.info("No pods of {} are in desired state", KafkaResources.zookeeperStatefulSetName(clusterName));
            return false;
        } else {
            LOGGER.info("Pod in 'Pending' state: {}", pendingPods.get(0).getMetadata().getName());
            return true;
        }
    });
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).build();
    int received = internalKafkaClient.receiveMessagesTls();
    assertThat(received, is(MESSAGE_COUNT));
    KafkaResource.replaceKafkaResourceInSpecificNamespace(clusterName, k -> {
        k.getSpec().getZookeeper().setResources(new ResourceRequirementsBuilder().addToRequests("cpu", new Quantity("200m")).build());
    }, namespaceName);
    // Wait until the certificates have been replaced
    SecretUtils.waitForCertToChange(namespaceName, clusterCaCert, KafkaResources.clusterCaCertificateSecretName(clusterName));
    RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(namespaceName, zkSelector, 3, zkPods);
    RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(namespaceName, kafkaSelector, 3, kafkaPods);
    DeploymentUtils.waitTillDepHasRolled(namespaceName, KafkaResources.entityOperatorDeploymentName(clusterName), 1, eoPods);
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).build();
    LOGGER.info("Checking produced and consumed messages to pod:{}", internalKafkaClient.getPodName());
    received = internalKafkaClient.receiveMessagesTls();
    assertThat(received, is(MESSAGE_COUNT));
    // Try to send and receive messages with new certificates
    topicName = KafkaTopicUtils.generateRandomNameOfTopic();
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).withTopicName(topicName).build();
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName) KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Duration(java.time.Duration) Map(java.util.Map) Tag(org.junit.jupiter.api.Tag) RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils) ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils) Logger(org.apache.logging.log4j.Logger) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.containsString(org.hamcrest.Matchers.containsString) AbstractST(io.strimzi.systemtest.AbstractST) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) CONNECT(io.strimzi.systemtest.Constants.CONNECT) LocalDateTime(java.time.LocalDateTime) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER) ArrayList(java.util.ArrayList) PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SslConfigs(org.apache.kafka.common.config.SslConfigs) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority) Constants(io.strimzi.systemtest.Constants) Pod(io.fabric8.kubernetes.api.model.Pod) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) IOException(java.io.IOException) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) File(java.io.File) KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource) DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUserUtils) CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException) Date(java.util.Date) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient) Random(java.util.Random) STRIMZI_INTERMEDIATE_CA(io.strimzi.systemtest.security.SystemTestCertManager.STRIMZI_INTERMEDIATE_CA) AclOperation(io.strimzi.api.kafka.model.AclOperation) KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource) SystemTestCertManager.convertPrivateKeyToPKCS8File(io.strimzi.systemtest.security.SystemTestCertManager.convertPrivateKeyToPKCS8File) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) Ca(io.strimzi.operator.cluster.model.Ca) KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils) StUtils(io.strimzi.systemtest.utils.StUtils) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) Collectors(java.util.stream.Collectors) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) Secret(io.fabric8.kubernetes.api.model.Secret) IntStream(java.util.stream.IntStream) KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates) CoreMatchers.not(org.hamcrest.CoreMatchers.not) HashMap(java.util.HashMap) SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers(org.hamcrest.Matchers) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) LogManager(org.apache.logging.log4j.LogManager) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InputStream(java.io.InputStream) Pod(io.fabric8.kubernetes.api.model.Pod) InputStream(java.io.InputStream) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) Quantity(io.fabric8.kubernetes.api.model.Quantity) Matchers.containsString(org.hamcrest.Matchers.containsString) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 4 with INTERNAL_CLIENTS_USED

use of io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED in project strimzi-kafka-operator by strimzi.

the class SecurityST method testCertRegeneratedAfterInternalCAisDeleted.

@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testCertRegeneratedAfterInternalCAisDeleted(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final LabelSelector kafkaSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.kafkaStatefulSetName(clusterName));
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(clusterName, 3, 1).build());
    Map<String, String> kafkaPods = PodUtils.podSnapshot(namespaceName, kafkaSelector);
    KafkaUser user = KafkaUserTemplates.tlsUser(namespaceName, clusterName, userName).build();
    resourceManager.createResource(extensionContext, user);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, clusterName + "-" + Constants.KAFKA_CLIENTS, user).build());
    String defaultKafkaClientsPodName = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, clusterName + "-" + Constants.KAFKA_CLIENTS).get(0).getMetadata().getName();
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(defaultKafkaClientsPodName).withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withKafkaUsername(userName).withListenerName(Constants.TLS_LISTENER_DEFAULT_NAME).build();
    // TODO
    List<Secret> secrets = kubeClient(namespaceName).listSecrets(namespaceName).stream().filter(secret -> secret.getMetadata().getName().startsWith(clusterName) && secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
    for (Secret s : secrets) {
        LOGGER.info("Verifying that secret {} with name {} is present", s, s.getMetadata().getName());
        assertThat(s.getData(), is(notNullValue()));
    }
    for (Secret s : secrets) {
        LOGGER.info("Deleting secret {}", s.getMetadata().getName());
        kubeClient(namespaceName).deleteSecret(namespaceName, s.getMetadata().getName());
    }
    PodUtils.verifyThatRunningPodsAreStable(namespaceName, KafkaResources.kafkaStatefulSetName(clusterName));
    RollingUpdateUtils.waitTillComponentHasRolled(namespaceName, kafkaSelector, 3, kafkaPods);
    for (Secret s : secrets) {
        SecretUtils.waitForSecretReady(namespaceName, s.getMetadata().getName(), () -> {
        });
    }
    List<Secret> regeneratedSecrets = kubeClient(namespaceName).listSecrets(namespaceName).stream().filter(secret -> secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
    for (int i = 0; i < secrets.size(); i++) {
        assertThat("Certificates has different cert UIDs", !secrets.get(i).getData().get("ca.crt").equals(regeneratedSecrets.get(i).getData().get("ca.crt")));
    }
    LOGGER.info("Checking consumed messages to pod:{}", defaultKafkaClientsPodName);
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName) KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Duration(java.time.Duration) Map(java.util.Map) Tag(org.junit.jupiter.api.Tag) RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils) ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils) Logger(org.apache.logging.log4j.Logger) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.containsString(org.hamcrest.Matchers.containsString) AbstractST(io.strimzi.systemtest.AbstractST) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) CONNECT(io.strimzi.systemtest.Constants.CONNECT) LocalDateTime(java.time.LocalDateTime) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER) ArrayList(java.util.ArrayList) PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SslConfigs(org.apache.kafka.common.config.SslConfigs) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority) Constants(io.strimzi.systemtest.Constants) Pod(io.fabric8.kubernetes.api.model.Pod) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) IOException(java.io.IOException) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) File(java.io.File) KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource) DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUserUtils) CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException) Date(java.util.Date) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient) Random(java.util.Random) STRIMZI_INTERMEDIATE_CA(io.strimzi.systemtest.security.SystemTestCertManager.STRIMZI_INTERMEDIATE_CA) AclOperation(io.strimzi.api.kafka.model.AclOperation) KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource) SystemTestCertManager.convertPrivateKeyToPKCS8File(io.strimzi.systemtest.security.SystemTestCertManager.convertPrivateKeyToPKCS8File) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) Ca(io.strimzi.operator.cluster.model.Ca) KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils) StUtils(io.strimzi.systemtest.utils.StUtils) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) Collectors(java.util.stream.Collectors) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) Secret(io.fabric8.kubernetes.api.model.Secret) IntStream(java.util.stream.IntStream) KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates) CoreMatchers.not(org.hamcrest.CoreMatchers.not) HashMap(java.util.HashMap) SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers(org.hamcrest.Matchers) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) LogManager(org.apache.logging.log4j.LogManager) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InputStream(java.io.InputStream) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers.containsString(org.hamcrest.Matchers.containsString) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Example 5 with INTERNAL_CLIENTS_USED

use of io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED in project strimzi-kafka-operator by strimzi.

the class SecurityST method testCaRenewalBreakInMiddle.

@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testCaRenewalBreakInMiddle(ExtensionContext extensionContext) {
    final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    final String userName = mapWithTestUsers.get(extensionContext.getDisplayName());
    final LabelSelector kafkaSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.kafkaStatefulSetName(clusterName));
    final LabelSelector zkSelector = KafkaResource.getLabelSelector(clusterName, KafkaResources.zookeeperStatefulSetName(clusterName));
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(clusterName, 3, 3).editSpec().withNewClusterCa().withRenewalDays(1).withValidityDays(3).endClusterCa().endSpec().build());
    KafkaUser user = KafkaUserTemplates.tlsUser(clusterName, userName).build();
    resourceManager.createResource(extensionContext, user);
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, clusterName + "-" + Constants.KAFKA_CLIENTS, user).build());
    String defaultKafkaClientsPodName = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, clusterName + "-" + Constants.KAFKA_CLIENTS).get(0).getMetadata().getName();
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(defaultKafkaClientsPodName).withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withKafkaUsername(userName).withMessageCount(MESSAGE_COUNT).withListenerName(Constants.TLS_LISTENER_DEFAULT_NAME).build();
    internalKafkaClient = internalKafkaClient.toBuilder().withUsingPodName(defaultKafkaClientsPodName).build();
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
    Map<String, String> zkPods = PodUtils.podSnapshot(namespaceName, zkSelector);
    Map<String, String> kafkaPods = PodUtils.podSnapshot(namespaceName, kafkaSelector);
    Map<String, String> eoPods = DeploymentUtils.depSnapshot(namespaceName, KafkaResources.entityOperatorDeploymentName(clusterName));
    InputStream secretInputStream = getClass().getClassLoader().getResourceAsStream("security-st-certs/expired-cluster-ca.crt");
    String clusterCaCert = TestUtils.readResource(secretInputStream);
    SecretUtils.createSecret(namespaceName, clusterCaCertificateSecretName(clusterName), "ca.crt", clusterCaCert);
    KafkaResource.replaceKafkaResourceInSpecificNamespace(clusterName, k -> {
        k.getSpec().getZookeeper().setResources(new ResourceRequirementsBuilder().addToRequests("cpu", new Quantity("100000m")).build());
        k.getSpec().setClusterCa(new CertificateAuthorityBuilder().withRenewalDays(4).withValidityDays(7).build());
    }, namespaceName);
    TestUtils.waitFor("Waiting for some kafka pod to be in the pending phase because of selected high cpu resource", Constants.GLOBAL_POLL_INTERVAL, Constants.GLOBAL_TIMEOUT, () -> {
        List<Pod> pendingPods = kubeClient(namespaceName).listPodsByPrefixInName(namespaceName, KafkaResources.zookeeperStatefulSetName(clusterName)).stream().filter(pod -> pod.getStatus().getPhase().equals("Pending")).collect(Collectors.toList());
        if (pendingPods.isEmpty()) {
            LOGGER.info("No pods of {} are in desired state", KafkaResources.zookeeperStatefulSetName(clusterName));
            return false;
        } else {
            LOGGER.info("Pod in 'Pending' state: {}", pendingPods.get(0).getMetadata().getName());
            return true;
        }
    });
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).build();
    int received = internalKafkaClient.receiveMessagesTls();
    assertThat(received, is(MESSAGE_COUNT));
    KafkaResource.replaceKafkaResourceInSpecificNamespace(clusterName, k -> {
        k.getSpec().getZookeeper().setResources(new ResourceRequirementsBuilder().addToRequests("cpu", new Quantity("200m")).build());
    }, namespaceName);
    // Wait until the certificates have been replaced
    SecretUtils.waitForCertToChange(namespaceName, clusterCaCert, KafkaResources.clusterCaCertificateSecretName(clusterName));
    RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(namespaceName, zkSelector, 3, zkPods);
    RollingUpdateUtils.waitTillComponentHasRolledAndPodsReady(namespaceName, kafkaSelector, 3, kafkaPods);
    DeploymentUtils.waitTillDepHasRolled(namespaceName, KafkaResources.entityOperatorDeploymentName(clusterName), 1, eoPods);
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).build();
    LOGGER.info("Checking produced and consumed messages to pod:{}", internalKafkaClient.getPodName());
    received = internalKafkaClient.receiveMessagesTls();
    assertThat(received, is(MESSAGE_COUNT));
    // Try to send and receive messages with new certificates
    topicName = KafkaTopicUtils.generateRandomNameOfTopic();
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
    internalKafkaClient = internalKafkaClient.toBuilder().withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).withTopicName(topicName).build();
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation) Arrays(java.util.Arrays) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName) KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Duration(java.time.Duration) Map(java.util.Map) Tag(org.junit.jupiter.api.Tag) RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils) ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils) Logger(org.apache.logging.log4j.Logger) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.containsString(org.hamcrest.Matchers.containsString) AbstractST(io.strimzi.systemtest.AbstractST) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) KafkaClientsTemplates(io.strimzi.systemtest.templates.crd.KafkaClientsTemplates) KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite) CONNECT(io.strimzi.systemtest.Constants.CONNECT) LocalDateTime(java.time.LocalDateTime) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER) ArrayList(java.util.ArrayList) PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SslConfigs(org.apache.kafka.common.config.SslConfigs) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority) Constants(io.strimzi.systemtest.Constants) Pod(io.fabric8.kubernetes.api.model.Pod) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) IOException(java.io.IOException) EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED) File(java.io.File) KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource) DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUserUtils) CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) KafkaMirrorMakerResources(io.strimzi.api.kafka.model.KafkaMirrorMakerResources) GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException) Date(java.util.Date) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) KubeClusterResource.cmdKubeClient(io.strimzi.test.k8s.KubeClusterResource.cmdKubeClient) Random(java.util.Random) STRIMZI_INTERMEDIATE_CA(io.strimzi.systemtest.security.SystemTestCertManager.STRIMZI_INTERMEDIATE_CA) AclOperation(io.strimzi.api.kafka.model.AclOperation) KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource) SystemTestCertManager.convertPrivateKeyToPKCS8File(io.strimzi.systemtest.security.SystemTestCertManager.convertPrivateKeyToPKCS8File) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls) Ca(io.strimzi.operator.cluster.model.Ca) KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils) StUtils(io.strimzi.systemtest.utils.StUtils) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) Collectors(java.util.stream.Collectors) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName) List(java.util.List) Labels(io.strimzi.operator.common.model.Labels) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) Secret(io.fabric8.kubernetes.api.model.Secret) IntStream(java.util.stream.IntStream) KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates) CoreMatchers.not(org.hamcrest.CoreMatchers.not) HashMap(java.util.HashMap) SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED) ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) Matchers(org.hamcrest.Matchers) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) LogManager(org.apache.logging.log4j.LogManager) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InputStream(java.io.InputStream) Pod(io.fabric8.kubernetes.api.model.Pod) InputStream(java.io.InputStream) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) Quantity(io.fabric8.kubernetes.api.model.Quantity) Matchers.containsString(org.hamcrest.Matchers.containsString) CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest) Tag(org.junit.jupiter.api.Tag)

Aggregations

LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)8 Pod (io.fabric8.kubernetes.api.model.Pod)8 Quantity (io.fabric8.kubernetes.api.model.Quantity)8 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)8 Secret (io.fabric8.kubernetes.api.model.Secret)8 KafkaResources (io.strimzi.api.kafka.model.KafkaResources)8 GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)8 KafkaListenerType (io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)8 Labels (io.strimzi.operator.common.model.Labels)8 AbstractST (io.strimzi.systemtest.AbstractST)8 Constants (io.strimzi.systemtest.Constants)8 INTERNAL_CLIENTS_USED (io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED)8 REGRESSION (io.strimzi.systemtest.Constants.REGRESSION)8 ParallelNamespaceTest (io.strimzi.systemtest.annotations.ParallelNamespaceTest)8 ParallelSuite (io.strimzi.systemtest.annotations.ParallelSuite)8 InternalKafkaClient (io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient)8 KafkaResource (io.strimzi.systemtest.resources.crd.KafkaResource)5 KafkaClientsTemplates (io.strimzi.systemtest.templates.crd.KafkaClientsTemplates)5 KafkaTemplates (io.strimzi.systemtest.templates.crd.KafkaTemplates)5 KafkaTopicTemplates (io.strimzi.systemtest.templates.crd.KafkaTopicTemplates)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial