Example 11 with KRaftNotSupported
use of io.strimzi.systemtest.annotations.KRaftNotSupported in project strimzi by strimzi.
the class SecurityST method testCertRegeneratedAfterInternalCAisDeleted.
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testCertRegeneratedAfterInternalCAisDeleted(ExtensionContext extensionContext) {
final TestStorage testStorage = new TestStorage(extensionContext, namespace);
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaPersistent(testStorage.getClusterName(), 3, 1).build());
Map<String, String> kafkaPods = PodUtils.podSnapshot(testStorage.getNamespaceName(), testStorage.getKafkaSelector());
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(testStorage.getClusterName(), testStorage.getUserName()).build(), KafkaTopicTemplates.topic(testStorage.getClusterName(), testStorage.getTopicName()).build());
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(testStorage.getClusterName())).withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withNamespaceName(testStorage.getNamespaceName()).withUserName(testStorage.getUserName()).build();
List<Secret> secrets = kubeClient().listSecrets(testStorage.getNamespaceName()).stream().filter(secret -> secret.getMetadata().getName().startsWith(testStorage.getClusterName()) && secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
for (Secret s : secrets) {
LOGGER.info("Verifying that secret {} with name {} is present", s, s.getMetadata().getName());
assertThat(s.getData(), is(notNullValue()));
}
for (Secret s : secrets) {
LOGGER.info("Deleting secret {}", s.getMetadata().getName());
kubeClient().deleteSecret(testStorage.getNamespaceName(), s.getMetadata().getName());
}
PodUtils.verifyThatRunningPodsAreStable(testStorage.getNamespaceName(), KafkaResources.kafkaStatefulSetName(testStorage.getClusterName()));
RollingUpdateUtils.waitTillComponentHasRolled(testStorage.getNamespaceName(), testStorage.getKafkaSelector(), 3, kafkaPods);
for (Secret s : secrets) {
SecretUtils.waitForSecretReady(testStorage.getNamespaceName(), s.getMetadata().getName(), () -> {
});
}
List<Secret> regeneratedSecrets = kubeClient().listSecrets(testStorage.getNamespaceName()).stream().filter(secret -> secret.getMetadata().getName().endsWith("ca-cert")).collect(Collectors.toList());
for (int i = 0; i < secrets.size(); i++) {
assertThat("Certificates has different cert UIDs", !secrets.get(i).getData().get("ca.crt").equals(regeneratedSecrets.get(i).getData().get("ca.crt")));
}
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerTlsStrimzi(testStorage.getClusterName()));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
Secret(io.fabric8.kubernetes.api.model.Secret)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
X509Certificate(java.security.cert.X509Certificate)
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
DeletionPropagation(io.fabric8.kubernetes.api.model.DeletionPropagation)
GroupAuthorizationException(org.apache.kafka.common.errors.GroupAuthorizationException)
Arrays(java.util.Arrays)
KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources)
SANITY(io.strimzi.systemtest.Constants.SANITY)
Date(java.util.Date)
KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource)
Random(java.util.Random)
AclOperation(io.strimzi.api.kafka.model.AclOperation)
KafkaTopicUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaTopicUtils)
KafkaConnectResource(io.strimzi.systemtest.resources.crd.KafkaConnectResource)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
KafkaResources.clusterCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaKeySecretName)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
KafkaResources.clientsCaKeySecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaKeySecretName)
KafkaResources(io.strimzi.api.kafka.model.KafkaResources)
Ca(io.strimzi.operator.cluster.model.Ca)
KafkaConnectUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaConnectUtils)
Map(java.util.Map)
Tag(org.junit.jupiter.api.Tag)
StUtils(io.strimzi.systemtest.utils.StUtils)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
RollingUpdateUtils(io.strimzi.systemtest.utils.RollingUpdateUtils)
ACCEPTANCE(io.strimzi.systemtest.Constants.ACCEPTANCE)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
KafkaMirrorMaker(io.strimzi.api.kafka.model.KafkaMirrorMaker)
INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
KafkaMirrorMakerUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaMirrorMakerUtils)
Collectors(java.util.stream.Collectors)
ClientUtils(io.strimzi.systemtest.utils.ClientUtils)
CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources)
KafkaResources.clusterCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clusterCaCertificateSecretName)
List(java.util.List)
Labels(io.strimzi.operator.common.model.Labels)
Logger(org.apache.logging.log4j.Logger)
KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates)
Secret(io.fabric8.kubernetes.api.model.Secret)
Matchers.containsString(org.hamcrest.Matchers.containsString)
AbstractST(io.strimzi.systemtest.AbstractST)
Environment(io.strimzi.systemtest.Environment)
IntStream(java.util.stream.IntStream)
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates)
KafkaMirrorMakerTemplates(io.strimzi.systemtest.templates.crd.KafkaMirrorMakerTemplates)
ParallelSuite(io.strimzi.systemtest.annotations.ParallelSuite)
CONNECT(io.strimzi.systemtest.Constants.CONNECT)
LocalDateTime(java.time.LocalDateTime)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
HashMap(java.util.HashMap)
ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient)
ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext)
MIRROR_MAKER(io.strimzi.systemtest.Constants.MIRROR_MAKER)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
SecretUtils(io.strimzi.systemtest.utils.kubeUtils.objects.SecretUtils)
ArrayList(java.util.ArrayList)
PodUtils(io.strimzi.systemtest.utils.kubeUtils.objects.PodUtils)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
TestUtils(io.strimzi.test.TestUtils)
Collections.singletonMap(java.util.Collections.singletonMap)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
NODEPORT_SUPPORTED(io.strimzi.systemtest.Constants.NODEPORT_SUPPORTED)
SslConfigs(org.apache.kafka.common.config.SslConfigs)
ROLLING_UPDATE(io.strimzi.systemtest.Constants.ROLLING_UPDATE)
CoreMatchers.sameInstance(org.hamcrest.CoreMatchers.sameInstance)
KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates)
KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils)
KafkaResources.clientsCaCertificateSecretName(io.strimzi.api.kafka.model.KafkaResources.clientsCaCertificateSecretName)
CertificateAuthority(io.strimzi.api.kafka.model.CertificateAuthority)
Constants(io.strimzi.systemtest.Constants)
Pod(io.fabric8.kubernetes.api.model.Pod)
Matchers(org.hamcrest.Matchers)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
EXTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.EXTERNAL_CLIENTS_USED)
KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient)
KafkaMirrorMakerResource(io.strimzi.systemtest.resources.crd.KafkaMirrorMakerResource)
DeploymentUtils(io.strimzi.systemtest.utils.kubeUtils.controllers.DeploymentUtils)
KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType)
KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates)
CONNECT_COMPONENTS(io.strimzi.systemtest.Constants.CONNECT_COMPONENTS)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
LogManager(org.apache.logging.log4j.LogManager)
REGRESSION(io.strimzi.systemtest.Constants.REGRESSION)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
KafkaConnectResources(io.strimzi.api.kafka.model.KafkaConnectResources)
InputStream(java.io.InputStream)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 12 with KRaftNotSupported
use of io.strimzi.systemtest.annotations.KRaftNotSupported in project strimzi by strimzi.
the class SecurityST method testAclRuleReadAndWrite.
@ParallelNamespaceTest
@Tag(NODEPORT_SUPPORTED)
@Tag(EXTERNAL_CLIENTS_USED)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testAclRuleReadAndWrite(ExtensionContext extensionContext) {
final String namespaceName = StUtils.getNamespaceBasedOnRbac(namespace, extensionContext);
final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
final String kafkaUserWrite = "kafka-user-write";
final String kafkaUserRead = "kafka-user-read";
final int numberOfMessages = 500;
final String consumerGroupName = "consumer-group-name-1";
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3, 1).editSpec().editKafka().withNewKafkaAuthorizationSimple().endKafkaAuthorizationSimple().withListeners(new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, kafkaUserWrite).editSpec().withNewKafkaUserAuthorizationSimple().addNewAcl().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.WRITE).endAcl().addNewAcl().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(// describe is for that user can find out metadata
AclOperation.DESCRIBE).endAcl().endKafkaUserAuthorizationSimple().endSpec().build());
LOGGER.info("Checking KafkaUser {} that is able to send messages to topic '{}'", kafkaUserWrite, topicName);
ExternalKafkaClient externalKafkaClient = new ExternalKafkaClient.Builder().withTopicName(topicName).withNamespaceName(namespaceName).withClusterName(clusterName).withKafkaUsername(kafkaUserWrite).withMessageCount(numberOfMessages).withSecurityProtocol(SecurityProtocol.SSL).withListenerName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).build();
assertThat(externalKafkaClient.sendMessagesTls(), is(numberOfMessages));
assertThrows(GroupAuthorizationException.class, externalKafkaClient::receiveMessagesTls);
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, kafkaUserRead).editSpec().withNewKafkaUserAuthorizationSimple().addNewAcl().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(AclOperation.READ).endAcl().addNewAcl().withNewAclRuleGroupResource().withName(consumerGroupName).endAclRuleGroupResource().withOperation(AclOperation.READ).endAcl().addNewAcl().withNewAclRuleTopicResource().withName(topicName).endAclRuleTopicResource().withOperation(// s describe is for that user can find out metadata
AclOperation.DESCRIBE).endAcl().endKafkaUserAuthorizationSimple().endSpec().build());
ExternalKafkaClient newExternalKafkaClient = externalKafkaClient.toBuilder().withKafkaUsername(kafkaUserRead).withConsumerGroupName(consumerGroupName).build();
assertThat(newExternalKafkaClient.receiveMessagesTls(), is(numberOfMessages));
LOGGER.info("Checking KafkaUser {} that is not able to send messages to topic '{}'", kafkaUserRead, topicName);
assertThrows(Exception.class, newExternalKafkaClient::sendMessagesTls);
}
Also used :
ExternalKafkaClient(io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient)
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder)
CertificateAuthorityBuilder(io.strimzi.api.kafka.model.CertificateAuthorityBuilder)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 13 with KRaftNotSupported
use of io.strimzi.systemtest.annotations.KRaftNotSupported in project strimzi by strimzi.
the class SecurityST method testAutoRenewCaCertsTriggerByExpiredCertificate.
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test case")
void testAutoRenewCaCertsTriggerByExpiredCertificate(ExtensionContext extensionContext) {
final TestStorage testStorage = new TestStorage(extensionContext, namespace);
// 1. Create the Secrets already, and a certificate that's already expired
InputStream secretInputStream = getClass().getClassLoader().getResourceAsStream("security-st-certs/expired-cluster-ca.crt");
String clusterCaCert = TestUtils.readResource(secretInputStream);
SecretUtils.createSecret(testStorage.getNamespaceName(), clusterCaCertificateSecretName(testStorage.getClusterName()), "ca.crt", clusterCaCert);
// 2. Now create a cluster
createKafkaCluster(extensionContext, testStorage.getClusterName());
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(testStorage.getClusterName(), testStorage.getUserName()).build(), KafkaTopicTemplates.topic(testStorage.getClusterName(), testStorage.getTopicName()).build());
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(testStorage.getTopicName()).withMessageCount(MESSAGE_COUNT).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(testStorage.getClusterName())).withProducerName(testStorage.getProducerName()).withConsumerName(testStorage.getConsumerName()).withNamespaceName(testStorage.getNamespaceName()).withUserName(testStorage.getUserName()).build();
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerTlsStrimzi(testStorage.getClusterName()));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
// Wait until the certificates have been replaced
SecretUtils.waitForCertToChange(testStorage.getNamespaceName(), clusterCaCert, clusterCaCertificateSecretName(testStorage.getClusterName()));
// Wait until the pods are all up and ready
KafkaUtils.waitForClusterStability(testStorage.getNamespaceName(), testStorage.getClusterName());
resourceManager.createResource(extensionContext, kafkaClients.producerTlsStrimzi(testStorage.getClusterName()), kafkaClients.consumerTlsStrimzi(testStorage.getClusterName()));
ClientUtils.waitForClientsSuccess(testStorage.getProducerName(), testStorage.getConsumerName(), testStorage.getNamespaceName(), MESSAGE_COUNT);
}
Also used :
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
InputStream(java.io.InputStream)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 14 with KRaftNotSupported
use of io.strimzi.systemtest.annotations.KRaftNotSupported in project strimzi by strimzi.
the class ConnectIsolatedST method testKafkaConnectWithPlainAndScramShaAuthentication.
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test class")
@ParallelNamespaceTest
@Tag(INTERNAL_CLIENTS_USED)
void testKafkaConnectWithPlainAndScramShaAuthentication(ExtensionContext extensionContext) {
TestStorage storage = new TestStorage(extensionContext);
// Use a Kafka with plain listener disabled
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(storage.getClusterName(), 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.PLAIN_LISTENER_DEFAULT_NAME).withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).withAuth(new KafkaListenerAuthenticationScramSha512()).build()).endKafka().endSpec().build());
KafkaUser kafkaUser = KafkaUserTemplates.scramShaUser(storage.getClusterName(), storage.getUserName()).build();
resourceManager.createResource(extensionContext, kafkaUser);
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(storage.getClusterName(), storage.getTopicName()).build());
KafkaConnect connect = KafkaConnectTemplates.kafkaConnectWithFilePlugin(storage.getNamespaceName(), storage.getClusterName(), 1).editSpec().withBootstrapServers(KafkaResources.plainBootstrapAddress(storage.getClusterName())).withNewKafkaClientAuthenticationScramSha512().withUsername(storage.getUserName()).withPasswordSecret(new PasswordSecretSourceBuilder().withSecretName(storage.getUserName()).withPassword("password").build()).endKafkaClientAuthenticationScramSha512().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withVersion(Environment.ST_KAFKA_VERSION).withReplicas(1).endSpec().build();
// This is required to be able to remove the TLS setting, the builder cannot remove it
connect.getSpec().setTls(null);
resourceManager.createResource(extensionContext, connect, ScraperTemplates.scraperPod(storage.getNamespaceName(), storage.getScraperName()).build());
LOGGER.info("Deploy NetworkPolicies for KafkaConnect");
NetworkPolicyResource.deployNetworkPolicyForResource(extensionContext, connect, KafkaConnectResources.deploymentName(storage.getClusterName()));
final String kafkaConnectPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(KafkaConnectResources.deploymentName(storage.getClusterName())).get(0).getMetadata().getName();
final String kafkaConnectLogs = kubeClient(storage.getNamespaceName()).logs(kafkaConnectPodName);
final String scraperPodName = kubeClient(storage.getNamespaceName()).listPodsByPrefixInName(storage.getScraperName()).get(0).getMetadata().getName();
KafkaConnectUtils.waitUntilKafkaConnectRestApiIsAvailable(storage.getNamespaceName(), kafkaConnectPodName);
LOGGER.info("Verifying that KafkaConnect pod logs don't contain ERRORs");
assertThat(kafkaConnectLogs, not(containsString("ERROR")));
LOGGER.info("Creating FileStreamSink connector via pod {} with topic {}", scraperPodName, storage.getTopicName());
KafkaConnectorUtils.createFileSinkConnector(storage.getNamespaceName(), scraperPodName, storage.getTopicName(), Constants.DEFAULT_SINK_FILE_PATH, KafkaConnectResources.url(storage.getClusterName(), storage.getNamespaceName(), 8083));
KafkaClients kafkaClients = new KafkaClientsBuilder().withTopicName(storage.getTopicName()).withMessageCount(MESSAGE_COUNT).withUserName(storage.getUserName()).withBootstrapAddress(KafkaResources.plainBootstrapAddress(storage.getClusterName())).withProducerName(storage.getProducerName()).withConsumerName(storage.getConsumerName()).withNamespaceName(storage.getNamespaceName()).build();
resourceManager.createResource(extensionContext, kafkaClients.producerScramShaPlainStrimzi(), kafkaClients.consumerScramShaPlainStrimzi());
ClientUtils.waitForClientsSuccess(storage.getProducerName(), storage.getConsumerName(), storage.getNamespaceName(), MESSAGE_COUNT);
KafkaConnectUtils.waitForMessagesInKafkaConnectFileSink(storage.getNamespaceName(), kafkaConnectPodName, Constants.DEFAULT_SINK_FILE_PATH, "99");
}
Also used :
KafkaListenerAuthenticationScramSha512(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationScramSha512)
KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)
KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
TestStorage(io.strimzi.systemtest.storage.TestStorage)
KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KafkaUser(io.strimzi.api.kafka.model.KafkaUser)
PasswordSecretSourceBuilder(io.strimzi.api.kafka.model.PasswordSecretSourceBuilder)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Example 15 with KRaftNotSupported
use of io.strimzi.systemtest.annotations.KRaftNotSupported in project strimzi by strimzi.
the class ConnectIsolatedST method testConnectTlsAuthWithWeirdUserName.
@Tag(NODEPORT_SUPPORTED)
@Tag(EXTERNAL_CLIENTS_USED)
@Tag(CONNECTOR_OPERATOR)
@KRaftNotSupported("UserOperator is not supported by KRaft mode and is used in this test class")
@ParallelNamespaceTest
void testConnectTlsAuthWithWeirdUserName(ExtensionContext extensionContext) {
final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
final String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
final String namespaceName = StUtils.getNamespaceBasedOnRbac(INFRA_NAMESPACE, extensionContext);
// Create weird named user with . and maximum of 64 chars -> TLS
final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasd";
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 3).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build(), new GenericKafkaListenerBuilder().withName(Constants.EXTERNAL_LISTENER_DEFAULT_NAME).withPort(9094).withType(KafkaListenerType.NODEPORT).withTls(true).withAuth(new KafkaListenerAuthenticationTls()).build()).endKafka().endSpec().build());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topicName).build());
resourceManager.createResource(extensionContext, KafkaUserTemplates.tlsUser(clusterName, weirdUserName).build());
resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnectWithFilePlugin(namespaceName, clusterName, 1).editMetadata().addToAnnotations(Annotations.STRIMZI_IO_USE_CONNECTOR_RESOURCES, "true").endMetadata().editSpec().addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withCertificate("ca.crt").withSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName)).build()).endTls().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(weirdUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withBootstrapServers(KafkaResources.tlsBootstrapAddress(clusterName)).endSpec().build());
testConnectAuthorizationWithWeirdUserName(extensionContext, clusterName, weirdUserName, SecurityProtocol.SSL, topicName);
}
Also used :
KafkaListenerAuthenticationTls(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
Matchers.containsString(org.hamcrest.Matchers.containsString)
KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported)
ParallelNamespaceTest(io.strimzi.systemtest.annotations.ParallelNamespaceTest)
Tag(org.junit.jupiter.api.Tag)
Aggregations
KRaftNotSupported (io.strimzi.systemtest.annotations.KRaftNotSupported)162
ParallelNamespaceTest (io.strimzi.systemtest.annotations.ParallelNamespaceTest)138
Tag (org.junit.jupiter.api.Tag)100
KafkaClientsBuilder (io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder)94
TestStorage (io.strimzi.systemtest.storage.TestStorage)94
KafkaClients (io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients)86
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)80
Matchers.containsString (org.hamcrest.Matchers.containsString)74
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)44
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)36
ExternalKafkaClient (io.strimzi.systemtest.kafkaclients.externalClients.ExternalKafkaClient)32
Secret (io.fabric8.kubernetes.api.model.Secret)30
HashMap (java.util.HashMap)30
KafkaListenerAuthenticationTls (io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationTls)28
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)24
KafkaResources (io.strimzi.api.kafka.model.KafkaResources)24
AbstractST (io.strimzi.systemtest.AbstractST)24
Constants (io.strimzi.systemtest.Constants)24
REGRESSION (io.strimzi.systemtest.Constants.REGRESSION)24
KafkaResource (io.strimzi.systemtest.resources.crd.KafkaResource)24
