Examples with ParallelTest io.strimzi.systemtest.annotations.ParallelTest used on opensource projects

Example 76 with ParallelTest

use of io.strimzi.systemtest.annotations.ParallelTest in project strimzi-kafka-operator by strimzi.

the class HttpBridgeCorsST method testCorsForbidden.

@ParallelTest
void testCorsForbidden() {
    final String kafkaBridgeUser = "bridge-user-example";
    final String groupId = ClientUtils.generateRandomConsumerGroup();
    Map<String, String> additionalHeaders = new HashMap<>();
    additionalHeaders.put("Origin", NOT_ALLOWED_ORIGIN);
    additionalHeaders.put("Access-Control-Request-Method", HttpMethod.POST.toString());
    String url = bridgeUrl + "/consumers/" + groupId + "/instances/" + kafkaBridgeUser + "/subscription";
    String headers = BridgeUtils.addHeadersToString(additionalHeaders);
    String response = cmdKubeClient().namespace(namespace).execInPod(kafkaClientsPodName, "/bin/bash", "-c", BridgeUtils.buildCurlCommand(HttpMethod.OPTIONS, url, headers, "")).out().trim();
    LOGGER.info("Response from Bridge: {}", response);
    LOGGER.info("Checking if response from Bridge is correct");
    assertThat(response, containsString("403"));
    assertThat(response, containsString("CORS Rejected - Invalid origin"));
    additionalHeaders.remove("Access-Control-Request-Method", HttpMethod.POST.toString());
    headers = BridgeUtils.addHeadersToString(additionalHeaders);
    response = cmdKubeClient().namespace(namespace).execInPod(kafkaClientsPodName, "/bin/bash", "-c", BridgeUtils.buildCurlCommand(HttpMethod.POST, url, headers, "")).out().trim();
    LOGGER.info("Response from Bridge: {}", response);
    LOGGER.info("Checking if response from Bridge is correct");
    assertThat(response, containsString("403"));
    assertThat(response, containsString("CORS Rejected - Invalid origin"));
}

Example 77 with ParallelTest

use of io.strimzi.systemtest.annotations.ParallelTest in project strimzi-kafka-operator by strimzi.

the class HttpBridgeKafkaExternalListenersST method testTlsAuthWithWeirdUsername.

@ParallelTest
void testTlsAuthWithWeirdUsername(ExtensionContext extensionContext) {
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    // Create weird named user with . and maximum of 64 chars -> TLS
    final String weirdUserName = "jjglmahyijoambryleyxjjglmahy.ijoambryleyxjjglmahyijoambryleyxasd";
    // Initialize CertSecretSource with certificate and secret names for consumer
    CertSecretSource certSecret = new CertSecretSource();
    certSecret.setCertificate("ca.crt");
    certSecret.setSecretName(KafkaResources.clusterCaCertificateSecretName(clusterName));
    KafkaBridgeSpec bridgeSpec = new KafkaBridgeSpecBuilder().withNewKafkaClientAuthenticationTls().withNewCertificateAndKey().withSecretName(weirdUserName).withCertificate("user.crt").withKey("user.key").endCertificateAndKey().endKafkaClientAuthenticationTls().withNewTls().withTrustedCertificates(certSecret).endTls().build();
    testWeirdUsername(extensionContext, weirdUserName, new KafkaListenerAuthenticationTls(), bridgeSpec, SecurityProtocol.SSL);
}

Example 78 with ParallelTest

use of io.strimzi.systemtest.annotations.ParallelTest in project strimzi-kafka-operator by strimzi.

the class OauthPlainIsolatedST method testProducerConsumerConnect.

@Description("As an oauth KafkaConnect, I should be able to sink messages from kafka broker topic.")
@ParallelTest
@Tag(CONNECT)
@Tag(CONNECT_COMPONENTS)
void testProducerConsumerConnect(ExtensionContext extensionContext) {
    String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
    String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
    String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
    String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    KafkaOauthClients oauthExampleClients = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.plainBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, INFRA_NAMESPACE).build());
    resourceManager.createResource(extensionContext, oauthExampleClients.producerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, producerName);
    resourceManager.createResource(extensionContext, oauthExampleClients.consumerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, consumerName);
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(INFRA_NAMESPACE, false, kafkaClientsName).build());
    resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnect(extensionContext, clusterName, oauthClusterName, 1).editMetadata().withNamespace(INFRA_NAMESPACE).endMetadata().withNewSpec().withReplicas(1).withBootstrapServers(KafkaResources.plainBootstrapAddress(oauthClusterName)).withConfig(connectorConfig).addToConfig("key.converter.schemas.enable", false).addToConfig("value.converter.schemas.enable", false).addToConfig("key.converter", "org.apache.kafka.connect.storage.StringConverter").addToConfig("value.converter", "org.apache.kafka.connect.storage.StringConverter").withNewKafkaClientAuthenticationOAuth().withTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).withClientId("kafka-connect").withNewClientSecret().withSecretName(CONNECT_OAUTH_SECRET).withKey(OAUTH_KEY).endClientSecret().withConnectTimeoutSeconds(CONNECT_TIMEOUT_S).withReadTimeoutSeconds(READ_TIMEOUT_S).endKafkaClientAuthenticationOAuth().withTls(null).withNewInlineLogging().addToLoggers("connect.root.logger.level", "DEBUG").endInlineLogging().endSpec().build());
    final String kafkaConnectPodName = kubeClient(INFRA_NAMESPACE).listPods(INFRA_NAMESPACE, clusterName, Labels.STRIMZI_KIND_LABEL, KafkaConnect.RESOURCE_KIND).get(0).getMetadata().getName();
    KafkaConnectUtils.waitUntilKafkaConnectRestApiIsAvailable(INFRA_NAMESPACE, kafkaConnectPodName);
    KafkaConnectorUtils.createFileSinkConnector(INFRA_NAMESPACE, kafkaConnectPodName, topicName, Constants.DEFAULT_SINK_FILE_PATH, "http://localhost:8083");
    KafkaConnectUtils.waitForMessagesInKafkaConnectFileSink(INFRA_NAMESPACE, kafkaConnectPodName, Constants.DEFAULT_SINK_FILE_PATH, "\"Hello-world - 99\"");
    final String kafkaConnectLogs = KubeClusterResource.cmdKubeClient(INFRA_NAMESPACE).execInCurrentNamespace(Level.DEBUG, "logs", kafkaConnectPodName).out();
    verifyOauthConfiguration(kafkaConnectLogs);
}

Example 79 with ParallelTest

use of io.strimzi.systemtest.annotations.ParallelTest in project strimzi-kafka-operator by strimzi.

the class OauthPlainIsolatedST method testProducerConsumerAudienceTokenChecks.

@ParallelTest
void testProducerConsumerAudienceTokenChecks(ExtensionContext extensionContext) {
    String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
    String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
    String audienceProducerName = OAUTH_CLIENT_AUDIENCE_PRODUCER + "-" + clusterName;
    String audienceConsumerName = OAUTH_CLIENT_AUDIENCE_CONSUMER + "-" + clusterName;
    String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    LOGGER.info("Setting producer and consumer properties");
    KafkaOauthClients oauthInternalClientJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.bootstrapServiceName(oauthClusterName) + ":" + audienceListenerPort).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    LOGGER.info("Use clients without access token containing audience token");
    resourceManager.createResource(extensionContext, oauthInternalClientJob.producerStrimziOauthPlain());
    assertDoesNotThrow(() -> ClientUtils.waitForClientTimeout(producerName, INFRA_NAMESPACE, MESSAGE_COUNT));
    resourceManager.createResource(extensionContext, oauthInternalClientJob.consumerStrimziOauthPlain());
    assertDoesNotThrow(() -> ClientUtils.waitForClientTimeout(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT));
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, producerName);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, consumerName);
    LOGGER.info("Use clients with Access token containing audience token");
    KafkaOauthClients oauthAudienceInternalClientJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(audienceProducerName).withConsumerName(audienceConsumerName).withBootstrapAddress(KafkaResources.bootstrapServiceName(oauthClusterName) + ":" + customClaimListenerPort).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    resourceManager.createResource(extensionContext, oauthAudienceInternalClientJob.producerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(audienceProducerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    resourceManager.createResource(extensionContext, oauthAudienceInternalClientJob.consumerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(audienceConsumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, audienceProducerName);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, audienceConsumerName);
}

Example 80 with ParallelTest

use of io.strimzi.systemtest.annotations.ParallelTest in project strimzi-kafka-operator by strimzi.

the class OauthPlainIsolatedST method testAccessTokenClaimCheck.

@ParallelTest
void testAccessTokenClaimCheck(ExtensionContext extensionContext) {
    String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
    String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
    String audienceProducerName = OAUTH_CLIENT_AUDIENCE_PRODUCER + "-" + clusterName;
    String audienceConsumerName = OAUTH_CLIENT_AUDIENCE_CONSUMER + "-" + clusterName;
    String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
    LOGGER.info("Use clients with clientId not containing 'hello-world' in access token.");
    KafkaOauthClients oauthAudienceInternalClientJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(audienceProducerName).withConsumerName(audienceConsumerName).withBootstrapAddress(KafkaResources.bootstrapServiceName(oauthClusterName) + ":" + customClaimListenerPort).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthProducerClientId(OAUTH_CLIENT_AUDIENCE_PRODUCER).withOauthConsumerClientId(OAUTH_CLIENT_AUDIENCE_CONSUMER).withOauthClientSecret(OAUTH_CLIENT_AUDIENCE_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    resourceManager.createResource(extensionContext, oauthAudienceInternalClientJob.producerStrimziOauthPlain());
    assertDoesNotThrow(() -> ClientUtils.waitForClientTimeout(audienceProducerName, INFRA_NAMESPACE, MESSAGE_COUNT));
    resourceManager.createResource(extensionContext, oauthAudienceInternalClientJob.consumerStrimziOauthPlain());
    assertDoesNotThrow(() -> ClientUtils.waitForClientTimeout(audienceConsumerName, INFRA_NAMESPACE, MESSAGE_COUNT));
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, audienceProducerName);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, audienceConsumerName);
    LOGGER.info("Use clients with clientId containing 'hello-world' in access token.");
    KafkaOauthClients oauthInternalClientJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.bootstrapServiceName(oauthClusterName) + ":" + customClaimListenerPort).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
    resourceManager.createResource(extensionContext, oauthInternalClientJob.producerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    resourceManager.createResource(extensionContext, oauthInternalClientJob.consumerStrimziOauthPlain());
    ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, producerName);
    JobUtils.deleteJobWithWait(INFRA_NAMESPACE, consumerName);
}