Example 36 with KafkaOauthClients
use of io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients in project strimzi-kafka-operator by strimzi.
the class OauthPlainIsolatedST method testProducerConsumer.
@Description("As an oauth producer, I should be able to produce messages to the kafka broker\n" + "As an oauth consumer, I should be able to consumer messages from the kafka broker.")
@ParallelTest
void testProducerConsumer(ExtensionContext extensionContext) {
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, INFRA_NAMESPACE).build());
KafkaOauthClients oauthExampleClients = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.plainBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
resourceManager.createResource(extensionContext, oauthExampleClients.producerStrimziOauthPlain());
ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
resourceManager.createResource(extensionContext, oauthExampleClients.consumerStrimziOauthPlain());
ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
}
Also used :
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
Description(io.vertx.core.cli.annotations.Description)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Example 37 with KafkaOauthClients
use of io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients in project strimzi-kafka-operator by strimzi.
the class OauthPlainIsolatedST method testSaslPlainProducerConsumer.
@ParallelTest
void testSaslPlainProducerConsumer(ExtensionContext extensionContext) {
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String audienceProducerName = OAUTH_CLIENT_AUDIENCE_PRODUCER + "-" + clusterName;
String audienceConsumerName = OAUTH_CLIENT_AUDIENCE_CONSUMER + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
String plainAdditionalConfig = "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=%s password=%s;\n" + "sasl.mechanism=PLAIN";
KafkaOauthClients plainSaslOauthConsumerClientsJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withConsumerName(audienceConsumerName).withBootstrapAddress(KafkaResources.plainBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).withAdditionalConfig(String.format(plainAdditionalConfig, OAUTH_CLIENT_AUDIENCE_CONSUMER, OAUTH_CLIENT_AUDIENCE_SECRET)).build();
KafkaOauthClients plainSaslOauthProducerClientsJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(audienceProducerName).withBootstrapAddress(KafkaResources.plainBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).withAdditionalConfig(String.format(plainAdditionalConfig, OAUTH_CLIENT_AUDIENCE_PRODUCER, OAUTH_CLIENT_AUDIENCE_SECRET)).build();
resourceManager.createResource(extensionContext, plainSaslOauthProducerClientsJob.producerStrimziOauthPlain());
ClientUtils.waitForClientSuccess(audienceProducerName, INFRA_NAMESPACE, MESSAGE_COUNT);
resourceManager.createResource(extensionContext, plainSaslOauthConsumerClientsJob.consumerStrimziOauthPlain());
ClientUtils.waitForClientSuccess(audienceConsumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
}
Also used :
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Example 38 with KafkaOauthClients
use of io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients in project strimzi-kafka-operator by strimzi.
the class OauthTlsIsolatedST method testIntrospectionEndpoint.
@ParallelTest
void testIntrospectionEndpoint(ExtensionContext extensionContext) {
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, INFRA_NAMESPACE).build());
keycloakInstance.setIntrospectionEndpointUri("https://" + keycloakInstance.getHttpsUri() + "/auth/realms/internal/protocol/openid-connect/token/introspect");
String introspectionKafka = oauthClusterName + "-intro";
CertSecretSource cert = new CertSecretSourceBuilder().withSecretName(KeycloakInstance.KEYCLOAK_SECRET_NAME).withCertificate(KeycloakInstance.KEYCLOAK_SECRET_CERT).build();
resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(introspectionKafka, 1).editMetadata().withNamespace(INFRA_NAMESPACE).endMetadata().editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationOAuth().withClientId(OAUTH_KAFKA_BROKER_NAME).withNewClientSecret().withSecretName(OAUTH_KAFKA_BROKER_SECRET).withKey(OAUTH_KEY).endClientSecret().withAccessTokenIsJwt(false).withValidIssuerUri(keycloakInstance.getValidIssuerUri()).withIntrospectionEndpointUri(keycloakInstance.getIntrospectionEndpointUri()).withTlsTrustedCertificates(cert).withDisableTlsHostnameVerification(true).endKafkaListenerAuthenticationOAuth().build()).endKafka().endSpec().build());
KafkaOauthClients oauthInternalClientIntrospectionJob = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(introspectionKafka)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
resourceManager.createResource(extensionContext, oauthInternalClientIntrospectionJob.producerStrimziOauthTls(introspectionKafka));
ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
resourceManager.createResource(extensionContext, oauthInternalClientIntrospectionJob.consumerStrimziOauthTls(introspectionKafka));
ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
}
Also used :
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Example 39 with KafkaOauthClients
use of io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients in project strimzi-kafka-operator by strimzi.
the class OauthTlsIsolatedST method testProducerConsumerBridge.
@Description("As a oauth bridge, i am able to send messages to bridge endpoint using encrypted communication")
@ParallelTest
@Tag(BRIDGE)
void testProducerConsumerBridge(ExtensionContext extensionContext) {
String kafkaClientsName = mapWithKafkaClientNames.get(extensionContext.getDisplayName());
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, INFRA_NAMESPACE).build());
KafkaOauthClients oauthExampleClients = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
resourceManager.createResource(extensionContext, oauthExampleClients.producerStrimziOauthTls(oauthClusterName));
ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
JobUtils.deleteJobWithWait(INFRA_NAMESPACE, producerName);
resourceManager.createResource(extensionContext, oauthExampleClients.consumerStrimziOauthTls(oauthClusterName));
ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
JobUtils.deleteJobWithWait(INFRA_NAMESPACE, consumerName);
resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(INFRA_NAMESPACE, true, kafkaClientsName).build());
resourceManager.createResource(extensionContext, KafkaBridgeTemplates.kafkaBridge(oauthClusterName, KafkaResources.tlsBootstrapAddress(oauthClusterName), 1).editMetadata().withNamespace(INFRA_NAMESPACE).endMetadata().editSpec().withNewTls().withTrustedCertificates(new CertSecretSourceBuilder().withCertificate("ca.crt").withSecretName(KafkaResources.clusterCaCertificateSecretName(oauthClusterName)).build()).endTls().withNewKafkaClientAuthenticationOAuth().withTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).withClientId("kafka-bridge").withNewClientSecret().withSecretName(BRIDGE_OAUTH_SECRET).withKey(OAUTH_KEY).endClientSecret().addNewTlsTrustedCertificate().withSecretName(KeycloakInstance.KEYCLOAK_SECRET_NAME).withCertificate(KeycloakInstance.KEYCLOAK_SECRET_CERT).endTlsTrustedCertificate().withDisableTlsHostnameVerification(true).endKafkaClientAuthenticationOAuth().endSpec().build());
producerName = "bridge-producer-" + clusterName;
BridgeClients kafkaBridgeClientJob = new BridgeClientsBuilder().withProducerName(producerName).withBootstrapAddress(KafkaBridgeResources.serviceName(oauthClusterName)).withTopicName(topicName).withMessageCount(10).withPort(HTTP_BRIDGE_DEFAULT_PORT).withDelayMs(1000).withPollInterval(1000).withNamespaceName(INFRA_NAMESPACE).build();
resourceManager.createResource(extensionContext, kafkaBridgeClientJob.producerStrimziBridge());
ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
JobUtils.deleteJobWithWait(INFRA_NAMESPACE, producerName);
}
Also used :
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder)
BridgeClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
BridgeClients(io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
Description(io.vertx.core.cli.annotations.Description)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Tag(org.junit.jupiter.api.Tag)
Example 40 with KafkaOauthClients
use of io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients in project strimzi-kafka-operator by strimzi.
the class OauthTlsIsolatedST method testProducerConsumer.
@Description("As an oauth producer, I am able to produce messages to the kafka broker\n" + "As an oauth consumer, I am able to consumer messages from the kafka broker using encrypted communication")
@ParallelTest
void testProducerConsumer(ExtensionContext extensionContext) {
String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
String producerName = OAUTH_PRODUCER_NAME + "-" + clusterName;
String consumerName = OAUTH_CONSUMER_NAME + "-" + clusterName;
String topicName = mapWithTestTopics.get(extensionContext.getDisplayName());
resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(oauthClusterName, topicName, INFRA_NAMESPACE).build());
KafkaOauthClients oauthExampleClients = new KafkaOauthClientsBuilder().withNamespaceName(INFRA_NAMESPACE).withProducerName(producerName).withConsumerName(consumerName).withBootstrapAddress(KafkaResources.tlsBootstrapAddress(oauthClusterName)).withTopicName(topicName).withMessageCount(MESSAGE_COUNT).withOauthClientId(OAUTH_CLIENT_NAME).withOauthClientSecret(OAUTH_CLIENT_SECRET).withOauthTokenEndpointUri(keycloakInstance.getOauthTokenEndpointUri()).build();
resourceManager.createResource(extensionContext, oauthExampleClients.producerStrimziOauthTls(oauthClusterName));
ClientUtils.waitForClientSuccess(producerName, INFRA_NAMESPACE, MESSAGE_COUNT);
resourceManager.createResource(extensionContext, oauthExampleClients.consumerStrimziOauthTls(oauthClusterName));
ClientUtils.waitForClientSuccess(consumerName, INFRA_NAMESPACE, MESSAGE_COUNT);
}
Also used :
KafkaOauthClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
KafkaOauthClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)
Description(io.vertx.core.cli.annotations.Description)
ParallelTest(io.strimzi.systemtest.annotations.ParallelTest)
Aggregations
KafkaOauthClients (io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClients)42
KafkaOauthClientsBuilder (io.strimzi.systemtest.kafkaclients.internalClients.KafkaOauthClientsBuilder)42
ParallelTest (io.strimzi.systemtest.annotations.ParallelTest)32
Description (io.vertx.core.cli.annotations.Description)28
Order (org.junit.jupiter.api.Order)16
TestMethodOrder (org.junit.jupiter.api.TestMethodOrder)16
Tag (org.junit.jupiter.api.Tag)14
CertSecretSourceBuilder (io.strimzi.api.kafka.model.CertSecretSourceBuilder)12
GenericKafkaListenerBuilder (io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder)10
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)10
IsolatedTest (io.strimzi.systemtest.annotations.IsolatedTest)8
BridgeClients (io.strimzi.systemtest.kafkaclients.internalClients.BridgeClients)4
BridgeClientsBuilder (io.strimzi.systemtest.kafkaclients.internalClients.BridgeClientsBuilder)4
WaitException (io.strimzi.test.WaitException)4
LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)2
CertSecretSource (io.strimzi.api.kafka.model.CertSecretSource)2
InlineLogging (io.strimzi.api.kafka.model.InlineLogging)2
KafkaAuthorizationKeycloak (io.strimzi.api.kafka.model.KafkaAuthorizationKeycloak)2
KafkaMirrorMaker2ClusterSpec (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpec)2
KafkaMirrorMaker2ClusterSpecBuilder (io.strimzi.api.kafka.model.KafkaMirrorMaker2ClusterSpecBuilder)2
