Example 1 with ServiceAccount
use of org.bf2.cos.fleet.manager.model.ServiceAccount in project cos-fleetshard by bf2fc6cc711aee1a0c2a.
the class AbstractOperandController method reify.
@Override
public List<HasMetadata> reify(ManagedConnector connector, Secret secret) {
LOGGER.debug("Reifying connector: {} and secret.metadata: {}", connector, secret.getMetadata());
final ServiceAccount serviceAccountSettings = extract(secret, SECRET_ENTRY_SERVICE_ACCOUNT, ServiceAccount.class);
LOGGER.debug("Extracted serviceAccount {}", serviceAccountSettings == null ? "is null" : "with clientId: " + serviceAccountSettings.getClientId());
ServiceAccountSpec sas = serviceAccountSettings == null ? new ServiceAccountSpecBuilder().build() : new ServiceAccountSpecBuilder().withClientId(serviceAccountSettings.getClientId()).withClientSecret(serviceAccountSettings.getClientSecret()).build();
ConnectorConfiguration<S> connectorConfig;
try {
connectorConfig = new ConnectorConfiguration<>(extract(secret, SECRET_ENTRY_CONNECTOR, ObjectNode.class), connectorSpecType);
} catch (IncompleteConnectorSpecException e) {
throw new RuntimeException("Incomplete connectorSpec for connector \"" + connector.getSpec().getConnectorId() + "@" + connector.getSpec().getDeploymentId() + "#" + connector.getSpec().getDeployment().getDeploymentResourceVersion() + "\": " + e.getLocalizedMessage(), e);
}
return doReify(connector, extract(secret, SECRET_ENTRY_META, metadataType), connectorConfig, sas);
}
Also used :
IncompleteConnectorSpecException(org.bf2.cos.fleetshard.operator.connector.IncompleteConnectorSpecException)
ServiceAccount(org.bf2.cos.fleet.manager.model.ServiceAccount)
ServiceAccountSpec(org.bf2.cos.fleetshard.api.ServiceAccountSpec)
ServiceAccountSpecBuilder(org.bf2.cos.fleetshard.api.ServiceAccountSpecBuilder)
Example 2 with ServiceAccount
use of org.bf2.cos.fleet.manager.model.ServiceAccount in project cos-fleetshard by bf2fc6cc711aee1a0c2a.
the class ConnectorTestSupport method createDeployment.
public static ConnectorDeployment createDeployment(long deploymentRevision, Supplier<JsonNode> connectorSpec, Supplier<JsonNode> connectorMeta) {
final String deploymentId = "did";
final String connectorId = "cid";
final String connectorTypeId = "ctid";
return new ConnectorDeployment().kind("ConnectorDeployment").id(deploymentId).metadata(new ConnectorDeploymentAllOfMetadata().resourceVersion(deploymentRevision)).spec(new ConnectorDeploymentSpec().connectorId(connectorId).connectorTypeId(connectorTypeId).connectorResourceVersion(1L).kafka(new KafkaConnectionSettings().url("kafka.acme.com:2181")).schemaRegistry(new SchemaRegistryConnectionSettings().url("schemaregistry.acme.com:2282")).serviceAccount(new ServiceAccount().clientId(UUID.randomUUID().toString()).clientSecret(toBase64(UUID.randomUUID().toString()))).connectorSpec(connectorSpec.get()).shardMetadata(connectorMeta.get()).desiredState(DESIRED_STATE_READY));
}
Also used :
ConnectorDeployment(org.bf2.cos.fleet.manager.model.ConnectorDeployment)
ServiceAccount(org.bf2.cos.fleet.manager.model.ServiceAccount)
ConnectorDeploymentAllOfMetadata(org.bf2.cos.fleet.manager.model.ConnectorDeploymentAllOfMetadata)
ConnectorDeploymentSpec(org.bf2.cos.fleet.manager.model.ConnectorDeploymentSpec)
SchemaRegistryConnectionSettings(org.bf2.cos.fleet.manager.model.SchemaRegistryConnectionSettings)
KafkaConnectionSettings(org.bf2.cos.fleet.manager.model.KafkaConnectionSettings)
Example 3 with ServiceAccount
use of org.bf2.cos.fleet.manager.model.ServiceAccount in project kas-fleetshard by bf2fc6cc711aee1a0c2a.
the class KafkaCluster method addKafkaAuthorizerConfig.
private void addKafkaAuthorizerConfig(ManagedKafka managedKafka, Map<String, Object> config) {
List<String> owners = managedKafka.getSpec().getOwners();
AtomicInteger aclCount = new AtomicInteger(0);
AtomicInteger aclLoggingCount = new AtomicInteger(0);
AccessControl aclConfig = getAclConfig(managedKafka);
final String configPrefix = aclConfig.getConfigPrefix();
final String allowedListenersKey = configPrefix + "allowed-listeners";
final String resourceOperationsKey = configPrefix + "resource-operations";
final String aclKeyPrefix = configPrefix + "acl";
final String aclLoggingKeyPrefix = aclKeyPrefix + ".logging";
final String aclKeyTemplate = aclKeyPrefix + ".%03d";
final String aclLoggingKeyTemplate = aclLoggingKeyPrefix + ".%03d";
// Deprecated option: Remove when canary, must-gather, and SRE are configured via ManagedKafka CR
if (aclConfig.allowedListeners != null) {
config.put(allowedListenersKey, aclConfig.allowedListeners);
}
if (aclConfig.getLoggingSuppressionWindow() != null) {
String key = aclLoggingKeyPrefix + ".suppressionWindow";
if (aclConfig.getLoggingSuppressionWindow().getDuration() != null) {
config.put(key + ".duration", aclConfig.getLoggingSuppressionWindow().getDuration());
}
if (aclConfig.getLoggingSuppressionWindow().getApis() != null) {
config.put(key + ".apis", aclConfig.getLoggingSuppressionWindow().getApis());
}
if (aclConfig.getLoggingSuppressionWindow().getEventCount() != null) {
config.put(key + ".eventCount", aclConfig.getLoggingSuppressionWindow().getEventCount());
}
}
addAcl(aclConfig.getGlobal(), "", aclKeyTemplate, aclCount, config);
addAcl(aclConfig.getLogging(), "", aclLoggingKeyTemplate, aclLoggingCount, config);
config.put(resourceOperationsKey, aclConfig.getResourceOperations());
for (String owner : owners) {
addAcl(aclConfig.getOwner(), owner, aclKeyTemplate, aclCount, config);
}
Objects.requireNonNullElse(managedKafka.getSpec().getServiceAccounts(), Collections.<ServiceAccount>emptyList()).stream().forEach(account -> {
String aclKey = String.format(SERVICE_ACCOUNT_KEY, account.getName());
applicationConfig.getOptionalValue(aclKey, String.class).ifPresent(acl -> addAcl(acl, account.getPrincipal(), aclKeyTemplate, aclCount, config));
});
}
Also used :
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AccessControl(org.bf2.operator.operands.KafkaInstanceConfiguration.AccessControl)
Example 4 with ServiceAccount
use of org.bf2.cos.fleet.manager.model.ServiceAccount in project kas-fleetshard by bf2fc6cc711aee1a0c2a.
the class KafkaCluster method addQuotaConfig.
private void addQuotaConfig(ManagedKafka managedKafka, Kafka current, Map<String, Object> config) {
config.put("client.quota.callback.class", IO_STRIMZI_KAFKA_QUOTA_STATIC_QUOTA_CALLBACK);
// Throttle at Ingress/Egress MB/sec per broker
config.put(QUOTA_PRODUCE, String.valueOf(getIngressBytes(managedKafka, current)));
config.put(QUOTA_FETCH, String.valueOf(getEgressBytes(managedKafka, current)));
// Start throttling when disk is above requested size. Full stop when only storageMinMargin is free.
Quantity maxDataRetentionSize = getAdjustedMaxDataRetentionSize(managedKafka, current);
long hardStorageLimit = Quantity.getAmountInBytes(maxDataRetentionSize).longValue() - Quantity.getAmountInBytes(storageMinMargin).longValue();
long softStorageLimit = Quantity.getAmountInBytes(maxDataRetentionSize).longValue() - getStoragePadding(managedKafka, current);
config.put("client.quota.callback.static.storage.soft", String.valueOf(softStorageLimit));
config.put("client.quota.callback.static.storage.hard", String.valueOf(hardStorageLimit));
// Check storage every storageCheckInterval seconds
config.put("client.quota.callback.static.storage.check-interval", String.valueOf(storageCheckInterval));
// Configure the quota plugin so that the canary is not subjected to the quota checks.
Optional<ServiceAccount> canaryServiceAccount = managedKafka.getServiceAccount(ServiceAccount.ServiceAccountName.Canary);
canaryServiceAccount.ifPresent(serviceAccount -> config.put("client.quota.callback.static.excluded.principal.name.list", serviceAccount.getPrincipal()));
config.put("quota.window.num", "30");
config.put("quota.window.size.seconds", "2");
}
Also used :
ServiceAccount(org.bf2.operator.resources.v1alpha1.ServiceAccount)
Quantity(io.fabric8.kubernetes.api.model.Quantity)
Aggregations
ServiceAccount (org.bf2.cos.fleet.manager.model.ServiceAccount)2
Quantity (io.fabric8.kubernetes.api.model.Quantity)1
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1
ConnectorDeployment (org.bf2.cos.fleet.manager.model.ConnectorDeployment)1
ConnectorDeploymentAllOfMetadata (org.bf2.cos.fleet.manager.model.ConnectorDeploymentAllOfMetadata)1
ConnectorDeploymentSpec (org.bf2.cos.fleet.manager.model.ConnectorDeploymentSpec)1
KafkaConnectionSettings (org.bf2.cos.fleet.manager.model.KafkaConnectionSettings)1
SchemaRegistryConnectionSettings (org.bf2.cos.fleet.manager.model.SchemaRegistryConnectionSettings)1
ServiceAccountSpec (org.bf2.cos.fleetshard.api.ServiceAccountSpec)1
ServiceAccountSpecBuilder (org.bf2.cos.fleetshard.api.ServiceAccountSpecBuilder)1
IncompleteConnectorSpecException (org.bf2.cos.fleetshard.operator.connector.IncompleteConnectorSpecException)1
AccessControl (org.bf2.operator.operands.KafkaInstanceConfiguration.AccessControl)1
ServiceAccount (org.bf2.operator.resources.v1alpha1.ServiceAccount)1
