Search in sources :

Example 1 with KAFKA_CLIENT_SECRET_KEY

use of org.bf2.cos.fleetshard.operator.debezium.DebeziumConstants.KAFKA_CLIENT_SECRET_KEY in project cos-fleetshard by bf2fc6cc711aee1a0c2a.

the class DebeziumOperandController method doReify.

@Override
protected List<HasMetadata> doReify(ManagedConnector connector, DebeziumShardMetadata shardMetadata, ConnectorConfiguration<ObjectNode, DebeziumDataShape> connectorConfiguration, ServiceAccountSpec serviceAccountSpec) {
    final Map<String, String> secretsData = createSecretsData(connectorConfiguration.getConnectorSpec());
    final Secret secret = new SecretBuilder().withMetadata(new ObjectMetaBuilder().withName(connector.getMetadata().getName() + Resources.CONNECTOR_SECRET_SUFFIX).build()).addToData(EXTERNAL_CONFIG_FILE, asBytesBase64(secretsData)).addToData(KAFKA_CLIENT_SECRET_KEY, serviceAccountSpec.getClientSecret()).build();
    ConfigMap kafkaConnectMetricsConfigMap = new ConfigMapBuilder().withNewMetadata().withName(connector.getMetadata().getName() + KAFKA_CONNECT_METRICS_CONFIGMAP_NAME_SUFFIX).endMetadata().addToData(METRICS_CONFIG_FILENAME, METRICS_CONFIG).build();
    final KafkaConnectSpecBuilder kcsb = new KafkaConnectSpecBuilder().withReplicas(1).withBootstrapServers(connector.getSpec().getDeployment().getKafka().getUrl()).withKafkaClientAuthenticationPlain(new KafkaClientAuthenticationPlainBuilder().withUsername(serviceAccountSpec.getClientId()).withPasswordSecret(new PasswordSecretSourceBuilder().withSecretName(secret.getMetadata().getName()).withPassword(KAFKA_CLIENT_SECRET_KEY).build()).build()).addToConfig(DebeziumConstants.DEFAULT_CONFIG_OPTIONS).addToConfig(new TreeMap<>(configuration.kafkaConnect().config())).addToConfig("group.id", connector.getMetadata().getName()).addToConfig(KeyAndValueConverters.getConfig(connectorConfiguration.getDataShapeSpec(), connector, serviceAccountSpec)).addToConfig("offset.storage.topic", connector.getMetadata().getName() + "-offset").addToConfig("config.storage.topic", connector.getMetadata().getName() + "-config").addToConfig("status.storage.topic", connector.getMetadata().getName() + "-status").addToConfig("topic.creation.enable", "true").addToConfig("connector.secret.name", secret.getMetadata().getName()).addToConfig("connector.secret.checksum", Secrets.computeChecksum(secret)).withTls(new ClientTlsBuilder().withTrustedCertificates(Collections.emptyList()).build()).withTemplate(new KafkaConnectTemplateBuilder().withPod(new PodTemplateBuilder().withImagePullSecrets(configuration.imagePullSecretsName()).build()).build()).withJmxPrometheusExporterMetricsConfig(new JmxPrometheusExporterMetricsBuilder().withValueFrom(new ExternalConfigurationReferenceBuilder().withNewConfigMapKeyRef(METRICS_CONFIG_FILENAME, kafkaConnectMetricsConfigMap.getMetadata().getName(), false).build()).build()).withExternalConfiguration(new ExternalConfigurationBuilder().addToVolumes(new ExternalConfigurationVolumeSourceBuilder().withName(EXTERNAL_CONFIG_DIRECTORY).withSecret(new SecretVolumeSourceBuilder().withSecretName(secret.getMetadata().getName()).build()).build()).build()).withResources(new ResourceRequirementsBuilder().addToRequests("cpu", new Quantity("10m")).addToRequests("memory", new Quantity("256Mi")).addToLimits("cpu", new Quantity("500m")).addToLimits("memory", new Quantity("1Gi")).build());
    kcsb.withImage(shardMetadata.getContainerImage());
    final KafkaConnect kc = new KafkaConnectBuilder().withApiVersion(Constants.RESOURCE_GROUP_NAME + "/" + KafkaConnect.CONSUMED_VERSION).withMetadata(new ObjectMetaBuilder().withName(connector.getMetadata().getName()).addToAnnotations(STRIMZI_IO_USE_CONNECTOR_RESOURCES, "true").build()).withSpec(kcsb.build()).build();
    Map<String, Object> connectorConfig = createConfig(configuration, connectorConfiguration.getConnectorSpec());
    // handle connector config defaults
    switch(shardMetadata.getConnectorClass()) {
        case CLASS_NAME_POSTGRES_CONNECTOR:
            if (!connectorConfig.containsKey(CONFIG_OPTION_POSTGRES_PLUGIN_NAME)) {
                connectorConfig.put(CONFIG_OPTION_POSTGRES_PLUGIN_NAME, PLUGIN_NAME_PGOUTPUT);
            }
            break;
        default:
            break;
    }
    if (isDatabaseHistorySupported(shardMetadata)) {
        final Map<String, Object> databaseHistoryConfigs = new LinkedHashMap<>();
        databaseHistoryConfigs.put("database.history.kafka.bootstrap.servers", connector.getSpec().getDeployment().getKafka().getUrl());
        databaseHistoryConfigs.put("database.history.kafka.topic", connector.getMetadata().getName() + "-database-history");
        databaseHistoryConfigs.put("database.history.producer.security.protocol", "SASL_SSL");
        databaseHistoryConfigs.put("database.history.consumer.security.protocol", "SASL_SSL");
        databaseHistoryConfigs.put("database.history.producer.sasl.mechanism", "PLAIN");
        databaseHistoryConfigs.put("database.history.consumer.sasl.mechanism", "PLAIN");
        databaseHistoryConfigs.put("database.history.producer.sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + serviceAccountSpec.getClientId() + "\" password=\"" + "${dir:/opt/kafka/external-configuration/" + EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
        databaseHistoryConfigs.put("database.history.consumer.sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + serviceAccountSpec.getClientId() + "\" password=\"" + "${dir:/opt/kafka/external-configuration/" + EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
        connectorConfig.putAll(databaseHistoryConfigs);
    }
    final KafkaConnector kctr = new KafkaConnectorBuilder().withApiVersion(Constants.RESOURCE_GROUP_NAME + "/" + KafkaConnector.CONSUMED_VERSION).withMetadata(new ObjectMetaBuilder().withName(connector.getMetadata().getName()).addToLabels(STRIMZI_DOMAIN + "cluster", connector.getMetadata().getName()).build()).withSpec(new KafkaConnectorSpecBuilder().withClassName(shardMetadata.getConnectorClass()).withTasksMax(1).withPause(false).withConfig(connectorConfig).addToConfig("topic.creation.default.replication.factor", -1).addToConfig("topic.creation.default.partitions", -1).addToConfig("topic.creation.default.cleanup.policy", "compact").addToConfig("topic.creation.default.compression.type", "lz4").addToConfig("topic.creation.default.delete.retention.ms", 2_678_400_000L).build()).build();
    return List.of(secret, kafkaConnectMetricsConfigMap, kc, kctr);
}
Also used : PodTemplateBuilder(io.strimzi.api.kafka.model.template.PodTemplateBuilder) KafkaConnectTemplateBuilder(io.strimzi.api.kafka.model.template.KafkaConnectTemplateBuilder) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) DebeziumOperandSupport.lookupKafkaConnect(org.bf2.cos.fleetshard.operator.debezium.DebeziumOperandSupport.lookupKafkaConnect) PasswordSecretSourceBuilder(io.strimzi.api.kafka.model.PasswordSecretSourceBuilder) LinkedHashMap(java.util.LinkedHashMap) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) ClientTlsBuilder(io.strimzi.api.kafka.model.ClientTlsBuilder) KafkaConnectorSpecBuilder(io.strimzi.api.kafka.model.KafkaConnectorSpecBuilder) ConfigMapBuilder(io.fabric8.kubernetes.api.model.ConfigMapBuilder) KafkaClientAuthenticationPlainBuilder(io.strimzi.api.kafka.model.authentication.KafkaClientAuthenticationPlainBuilder) KafkaConnector(io.strimzi.api.kafka.model.KafkaConnector) KafkaConnectSpecBuilder(io.strimzi.api.kafka.model.KafkaConnectSpecBuilder) SecretVolumeSourceBuilder(io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) ExternalConfigurationBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationBuilder) ExternalConfigurationVolumeSourceBuilder(io.strimzi.api.kafka.model.connect.ExternalConfigurationVolumeSourceBuilder) Quantity(io.fabric8.kubernetes.api.model.Quantity) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) TreeMap(java.util.TreeMap) Secret(io.fabric8.kubernetes.api.model.Secret) ExternalConfigurationReferenceBuilder(io.strimzi.api.kafka.model.ExternalConfigurationReferenceBuilder) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaConnectorBuilder(io.strimzi.api.kafka.model.KafkaConnectorBuilder)

Example 2 with KAFKA_CLIENT_SECRET_KEY

use of org.bf2.cos.fleetshard.operator.debezium.DebeziumConstants.KAFKA_CLIENT_SECRET_KEY in project cos-fleetshard by bf2fc6cc711aee1a0c2a.

the class DebeziumOperandControllerTest method reify.

void reify(String connectorClass, ObjectNode connectorConfig, Consumer<KafkaConnect> kafkaConnectChecks) {
    KubernetesClient kubernetesClient = Mockito.mock(KubernetesClient.class);
    DebeziumOperandController controller = new DebeziumOperandController(kubernetesClient, CONFIGURATION);
    var resources = controller.doReify(new ManagedConnectorBuilder().withMetadata(new ObjectMetaBuilder().withName(DEFAULT_MANAGED_CONNECTOR_ID).withUid(MANAGED_CONNECTOR_UID).build()).withSpec(new ManagedConnectorSpecBuilder().withConnectorId(DEFAULT_MANAGED_CONNECTOR_ID).withDeploymentId(DEFAULT_DEPLOYMENT_ID).withDeployment(new DeploymentSpecBuilder().withConnectorTypeId(DEFAULT_CONNECTOR_TYPE_ID).withSecret("secret").withKafka(new KafkaSpecBuilder().withUrl(DEFAULT_KAFKA_SERVER).build()).withNewSchemaRegistry(SCHEMA_REGISTRY_ID, SCHEMA_REGISTRY_URL).withConnectorResourceVersion(DEFAULT_CONNECTOR_REVISION).withDeploymentResourceVersion(DEFAULT_DEPLOYMENT_REVISION).withDesiredState(DESIRED_STATE_READY).build()).build()).build(), new org.bf2.cos.fleetshard.operator.debezium.DebeziumShardMetadataBuilder().withContainerImage(DEFAULT_CONNECTOR_IMAGE).withConnectorClass(connectorClass).build(), new ConnectorConfiguration<>(connectorConfig, ObjectNode.class, DebeziumDataShape.class), new ServiceAccountSpecBuilder().withClientId(CLIENT_ID).withClientSecret(CLIENT_SECRET).build());
    assertThat(resources).anyMatch(DebeziumOperandSupport::isKafkaConnect).anyMatch(DebeziumOperandSupport::isKafkaConnector).anyMatch(DebeziumOperandSupport::isSecret).anyMatch(DebeziumOperandSupport::isConfigMap);
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kc -> {
        assertThat(kc.getSpec().getImage()).isEqualTo(DEFAULT_CONNECTOR_IMAGE);
        assertThat(kc.getSpec().getTemplate().getPod().getImagePullSecrets()).contains(CONFIGURATION.imagePullSecretsName());
        assertThat(kc.getSpec().getMetricsConfig().getType()).isEqualTo("jmxPrometheusExporter");
        assertThat(kc.getSpec().getMetricsConfig()).isInstanceOfSatisfying(JmxPrometheusExporterMetrics.class, jmxMetricsConfig -> {
            assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getKey()).isEqualTo(DebeziumOperandController.METRICS_CONFIG_FILENAME);
            assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getName()).isEqualTo(DEFAULT_MANAGED_CONNECTOR_ID + DebeziumOperandController.KAFKA_CONNECT_METRICS_CONFIGMAP_NAME_SUFFIX);
        });
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isConfigMap).hasSize(1).first().isInstanceOfSatisfying(ConfigMap.class, configMap -> {
        assertThat(configMap.getData()).containsKey(DebeziumOperandController.METRICS_CONFIG_FILENAME);
        assertThat(configMap.getData().get(DebeziumOperandController.METRICS_CONFIG_FILENAME)).isEqualTo(DebeziumOperandController.METRICS_CONFIG);
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnector).hasSize(1).first().isInstanceOfSatisfying(KafkaConnector.class, kctr -> {
        assertThat(kctr.getSpec().getConfig()).containsEntry("database.password", "${file:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + "/" + EXTERNAL_CONFIG_FILE + ":database.password}");
        if (PG_CLASS.equals(connectorClass)) {
            // Specifically test the plugin name for PostgreSQL
            assertThat(kctr.getSpec().getConfig().get(DebeziumOperandController.CONFIG_OPTION_POSTGRES_PLUGIN_NAME)).isEqualTo(DebeziumOperandController.PLUGIN_NAME_PGOUTPUT);
        }
        if (MYSQL_CLASS.equals(connectorClass)) {
            // Specifically test database history does not pass secrets directly
            assertThat(kctr.getSpec().getConfig().get("database.history.consumer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
            assertThat(kctr.getSpec().getConfig().get("database.history.producer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
        }
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kafkaConnectChecks);
}
Also used : DeploymentSpecBuilder(org.bf2.cos.fleetshard.api.DeploymentSpecBuilder) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) ManagedConnectorSpecBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorSpecBuilder) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ManagedConnectorBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorBuilder) DebeziumDataShape(org.bf2.cos.fleetshard.operator.debezium.model.DebeziumDataShape) KafkaSpecBuilder(org.bf2.cos.fleetshard.api.KafkaSpecBuilder) ServiceAccountSpecBuilder(org.bf2.cos.fleetshard.api.ServiceAccountSpecBuilder)

Aggregations

ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)2 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)1 ConfigMapBuilder (io.fabric8.kubernetes.api.model.ConfigMapBuilder)1 Quantity (io.fabric8.kubernetes.api.model.Quantity)1 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)1 Secret (io.fabric8.kubernetes.api.model.Secret)1 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)1 SecretVolumeSourceBuilder (io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder)1 KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)1 ClientTlsBuilder (io.strimzi.api.kafka.model.ClientTlsBuilder)1 ExternalConfigurationReferenceBuilder (io.strimzi.api.kafka.model.ExternalConfigurationReferenceBuilder)1 JmxPrometheusExporterMetricsBuilder (io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder)1 KafkaConnect (io.strimzi.api.kafka.model.KafkaConnect)1 KafkaConnectBuilder (io.strimzi.api.kafka.model.KafkaConnectBuilder)1 KafkaConnectSpecBuilder (io.strimzi.api.kafka.model.KafkaConnectSpecBuilder)1 KafkaConnector (io.strimzi.api.kafka.model.KafkaConnector)1 KafkaConnectorBuilder (io.strimzi.api.kafka.model.KafkaConnectorBuilder)1 KafkaConnectorSpecBuilder (io.strimzi.api.kafka.model.KafkaConnectorSpecBuilder)1 PasswordSecretSourceBuilder (io.strimzi.api.kafka.model.PasswordSecretSourceBuilder)1