use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.
the class ConnectorTestSupport method fleetShard.
public static FleetShardClient fleetShard(String clusterId, Collection<ManagedConnector> connectors, Collection<Secret> secrets) {
Map<String, ManagedConnector> allConnectors = connectors.stream().collect(Collectors.toMap(e -> e.getMetadata().getName(), Function.identity()));
Map<String, Secret> allSecrets = secrets.stream().collect(Collectors.toMap(e -> e.getMetadata().getName(), Function.identity()));
FleetShardClient answer = Mockito.mock(FleetShardClient.class);
when(answer.getClusterId()).thenAnswer(invocation -> clusterId);
when(answer.getConnector(any(ConnectorDeployment.class))).thenAnswer(invocation -> {
return lookupConnector(allConnectors.values(), clusterId, invocation.getArgument(0));
});
when(answer.getSecret(any(ConnectorDeployment.class))).thenAnswer(invocation -> {
return lookupSecret(allSecrets.values(), clusterId, invocation.getArgument(0));
});
when(answer.createConnector(any(ManagedConnector.class))).thenAnswer(invocation -> {
var arg = invocation.getArgument(0, ManagedConnector.class);
allConnectors.put(arg.getMetadata().getName(), arg);
return arg;
});
when(answer.createSecret(any(Secret.class))).thenAnswer(invocation -> {
var arg = invocation.getArgument(0, Secret.class);
allSecrets.put(arg.getMetadata().getName(), arg);
return arg;
});
when(answer.getOrCreateManagedConnectorCluster()).thenAnswer(invocation -> {
return new ManagedConnectorClusterBuilder().withMetadata(new ObjectMetaBuilder().withName(Clusters.CONNECTOR_CLUSTER_PREFIX + "-" + clusterId).addToLabels(Resources.LABEL_CLUSTER_ID, clusterId).build()).withSpec(new ManagedConnectorClusterSpecBuilder().withClusterId(clusterId).build()).build();
});
return answer;
}
use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.
the class NamespaceProvisionerTest method nameIsSanitized.
@Test
void nameIsSanitized() {
//
// Given that no resources associated to the provided deployment exist
//
final ConnectorNamespace namespace = new ConnectorNamespace();
namespace.id(uid());
namespace.name("--eval");
ConnectorNamespaceTenant tenant = new ConnectorNamespaceTenant().id(uid()).kind(ConnectorNamespaceTenantKind.ORGANISATION);
namespace.setStatus(new ConnectorNamespaceStatus1().state(ConnectorNamespaceState.READY).connectorsDeployed(0));
namespace.setTenant(tenant);
namespace.setExpiration(new Date().toString());
final List<ManagedConnector> connectors = List.of();
final List<Secret> secrets = List.of();
final FleetShardClient fleetShard = ConnectorTestSupport.fleetShard(CLUSTER_ID, connectors, secrets);
final FleetManagerClient fleetManager = ConnectorTestSupport.fleetManagerClient();
final FleetShardSyncConfig config = ConnectorTestSupport.config();
final MeterRegistry registry = Mockito.mock(MeterRegistry.class);
final ConnectorNamespaceProvisioner provisioner = new ConnectorNamespaceProvisioner(config, fleetShard, fleetManager, registry);
final ArgumentCaptor<Namespace> nc = ArgumentCaptor.forClass(Namespace.class);
//
// When deployment is applied
//
provisioner.provision(namespace);
verify(fleetShard).createNamespace(nc.capture());
//
// Then resources must be created according to the deployment
//
assertThat(nc.getValue()).satisfies(val -> {
assertThat(val.getMetadata().getLabels()).containsEntry(LABEL_KUBERNETES_NAME, "a--eval");
});
}
use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.
the class DebeziumOperandControllerTest method reify.
void reify(String connectorClass, ObjectNode connectorConfig, Consumer<KafkaConnect> kafkaConnectChecks) {
KubernetesClient kubernetesClient = Mockito.mock(KubernetesClient.class);
DebeziumOperandController controller = new DebeziumOperandController(kubernetesClient, CONFIGURATION);
var resources = controller.doReify(new ManagedConnectorBuilder().withMetadata(new ObjectMetaBuilder().withName(DEFAULT_MANAGED_CONNECTOR_ID).withUid(MANAGED_CONNECTOR_UID).build()).withSpec(new ManagedConnectorSpecBuilder().withConnectorId(DEFAULT_MANAGED_CONNECTOR_ID).withDeploymentId(DEFAULT_DEPLOYMENT_ID).withDeployment(new DeploymentSpecBuilder().withConnectorTypeId(DEFAULT_CONNECTOR_TYPE_ID).withSecret("secret").withKafka(new KafkaSpecBuilder().withUrl(DEFAULT_KAFKA_SERVER).build()).withNewSchemaRegistry(SCHEMA_REGISTRY_ID, SCHEMA_REGISTRY_URL).withConnectorResourceVersion(DEFAULT_CONNECTOR_REVISION).withDeploymentResourceVersion(DEFAULT_DEPLOYMENT_REVISION).withDesiredState(DESIRED_STATE_READY).build()).build()).build(), new org.bf2.cos.fleetshard.operator.debezium.DebeziumShardMetadataBuilder().withContainerImage(DEFAULT_CONNECTOR_IMAGE).withConnectorClass(connectorClass).build(), new ConnectorConfiguration<>(connectorConfig, ObjectNode.class, DebeziumDataShape.class), new ServiceAccountSpecBuilder().withClientId(CLIENT_ID).withClientSecret(CLIENT_SECRET).build());
assertThat(resources).anyMatch(DebeziumOperandSupport::isKafkaConnect).anyMatch(DebeziumOperandSupport::isKafkaConnector).anyMatch(DebeziumOperandSupport::isSecret).anyMatch(DebeziumOperandSupport::isConfigMap);
assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kc -> {
assertThat(kc.getSpec().getImage()).isEqualTo(DEFAULT_CONNECTOR_IMAGE);
assertThat(kc.getSpec().getTemplate().getPod().getImagePullSecrets()).contains(CONFIGURATION.imagePullSecretsName());
assertThat(kc.getSpec().getMetricsConfig().getType()).isEqualTo("jmxPrometheusExporter");
assertThat(kc.getSpec().getMetricsConfig()).isInstanceOfSatisfying(JmxPrometheusExporterMetrics.class, jmxMetricsConfig -> {
assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getKey()).isEqualTo(DebeziumOperandController.METRICS_CONFIG_FILENAME);
assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getName()).isEqualTo(DEFAULT_MANAGED_CONNECTOR_ID + DebeziumOperandController.KAFKA_CONNECT_METRICS_CONFIGMAP_NAME_SUFFIX);
});
});
assertThat(resources).filteredOn(DebeziumOperandSupport::isConfigMap).hasSize(1).first().isInstanceOfSatisfying(ConfigMap.class, configMap -> {
assertThat(configMap.getData()).containsKey(DebeziumOperandController.METRICS_CONFIG_FILENAME);
assertThat(configMap.getData().get(DebeziumOperandController.METRICS_CONFIG_FILENAME)).isEqualTo(DebeziumOperandController.METRICS_CONFIG);
});
assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnector).hasSize(1).first().isInstanceOfSatisfying(KafkaConnector.class, kctr -> {
assertThat(kctr.getSpec().getConfig()).containsEntry("database.password", "${file:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + "/" + EXTERNAL_CONFIG_FILE + ":database.password}");
if (PG_CLASS.equals(connectorClass)) {
// Specifically test the plugin name for PostgreSQL
assertThat(kctr.getSpec().getConfig().get(DebeziumOperandController.CONFIG_OPTION_POSTGRES_PLUGIN_NAME)).isEqualTo(DebeziumOperandController.PLUGIN_NAME_PGOUTPUT);
}
if (MYSQL_CLASS.equals(connectorClass)) {
// Specifically test database history does not pass secrets directly
assertThat(kctr.getSpec().getConfig().get("database.history.consumer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
assertThat(kctr.getSpec().getConfig().get("database.history.producer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
}
});
assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kafkaConnectChecks);
}
use of org.bf2.cos.fleetshard.support.resources.Secrets in project kas-fleetshard by bf2fc6cc711aee1a0c2a.
the class KeycloakOperatorManager method installKeycloak.
public static CompletableFuture<Void> installKeycloak(KubeClient kubeClient) throws Exception {
if (SystemTestEnvironment.INSTALL_KEYCLOAK) {
LOGGER.info("Installing Keycloak : {}", OPERATOR_NS);
kubeClient.client().namespaces().createOrReplace(new NamespaceBuilder().withNewMetadata().withName(OPERATOR_NS).endMetadata().build());
SecurityUtils.TlsConfig tls = SecurityUtils.getTLSConfig(OPERATOR_NS + ".svc");
Secret keycloakCert = new SecretBuilder().withNewMetadata().withName("sso-x509-https-secret").withNamespace(OPERATOR_NS).endMetadata().withType("kubernetes.io/tls").withData(Map.of("tls.crt", new String(Base64.getEncoder().encode(tls.getCert().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8), "tls.key", new String(Base64.getEncoder().encode(tls.getKey().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8))).build();
kubeClient.client().secrets().inNamespace(OPERATOR_NS).createOrReplace(keycloakCert);
List<String> keycloakInstallFiles = Arrays.asList("https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/service_account.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/role_binding.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/role.yaml", "https://raw.githubusercontent.com/keycloak/keycloak-operator/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/cluster_roles/cluster_role_binding.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/cluster_roles/cluster_role.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakbackups_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakclients_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakrealms_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloaks_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakusers_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/operator.yaml");
for (String urlString : keycloakInstallFiles) {
URL url = new URL(urlString);
INSTALLED_RESOURCES.add(kubeClient.client().load(url.openStream()).get().get(0));
}
for (HasMetadata resource : INSTALLED_RESOURCES) {
resource.getMetadata().setNamespace(OPERATOR_NS);
kubeClient.client().resource(resource).inNamespace(OPERATOR_NS).createOrReplace();
}
kubeClient.cmdClient().namespace(OPERATOR_NS).execInCurrentNamespace("apply", "-f", Paths.get(Environment.SUITE_ROOT, "src", "main", "resources", "keycloak.yml").toAbsolutePath().toString());
LOGGER.info("Done installing Keycloak : {}", OPERATOR_NS);
return TestUtils.asyncWaitFor("Keycloak instance ready", 1_000, 600_000, () -> TestUtils.isPodReady(KubeClient.getInstance().client().pods().inNamespace(OPERATOR_NS).list().getItems().stream().filter(pod -> pod.getMetadata().getName().contains("keycloak-0")).findFirst().orElse(null)));
} else {
LOGGER.info("Keycloak is not installed suite will use values from env vars for oauth");
return CompletableFuture.completedFuture(null);
}
}
Aggregations