Search in sources :

Example 6 with Secrets

use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.

the class ConnectorTestSupport method fleetShard.

public static FleetShardClient fleetShard(String clusterId, Collection<ManagedConnector> connectors, Collection<Secret> secrets) {
    Map<String, ManagedConnector> allConnectors = connectors.stream().collect(Collectors.toMap(e -> e.getMetadata().getName(), Function.identity()));
    Map<String, Secret> allSecrets = secrets.stream().collect(Collectors.toMap(e -> e.getMetadata().getName(), Function.identity()));
    FleetShardClient answer = Mockito.mock(FleetShardClient.class);
    when(answer.getClusterId()).thenAnswer(invocation -> clusterId);
    when(answer.getConnector(any(ConnectorDeployment.class))).thenAnswer(invocation -> {
        return lookupConnector(allConnectors.values(), clusterId, invocation.getArgument(0));
    });
    when(answer.getSecret(any(ConnectorDeployment.class))).thenAnswer(invocation -> {
        return lookupSecret(allSecrets.values(), clusterId, invocation.getArgument(0));
    });
    when(answer.createConnector(any(ManagedConnector.class))).thenAnswer(invocation -> {
        var arg = invocation.getArgument(0, ManagedConnector.class);
        allConnectors.put(arg.getMetadata().getName(), arg);
        return arg;
    });
    when(answer.createSecret(any(Secret.class))).thenAnswer(invocation -> {
        var arg = invocation.getArgument(0, Secret.class);
        allSecrets.put(arg.getMetadata().getName(), arg);
        return arg;
    });
    when(answer.getOrCreateManagedConnectorCluster()).thenAnswer(invocation -> {
        return new ManagedConnectorClusterBuilder().withMetadata(new ObjectMetaBuilder().withName(Clusters.CONNECTOR_CLUSTER_PREFIX + "-" + clusterId).addToLabels(Resources.LABEL_CLUSTER_ID, clusterId).build()).withSpec(new ManagedConnectorClusterSpecBuilder().withClusterId(clusterId).build()).build();
    });
    return answer;
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) ManagedConnectorClusterBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorClusterBuilder) JsonProperty(com.fasterxml.jackson.annotation.JsonProperty) Connectors(org.bf2.cos.fleetshard.support.resources.Connectors) Secrets(org.bf2.cos.fleetshard.support.resources.Secrets) Secrets.toBase64(org.bf2.cos.fleetshard.support.resources.Secrets.toBase64) ConnectorDeploymentSpec(org.bf2.cos.fleet.manager.model.ConnectorDeploymentSpec) Function(java.util.function.Function) Supplier(java.util.function.Supplier) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) Resources.uid(org.bf2.cos.fleetshard.support.resources.Resources.uid) Serialization(io.fabric8.kubernetes.client.utils.Serialization) Map(java.util.Map) FleetShardClient(org.bf2.cos.fleetshard.sync.client.FleetShardClient) JsonNode(com.fasterxml.jackson.databind.JsonNode) ConnectorDeploymentAllOfMetadata(org.bf2.cos.fleet.manager.model.ConnectorDeploymentAllOfMetadata) ServiceAccount(org.bf2.cos.fleet.manager.model.ServiceAccount) ManagedConnector(org.bf2.cos.fleetshard.api.ManagedConnector) Clusters(org.bf2.cos.fleetshard.support.resources.Clusters) ConnectorDesiredState(org.bf2.cos.fleet.manager.model.ConnectorDesiredState) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) SchemaRegistryConnectionSettings(org.bf2.cos.fleet.manager.model.SchemaRegistryConnectionSettings) Collection(java.util.Collection) KafkaConnectionSettings(org.bf2.cos.fleet.manager.model.KafkaConnectionSettings) UUID(java.util.UUID) FleetShardSyncConfig(org.bf2.cos.fleetshard.sync.FleetShardSyncConfig) Mockito.when(org.mockito.Mockito.when) ConnectorDeployment(org.bf2.cos.fleet.manager.model.ConnectorDeployment) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) Consumer(java.util.function.Consumer) Mockito(org.mockito.Mockito) List(java.util.List) FleetManagerClient(org.bf2.cos.fleetshard.sync.client.FleetManagerClient) Optional(java.util.Optional) JsonInclude(com.fasterxml.jackson.annotation.JsonInclude) Secret(io.fabric8.kubernetes.api.model.Secret) ManagedConnectorCluster(org.bf2.cos.fleetshard.api.ManagedConnectorCluster) ManagedConnectorClusterSpecBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorClusterSpecBuilder) Collections(java.util.Collections) Resources(org.bf2.cos.fleetshard.support.resources.Resources) Secret(io.fabric8.kubernetes.api.model.Secret) FleetShardClient(org.bf2.cos.fleetshard.sync.client.FleetShardClient) ConnectorDeployment(org.bf2.cos.fleet.manager.model.ConnectorDeployment) ManagedConnectorClusterBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorClusterBuilder) ManagedConnector(org.bf2.cos.fleetshard.api.ManagedConnector) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ManagedConnectorClusterSpecBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorClusterSpecBuilder)

Example 7 with Secrets

use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.

the class NamespaceProvisionerTest method nameIsSanitized.

@Test
void nameIsSanitized() {
    // 
    // Given that no resources associated to the provided deployment exist
    // 
    final ConnectorNamespace namespace = new ConnectorNamespace();
    namespace.id(uid());
    namespace.name("--eval");
    ConnectorNamespaceTenant tenant = new ConnectorNamespaceTenant().id(uid()).kind(ConnectorNamespaceTenantKind.ORGANISATION);
    namespace.setStatus(new ConnectorNamespaceStatus1().state(ConnectorNamespaceState.READY).connectorsDeployed(0));
    namespace.setTenant(tenant);
    namespace.setExpiration(new Date().toString());
    final List<ManagedConnector> connectors = List.of();
    final List<Secret> secrets = List.of();
    final FleetShardClient fleetShard = ConnectorTestSupport.fleetShard(CLUSTER_ID, connectors, secrets);
    final FleetManagerClient fleetManager = ConnectorTestSupport.fleetManagerClient();
    final FleetShardSyncConfig config = ConnectorTestSupport.config();
    final MeterRegistry registry = Mockito.mock(MeterRegistry.class);
    final ConnectorNamespaceProvisioner provisioner = new ConnectorNamespaceProvisioner(config, fleetShard, fleetManager, registry);
    final ArgumentCaptor<Namespace> nc = ArgumentCaptor.forClass(Namespace.class);
    // 
    // When deployment is applied
    // 
    provisioner.provision(namespace);
    verify(fleetShard).createNamespace(nc.capture());
    // 
    // Then resources must be created according to the deployment
    // 
    assertThat(nc.getValue()).satisfies(val -> {
        assertThat(val.getMetadata().getLabels()).containsEntry(LABEL_KUBERNETES_NAME, "a--eval");
    });
}
Also used : FleetShardClient(org.bf2.cos.fleetshard.sync.client.FleetShardClient) ConnectorNamespace(org.bf2.cos.fleet.manager.model.ConnectorNamespace) ConnectorNamespaceStatus1(org.bf2.cos.fleet.manager.model.ConnectorNamespaceStatus1) ManagedConnector(org.bf2.cos.fleetshard.api.ManagedConnector) ConnectorNamespaceProvisioner(org.bf2.cos.fleetshard.sync.resources.ConnectorNamespaceProvisioner) Date(java.util.Date) ConnectorNamespace(org.bf2.cos.fleet.manager.model.ConnectorNamespace) Namespace(io.fabric8.kubernetes.api.model.Namespace) MeterRegistry(io.micrometer.core.instrument.MeterRegistry) Secret(io.fabric8.kubernetes.api.model.Secret) FleetManagerClient(org.bf2.cos.fleetshard.sync.client.FleetManagerClient) FleetShardSyncConfig(org.bf2.cos.fleetshard.sync.FleetShardSyncConfig) ConnectorNamespaceTenant(org.bf2.cos.fleet.manager.model.ConnectorNamespaceTenant) Test(org.junit.jupiter.api.Test)

Example 8 with Secrets

use of org.bf2.cos.fleetshard.support.resources.Secrets in project cos-fleetshard by bf2fc6cc711aee1a0c2a.

the class DebeziumOperandControllerTest method reify.

void reify(String connectorClass, ObjectNode connectorConfig, Consumer<KafkaConnect> kafkaConnectChecks) {
    KubernetesClient kubernetesClient = Mockito.mock(KubernetesClient.class);
    DebeziumOperandController controller = new DebeziumOperandController(kubernetesClient, CONFIGURATION);
    var resources = controller.doReify(new ManagedConnectorBuilder().withMetadata(new ObjectMetaBuilder().withName(DEFAULT_MANAGED_CONNECTOR_ID).withUid(MANAGED_CONNECTOR_UID).build()).withSpec(new ManagedConnectorSpecBuilder().withConnectorId(DEFAULT_MANAGED_CONNECTOR_ID).withDeploymentId(DEFAULT_DEPLOYMENT_ID).withDeployment(new DeploymentSpecBuilder().withConnectorTypeId(DEFAULT_CONNECTOR_TYPE_ID).withSecret("secret").withKafka(new KafkaSpecBuilder().withUrl(DEFAULT_KAFKA_SERVER).build()).withNewSchemaRegistry(SCHEMA_REGISTRY_ID, SCHEMA_REGISTRY_URL).withConnectorResourceVersion(DEFAULT_CONNECTOR_REVISION).withDeploymentResourceVersion(DEFAULT_DEPLOYMENT_REVISION).withDesiredState(DESIRED_STATE_READY).build()).build()).build(), new org.bf2.cos.fleetshard.operator.debezium.DebeziumShardMetadataBuilder().withContainerImage(DEFAULT_CONNECTOR_IMAGE).withConnectorClass(connectorClass).build(), new ConnectorConfiguration<>(connectorConfig, ObjectNode.class, DebeziumDataShape.class), new ServiceAccountSpecBuilder().withClientId(CLIENT_ID).withClientSecret(CLIENT_SECRET).build());
    assertThat(resources).anyMatch(DebeziumOperandSupport::isKafkaConnect).anyMatch(DebeziumOperandSupport::isKafkaConnector).anyMatch(DebeziumOperandSupport::isSecret).anyMatch(DebeziumOperandSupport::isConfigMap);
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kc -> {
        assertThat(kc.getSpec().getImage()).isEqualTo(DEFAULT_CONNECTOR_IMAGE);
        assertThat(kc.getSpec().getTemplate().getPod().getImagePullSecrets()).contains(CONFIGURATION.imagePullSecretsName());
        assertThat(kc.getSpec().getMetricsConfig().getType()).isEqualTo("jmxPrometheusExporter");
        assertThat(kc.getSpec().getMetricsConfig()).isInstanceOfSatisfying(JmxPrometheusExporterMetrics.class, jmxMetricsConfig -> {
            assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getKey()).isEqualTo(DebeziumOperandController.METRICS_CONFIG_FILENAME);
            assertThat(jmxMetricsConfig.getValueFrom().getConfigMapKeyRef().getName()).isEqualTo(DEFAULT_MANAGED_CONNECTOR_ID + DebeziumOperandController.KAFKA_CONNECT_METRICS_CONFIGMAP_NAME_SUFFIX);
        });
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isConfigMap).hasSize(1).first().isInstanceOfSatisfying(ConfigMap.class, configMap -> {
        assertThat(configMap.getData()).containsKey(DebeziumOperandController.METRICS_CONFIG_FILENAME);
        assertThat(configMap.getData().get(DebeziumOperandController.METRICS_CONFIG_FILENAME)).isEqualTo(DebeziumOperandController.METRICS_CONFIG);
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnector).hasSize(1).first().isInstanceOfSatisfying(KafkaConnector.class, kctr -> {
        assertThat(kctr.getSpec().getConfig()).containsEntry("database.password", "${file:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + "/" + EXTERNAL_CONFIG_FILE + ":database.password}");
        if (PG_CLASS.equals(connectorClass)) {
            // Specifically test the plugin name for PostgreSQL
            assertThat(kctr.getSpec().getConfig().get(DebeziumOperandController.CONFIG_OPTION_POSTGRES_PLUGIN_NAME)).isEqualTo(DebeziumOperandController.PLUGIN_NAME_PGOUTPUT);
        }
        if (MYSQL_CLASS.equals(connectorClass)) {
            // Specifically test database history does not pass secrets directly
            assertThat(kctr.getSpec().getConfig().get("database.history.consumer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
            assertThat(kctr.getSpec().getConfig().get("database.history.producer.sasl.jaas.config")).isEqualTo("org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + CLIENT_ID + "\" password=\"${dir:/opt/kafka/external-configuration/" + DebeziumConstants.EXTERNAL_CONFIG_DIRECTORY + ":" + KAFKA_CLIENT_SECRET_KEY + "}\";");
        }
    });
    assertThat(resources).filteredOn(DebeziumOperandSupport::isKafkaConnect).hasSize(1).first().isInstanceOfSatisfying(KafkaConnect.class, kafkaConnectChecks);
}
Also used : DeploymentSpecBuilder(org.bf2.cos.fleetshard.api.DeploymentSpecBuilder) KubernetesClient(io.fabric8.kubernetes.client.KubernetesClient) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) ManagedConnectorSpecBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorSpecBuilder) ObjectMetaBuilder(io.fabric8.kubernetes.api.model.ObjectMetaBuilder) ManagedConnectorBuilder(org.bf2.cos.fleetshard.api.ManagedConnectorBuilder) DebeziumDataShape(org.bf2.cos.fleetshard.operator.debezium.model.DebeziumDataShape) KafkaSpecBuilder(org.bf2.cos.fleetshard.api.KafkaSpecBuilder) ServiceAccountSpecBuilder(org.bf2.cos.fleetshard.api.ServiceAccountSpecBuilder)

Example 9 with Secrets

use of org.bf2.cos.fleetshard.support.resources.Secrets in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class KeycloakOperatorManager method installKeycloak.

public static CompletableFuture<Void> installKeycloak(KubeClient kubeClient) throws Exception {
    if (SystemTestEnvironment.INSTALL_KEYCLOAK) {
        LOGGER.info("Installing Keycloak : {}", OPERATOR_NS);
        kubeClient.client().namespaces().createOrReplace(new NamespaceBuilder().withNewMetadata().withName(OPERATOR_NS).endMetadata().build());
        SecurityUtils.TlsConfig tls = SecurityUtils.getTLSConfig(OPERATOR_NS + ".svc");
        Secret keycloakCert = new SecretBuilder().withNewMetadata().withName("sso-x509-https-secret").withNamespace(OPERATOR_NS).endMetadata().withType("kubernetes.io/tls").withData(Map.of("tls.crt", new String(Base64.getEncoder().encode(tls.getCert().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8), "tls.key", new String(Base64.getEncoder().encode(tls.getKey().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8))).build();
        kubeClient.client().secrets().inNamespace(OPERATOR_NS).createOrReplace(keycloakCert);
        List<String> keycloakInstallFiles = Arrays.asList("https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/service_account.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/role_binding.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/role.yaml", "https://raw.githubusercontent.com/keycloak/keycloak-operator/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/cluster_roles/cluster_role_binding.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/cluster_roles/cluster_role.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakbackups_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakclients_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakrealms_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloaks_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/crds/keycloak.org_keycloakusers_crd.yaml", "https://github.com/keycloak/keycloak-operator/raw/" + SystemTestEnvironment.KEYCLOAK_VERSION + "/deploy/operator.yaml");
        for (String urlString : keycloakInstallFiles) {
            URL url = new URL(urlString);
            INSTALLED_RESOURCES.add(kubeClient.client().load(url.openStream()).get().get(0));
        }
        for (HasMetadata resource : INSTALLED_RESOURCES) {
            resource.getMetadata().setNamespace(OPERATOR_NS);
            kubeClient.client().resource(resource).inNamespace(OPERATOR_NS).createOrReplace();
        }
        kubeClient.cmdClient().namespace(OPERATOR_NS).execInCurrentNamespace("apply", "-f", Paths.get(Environment.SUITE_ROOT, "src", "main", "resources", "keycloak.yml").toAbsolutePath().toString());
        LOGGER.info("Done installing Keycloak : {}", OPERATOR_NS);
        return TestUtils.asyncWaitFor("Keycloak instance ready", 1_000, 600_000, () -> TestUtils.isPodReady(KubeClient.getInstance().client().pods().inNamespace(OPERATOR_NS).list().getItems().stream().filter(pod -> pod.getMetadata().getName().contains("keycloak-0")).findFirst().orElse(null)));
    } else {
        LOGGER.info("Keycloak is not installed suite will use values from env vars for oauth");
        return CompletableFuture.completedFuture(null);
    }
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) SecurityUtils(org.bf2.systemtest.framework.SecurityUtils) NamespaceBuilder(io.fabric8.kubernetes.api.model.NamespaceBuilder) URL(java.net.URL)

Aggregations

Secret (io.fabric8.kubernetes.api.model.Secret)7 ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)5 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)5 ManagedConnector (org.bf2.cos.fleetshard.api.ManagedConnector)5 FleetShardSyncConfig (org.bf2.cos.fleetshard.sync.FleetShardSyncConfig)5 FleetManagerClient (org.bf2.cos.fleetshard.sync.client.FleetManagerClient)5 FleetShardClient (org.bf2.cos.fleetshard.sync.client.FleetShardClient)5 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)4 MeterRegistry (io.micrometer.core.instrument.MeterRegistry)4 ConnectorDeployment (org.bf2.cos.fleet.manager.model.ConnectorDeployment)4 Test (org.junit.jupiter.api.Test)4 ConnectorDeploymentProvisioner (org.bf2.cos.fleetshard.sync.resources.ConnectorDeploymentProvisioner)3 NamespaceBuilder (io.fabric8.kubernetes.api.model.NamespaceBuilder)2 ManagedConnectorBuilder (org.bf2.cos.fleetshard.api.ManagedConnectorBuilder)2 JsonInclude (com.fasterxml.jackson.annotation.JsonInclude)1 JsonProperty (com.fasterxml.jackson.annotation.JsonProperty)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 HasMetadata (io.fabric8.kubernetes.api.model.HasMetadata)1 LocalObjectReferenceBuilder (io.fabric8.kubernetes.api.model.LocalObjectReferenceBuilder)1 Namespace (io.fabric8.kubernetes.api.model.Namespace)1