Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable per kafka listener sasl #6940

Merged
merged 29 commits into from
Oct 31, 2022
Merged

Enable per kafka listener sasl #6940

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
4cb25bc
k8s: Update Makefile targets
Oct 24, 2022
be3b90f
k8s: Extend Kafka authorization method
Oct 24, 2022
24a2231
k8s: Add authorized method webhook with test
Oct 26, 2022
c206592
k8s: Generate CRD definition
Oct 24, 2022
b519d6f
k8s: Replace deprecated reference on enable_sasl with function
Oct 24, 2022
01d76db
k8s: Implement new authorization configuration options
Oct 24, 2022
bef9d62
k8s: Create feature gate for new SASL per listener feature
Oct 25, 2022
159b717
k8s: Extend PandaProxy authorization method
Oct 25, 2022
4e60cb7
k8s: Generate CRD definition after adding pp authentication method
Oct 25, 2022
d4bc3c8
k8s: Extend schema registry authorization method
Oct 25, 2022
3739a2c
k8s: Generate CRD definition after adding sr authentication method
Oct 25, 2022
10c1068
rpk: Change pandaproxy configuration options
Oct 25, 2022
bc9f5fa
rpk: Change schema registry configuration options
Oct 25, 2022
6dcfcb3
k8s: Add authorization method in panda proxy configuration
Oct 25, 2022
ffdc589
k8s: Add authorization method in schema registry configuration
Oct 25, 2022
5f9c534
k8s: Change SASL configuration in pp e2e test
Oct 26, 2022
6e1dd34
k8s: Run gofmpt against operator code base
Oct 26, 2022
9ad0859
k8s: Clean console controller tests
Oct 28, 2022
18e0a5c
k8s: Bump kuttle test version
Oct 28, 2022
2831119
k8s: Load redpanda container in kindContainers
Oct 28, 2022
daee21f
k8s: Use configurator from source code
Oct 28, 2022
8cd9034
k8s: Add schema registry e2e tests using http basic authenticationMethod
Oct 28, 2022
1c150d3
k8s: Remove crlfmt formatter
Oct 29, 2022
e4d0bc2
k8s: Create more traces for console configuration changes
Oct 30, 2022
3afabea
k8s: Bump certificate manager verification timeout
Oct 30, 2022
f8ecfd2
k8s: Change decommission deployment of operator
Oct 30, 2022
b866556
k8s: Change update configuration image test
Oct 30, 2022
962cd27
k8s: Add update secret verb to cluster role
Oct 30, 2022
b65e9a1
k8s: Add delete config map verb to cluster role
Oct 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/00-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: schema-registry
status:
readyReplicas: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
30 changes: 30 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/00-redpanda-cluster.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: redpanda.vectorized.io/v1alpha1
kind: Cluster
metadata:
name: schema-registry
spec:
image: "localhost/redpanda"
version: "dev"
replicas: 1
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 1
memory: 100Mi
kafkaEnableAuthorization: true
configuration:
rpcServer:
port: 33145
kafkaApi:
- port: 9092
authenticationMethod: sasl
tls:
enabled: true
adminApi:
- port: 9644
schemaRegistry:
port: 8081
authenticationMethod: http_basic
developerMode: true
18 changes: 18 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/01-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-schema
status:
conditions:
- status: "True"
type: Complete
succeeded: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
38 changes: 38 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/01-create-schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-schema
spec:
template:
spec:
containers:
- name: rpk
image: localhost/redpanda:dev
env:
- name: SCRAM_USERNAME
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: username
- name: SCRAM_PASSWORD
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: password
command:
- curl
args:
- --silent
- -X
- POST
- -H
- "Content-Type: application/vnd.schemaregistry.v1+json"
- -u
- "$SCRAM_USERNAME:$SCRAM_PASSWORD"
- --data
- '{"schema": "{\"type\": \"string\"}" }'
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions
restartPolicy: Never
backoffLimit: 6
parallelism: 1
completions: 1
18 changes: 18 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/02-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: retrive-schema
status:
conditions:
- status: "True"
type: Complete
succeeded: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
34 changes: 34 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/02-retrieve-schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: batch/v1
kind: Job
metadata:
name: retrive-schema
spec:
template:
spec:
containers:
- name: rpk
image: localhost/redpanda:dev
env:
- name: SCRAM_USERNAME
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: username
- name: SCRAM_PASSWORD
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: password
command:
- curl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately curl does not fail if the status code is not 2xx, you may need to check it manually

args:
- --silent
- -X
- GET
- -u
- "$SCRAM_USERNAME:$SCRAM_PASSWORD"
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions/1
restartPolicy: Never
backoffLimit: 6
parallelism: 1
completions: 1
18 changes: 18 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/03-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: delete-schema
status:
conditions:
- status: "True"
type: Complete
succeeded: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
34 changes: 34 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/03-delete-schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: batch/v1
kind: Job
metadata:
name: delete-schema
spec:
template:
spec:
containers:
- name: rpk
image: localhost/redpanda:dev
env:
- name: SCRAM_USERNAME
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: username
- name: SCRAM_PASSWORD
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: password
command:
- curl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, should check http code

args:
- --silent
- -X
- DELETE
- -u
- "$SCRAM_USERNAME:$SCRAM_PASSWORD"
- http://schema-registry-cluster:8081/subjects/Kafka-value/versions/1
restartPolicy: Never
backoffLimit: 6
parallelism: 1
completions: 1
11 changes: 11 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/04-add-node-tls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: redpanda.vectorized.io/v1alpha1
kind: Cluster
metadata:
name: schema-registry
spec:
configuration:
schemaRegistry:
port: 8081
authenticationMethod: http_basic
tls:
enabled: true
53 changes: 53 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/04-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: schema-registry-schema-registry-selfsigned-issuer
status:
conditions:
- reason: IsReady
status: "True"
type: Ready

---

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: schema-registry-schema-registry-root-issuer
status:
conditions:
- reason: KeyPairVerified
status: "True"
type: Ready
---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: schema-registry-schema-registry-root-certificate
status:
conditions:
- reason: Ready
status: "True"
type: Ready

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: schema-registry-schema-registry-node
status:
conditions:
- reason: Ready
status: "True"
type: Ready

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
18 changes: 18 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/05-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-schema-with-tls
status:
conditions:
- status: "True"
type: Complete
succeeded: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
47 changes: 47 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/05-create-schema-with-tls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
apiVersion: batch/v1
kind: Job
metadata:
name: create-schema-with-tls
spec:
template:
spec:
volumes:
- name: tlscert
secret:
defaultMode: 420
secretName: schema-registry-schema-registry-node
containers:
- name: rpk
image: localhost/redpanda:dev
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SCRAM_USERNAME
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: username
- name: SCRAM_PASSWORD
valueFrom:
secretKeyRef:
name: schema-registry-schema-registry-sasl
key: password
command:
- /bin/bash
- -c
args:
- >
curl -vv --silent --cacert /etc/tls/certs/schema-registry/ca.crt
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, should check http code

-u "$SCRAM_USERNAME:$SCRAM_PASSWORD"
-X POST -H "Content-Type: application/vnd.schemaregistry.v1+json"
--data '{"schema": "{\"type\": \"string\"}" }'
https://schema-registry-cluster.$POD_NAMESPACE.svc.cluster.local.:8081/subjects/Kafka-value/versions
volumeMounts:
- mountPath: /etc/tls/certs/schema-registry
name: tlscert
restartPolicy: Never
backoffLimit: 6
parallelism: 1
completions: 1
18 changes: 18 additions & 0 deletions src/go/k8s/tests/e2e/redpanda-schema-registry-sasl/06-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: batch/v1
kind: Job
metadata:
name: retrieve-schema-with-tls
status:
conditions:
- status: "True"
type: Complete
succeeded: 1

---

apiVersion: kuttl.dev/v1beta1
kind: TestAssert
collectors:
- type: pod
selector: app.kubernetes.io/name=redpanda
tail: -1
Loading