Added SASL metadata

RedHatInsights · May 13, 2022 · 628719b · 628719b
1 parent a3df012
commit 628719b
Show file tree

Hide file tree

Showing 11 changed files with 134 additions and 10 deletions.
diff --git a/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml
@@ -12,3 +12,5 @@ commands:
 - script: jq -r '.kafka.brokers[].port == 27015' -e < /tmp/test-kafka-managed-json
 - script: jq -r '.kafka.brokers[].sasl.username == "kafka-username"' -e < /tmp/test-kafka-managed-json
 - script: jq -r '.kafka.brokers[].sasl.password == "kafka-password"' -e < /tmp/test-kafka-managed-json
+- script: jq -r '.kafka.brokers[].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-managed-json
+- script: jq -r '.kafka.brokers[].sasl.saslMechanism == "PLAIN"' -e < /tmp/test-kafka-managed-json
diff --git a/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml
@@ -12,3 +12,5 @@ commands:
 - script: jq -r '.kafka.brokers[].port == 27015' -e < /tmp/test-kafka-managed-json
 - script: jq -r '.kafka.brokers[].sasl.username == "kafka-username"' -e < /tmp/test-kafka-managed-json
 - script: jq -r '.kafka.brokers[].sasl.password == "kafka-password"' -e < /tmp/test-kafka-managed-json
+- script: jq -r '.kafka.brokers[].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-managed-json
+- script: jq -r '.kafka.brokers[].sasl.saslMechanism == "PLAIN"' -e < /tmp/test-kafka-managed-json
diff --git a/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml
@@ -9,3 +9,5 @@ commands:
 - script: jq -r '.kafka.brokers[0].hostname == "test-kafka-strimzi-topic-auth-kafka-bootstrap.test-kafka-strimzi-topic-auth-kafka.svc"' -e < /tmp/test-kafka-strimzi-topic-auth-json
 - script: jq -r '.kafka.brokers[0].port == 9093' -e < /tmp/test-kafka-strimzi-topic-auth-json
 - script: jq -r '.kafka.brokers[0].sasl.username == "test-kafka-strimzi-topic-auth-puptoo"' -e < /tmp/test-kafka-strimzi-topic-auth-json
+- script: jq -r '.kafka.brokers[0].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-strimzi-topic-auth-json
+- script: jq -r '.kafka.brokers[0].sasl.saslMechanism == "SCRAM-SHA-512"' -e < /tmp/test-kafka-strimzi-topic-auth-json
diff --git a/controllers/cloud.redhat.com/config/schema.json b/controllers/cloud.redhat.com/config/schema.json
@@ -197,6 +197,12 @@
                 },
                 "password": {
                     "type": "string"
+                },
+                "securityProtocol": {
+                    "type": "string"
+                },
+                "saslMechanism": {
+                    "type": "string"
                 }
             },
             "required": []

diff --git a/controllers/cloud.redhat.com/config/types.go b/controllers/cloud.redhat.com/config/types.go
diff --git a/controllers/cloud.redhat.com/providers/kafka/managed.go b/controllers/cloud.redhat.com/providers/kafka/managed.go
@@ -8,6 +8,7 @@ import (
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/config"
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/errors"
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers"
+	"github.com/RedHatInsights/rhc-osdk-utils/utils"
 
 	core "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -57,8 +58,10 @@ func (k *managedKafkaProvider) Provide(app *crd.ClowdApp, c *config.AppConfig) e
 		Hostname: string(s.Data["hostname"]),
 		Port:     &port,
 		Sasl: &config.KafkaSASLConfig{
-			Password: &password,
-			Username: &username,
+			Password:         &password,
+			Username:         &username,
+			SecurityProtocol: utils.StringPtr("SASL_SSL"),
+			SaslMechanism:    utils.StringPtr("PLAIN"),
 		},
 	}
 

diff --git a/controllers/cloud.redhat.com/providers/kafka/strimzi.go b/controllers/cloud.redhat.com/providers/kafka/strimzi.go
@@ -15,6 +15,7 @@ import (
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/errors"
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers"
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/utils"
+	osdkutil "github.com/RedHatInsights/rhc-osdk-utils/utils"
 	core "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -759,6 +760,8 @@ func (s *strimziProvider) setBrokerCredentials(app *crd.ClowdApp) error {
 			}
 			password := string(kafkaSecret.Data["password"])
 			broker.Sasl.Password = &password
+			broker.Sasl.SecurityProtocol = osdkutil.StringPtr("SASL_SSL")
+			broker.Sasl.SaslMechanism = osdkutil.StringPtr("SCRAM-SHA-512")
 		}
 	}
 	return nil

diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md
@@ -0,0 +1,16 @@
+# Untitled string in AppConfig Schema
+
+```txt
+https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism
+```
+
+
+
+
+| Abstract            | Extensible | Status         | Identifiable            | Custom Properties | Additional Properties | Access Restrictions | Defined In                                                    |
+| :------------------ | ---------- | -------------- | ----------------------- | :---------------- | --------------------- | ------------------- | ------------------------------------------------------------- |
+| Can be instantiated | No         | Unknown status | Unknown identifiability | Forbidden         | Allowed               | none                | [schema.json\*](../../out/schema.json "open original schema") |
+
+## saslMechanism Type
+
+`string`
diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md
@@ -0,0 +1,16 @@
+# Untitled string in AppConfig Schema
+
+```txt
+https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol
+```
+
+
+
+
+| Abstract            | Extensible | Status         | Identifiable            | Custom Properties | Additional Properties | Access Restrictions | Defined In                                                    |
+| :------------------ | ---------- | -------------- | ----------------------- | :---------------- | --------------------- | ------------------- | ------------------------------------------------------------- |
+| Can be instantiated | No         | Unknown status | Unknown identifiability | Forbidden         | Allowed               | none                | [schema.json\*](../../out/schema.json "open original schema") |
+
+## securityProtocol Type
+
+`string`
diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig.md b/docs/appconfig/schema-definitions-kafkasaslconfig.md
@@ -17,10 +17,12 @@ SASL Configuration for Kafka
 
 # undefined Properties
 
-| Property              | Type     | Required | Nullable       | Defined by                                                                                                                                                                        |
-| :-------------------- | -------- | -------- | -------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") |
-| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") |
+| Property                              | Type     | Required | Nullable       | Defined by                                                                                                                                                                                        |
+| :------------------------------------ | -------- | -------- | -------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| [username](#username)                 | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username")                 |
+| [password](#password)                 | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password")                 |
+| [securityProtocol](#securityprotocol) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") |
+| [saslMechanism](#saslmechanism)       | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism")       |
 
 ## username
 
@@ -53,3 +55,35 @@ SASL Configuration for Kafka
 ### password Type
 
 `string`
+
+## securityProtocol
+
+
+
+
+`securityProtocol`
+
+-   is optional
+-   Type: `string`
+-   cannot be null
+-   defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol")
+
+### securityProtocol Type
+
+`string`
+
+## saslMechanism
+
+
+
+
+`saslMechanism`
+
+-   is optional
+-   Type: `string`
+-   cannot be null
+-   defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism")
+
+### saslMechanism Type
+
+`string`
diff --git a/docs/appconfig/schema.md b/docs/appconfig/schema.md
@@ -567,10 +567,12 @@ Reference this group by using
 {"$ref":"https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig"}
 ```
 
-| Property              | Type     | Required | Nullable       | Defined by                                                                                                                                                                        |
-| :-------------------- | -------- | -------- | -------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") |
-| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") |
+| Property                              | Type     | Required | Nullable       | Defined by                                                                                                                                                                                        |
+| :------------------------------------ | -------- | -------- | -------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| [username](#username)                 | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username")                 |
+| [password](#password)                 | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password")                 |
+| [securityProtocol](#securityprotocol) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") |
+| [saslMechanism](#saslmechanism)       | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism")       |
 
 ### username
 
@@ -604,6 +606,38 @@ Reference this group by using
 
 `string`
 
+### securityProtocol
+
+
+
+
+`securityProtocol`
+
+-   is optional
+-   Type: `string`
+-   cannot be null
+-   defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol")
+
+#### securityProtocol Type
+
+`string`
+
+### saslMechanism
+
+
+
+
+`saslMechanism`
+
+-   is optional
+-   Type: `string`
+-   cannot be null
+-   defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https&#x3A;//cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism")
+
+#### saslMechanism Type
+
+`string`
+
 ## Definitions group BrokerConfig
 
 Reference this group by using