From 628719b462118c0d73595b9a5810583bb5bde54c Mon Sep 17 00:00:00 2001 From: Pete Savage Date: Wed, 11 May 2022 16:58:58 +0100 Subject: [PATCH] Added SASL metadata --- .../test-kafka-managed/02-json-asserts.yaml | 2 + .../test-kafka-managed/04-json-asserts.yaml | 2 + .../02-json-asserts.yaml | 2 + .../cloud.redhat.com/config/schema.json | 6 +++ controllers/cloud.redhat.com/config/types.go | 6 +++ .../providers/kafka/managed.go | 7 +++- .../providers/kafka/strimzi.go | 3 ++ ...afkasaslconfig-properties-saslmechanism.md | 16 +++++++ ...asaslconfig-properties-securityprotocol.md | 16 +++++++ .../schema-definitions-kafkasaslconfig.md | 42 +++++++++++++++++-- docs/appconfig/schema.md | 42 +++++++++++++++++-- 11 files changed, 134 insertions(+), 10 deletions(-) create mode 100644 docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md create mode 100644 docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md diff --git a/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml index 4cd59226f..3d05c0765 100644 --- a/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml +++ b/bundle/tests/scorecard/kuttl/test-kafka-managed/02-json-asserts.yaml @@ -12,3 +12,5 @@ commands: - script: jq -r '.kafka.brokers[].port == 27015' -e < /tmp/test-kafka-managed-json - script: jq -r '.kafka.brokers[].sasl.username == "kafka-username"' -e < /tmp/test-kafka-managed-json - script: jq -r '.kafka.brokers[].sasl.password == "kafka-password"' -e < /tmp/test-kafka-managed-json +- script: jq -r '.kafka.brokers[].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-managed-json +- script: jq -r '.kafka.brokers[].sasl.saslMechanism == "PLAIN"' -e < /tmp/test-kafka-managed-json diff --git a/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml index 4ede88807..8942fd0d1 100644 --- a/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml +++ b/bundle/tests/scorecard/kuttl/test-kafka-managed/04-json-asserts.yaml @@ -12,3 +12,5 @@ commands: - script: jq -r '.kafka.brokers[].port == 27015' -e < /tmp/test-kafka-managed-json - script: jq -r '.kafka.brokers[].sasl.username == "kafka-username"' -e < /tmp/test-kafka-managed-json - script: jq -r '.kafka.brokers[].sasl.password == "kafka-password"' -e < /tmp/test-kafka-managed-json +- script: jq -r '.kafka.brokers[].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-managed-json +- script: jq -r '.kafka.brokers[].sasl.saslMechanism == "PLAIN"' -e < /tmp/test-kafka-managed-json diff --git a/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml b/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml index 1aeaaf1ad..1766fe4ab 100644 --- a/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml +++ b/bundle/tests/scorecard/kuttl/test-kafka-strimzi-topic-auth/02-json-asserts.yaml @@ -9,3 +9,5 @@ commands: - script: jq -r '.kafka.brokers[0].hostname == "test-kafka-strimzi-topic-auth-kafka-bootstrap.test-kafka-strimzi-topic-auth-kafka.svc"' -e < /tmp/test-kafka-strimzi-topic-auth-json - script: jq -r '.kafka.brokers[0].port == 9093' -e < /tmp/test-kafka-strimzi-topic-auth-json - script: jq -r '.kafka.brokers[0].sasl.username == "test-kafka-strimzi-topic-auth-puptoo"' -e < /tmp/test-kafka-strimzi-topic-auth-json +- script: jq -r '.kafka.brokers[0].sasl.securityProtocol == "SASL_SSL"' -e < /tmp/test-kafka-strimzi-topic-auth-json +- script: jq -r '.kafka.brokers[0].sasl.saslMechanism == "SCRAM-SHA-512"' -e < /tmp/test-kafka-strimzi-topic-auth-json diff --git a/controllers/cloud.redhat.com/config/schema.json b/controllers/cloud.redhat.com/config/schema.json index 39878eb77..74fc58f1a 100644 --- a/controllers/cloud.redhat.com/config/schema.json +++ b/controllers/cloud.redhat.com/config/schema.json @@ -197,6 +197,12 @@ }, "password": { "type": "string" + }, + "securityProtocol": { + "type": "string" + }, + "saslMechanism": { + "type": "string" } }, "required": [] diff --git a/controllers/cloud.redhat.com/config/types.go b/controllers/cloud.redhat.com/config/types.go index 251433664..c05839940 100644 --- a/controllers/cloud.redhat.com/config/types.go +++ b/controllers/cloud.redhat.com/config/types.go @@ -560,6 +560,12 @@ type KafkaSASLConfig struct { // Password corresponds to the JSON schema field "password". Password *string `json:"password,omitempty"` + // SaslMechanism corresponds to the JSON schema field "saslMechanism". + SaslMechanism *string `json:"saslMechanism,omitempty"` + + // SecurityProtocol corresponds to the JSON schema field "securityProtocol". + SecurityProtocol *string `json:"securityProtocol,omitempty"` + // Username corresponds to the JSON schema field "username". Username *string `json:"username,omitempty"` } diff --git a/controllers/cloud.redhat.com/providers/kafka/managed.go b/controllers/cloud.redhat.com/providers/kafka/managed.go index 530b329ad..31f5ca95c 100644 --- a/controllers/cloud.redhat.com/providers/kafka/managed.go +++ b/controllers/cloud.redhat.com/providers/kafka/managed.go @@ -8,6 +8,7 @@ import ( "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/config" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/errors" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers" + "github.com/RedHatInsights/rhc-osdk-utils/utils" core "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" @@ -57,8 +58,10 @@ func (k *managedKafkaProvider) Provide(app *crd.ClowdApp, c *config.AppConfig) e Hostname: string(s.Data["hostname"]), Port: &port, Sasl: &config.KafkaSASLConfig{ - Password: &password, - Username: &username, + Password: &password, + Username: &username, + SecurityProtocol: utils.StringPtr("SASL_SSL"), + SaslMechanism: utils.StringPtr("PLAIN"), }, } diff --git a/controllers/cloud.redhat.com/providers/kafka/strimzi.go b/controllers/cloud.redhat.com/providers/kafka/strimzi.go index d0748d9d5..c60e5729d 100644 --- a/controllers/cloud.redhat.com/providers/kafka/strimzi.go +++ b/controllers/cloud.redhat.com/providers/kafka/strimzi.go @@ -15,6 +15,7 @@ import ( "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/errors" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/utils" + osdkutil "github.com/RedHatInsights/rhc-osdk-utils/utils" core "k8s.io/api/core/v1" networking "k8s.io/api/networking/v1" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -759,6 +760,8 @@ func (s *strimziProvider) setBrokerCredentials(app *crd.ClowdApp) error { } password := string(kafkaSecret.Data["password"]) broker.Sasl.Password = &password + broker.Sasl.SecurityProtocol = osdkutil.StringPtr("SASL_SSL") + broker.Sasl.SaslMechanism = osdkutil.StringPtr("SCRAM-SHA-512") } } return nil diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md new file mode 100644 index 000000000..d072e05f8 --- /dev/null +++ b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-saslmechanism.md @@ -0,0 +1,16 @@ +# Untitled string in AppConfig Schema + +```txt +https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism +``` + + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | ---------- | -------------- | ----------------------- | :---------------- | --------------------- | ------------------- | ------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [schema.json\*](../../out/schema.json "open original schema") | + +## saslMechanism Type + +`string` diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md new file mode 100644 index 000000000..fa19ff339 --- /dev/null +++ b/docs/appconfig/schema-definitions-kafkasaslconfig-properties-securityprotocol.md @@ -0,0 +1,16 @@ +# Untitled string in AppConfig Schema + +```txt +https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol +``` + + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | ---------- | -------------- | ----------------------- | :---------------- | --------------------- | ------------------- | ------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [schema.json\*](../../out/schema.json "open original schema") | + +## securityProtocol Type + +`string` diff --git a/docs/appconfig/schema-definitions-kafkasaslconfig.md b/docs/appconfig/schema-definitions-kafkasaslconfig.md index e2aaa8667..31dfb9c7e 100644 --- a/docs/appconfig/schema-definitions-kafkasaslconfig.md +++ b/docs/appconfig/schema-definitions-kafkasaslconfig.md @@ -17,10 +17,12 @@ SASL Configuration for Kafka # undefined Properties -| Property | Type | Required | Nullable | Defined by | -| :-------------------- | -------- | -------- | -------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") | -| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------------------ | -------- | -------- | -------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") | +| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") | +| [securityProtocol](#securityprotocol) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") | +| [saslMechanism](#saslmechanism) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism") | ## username @@ -53,3 +55,35 @@ SASL Configuration for Kafka ### password Type `string` + +## securityProtocol + + + + +`securityProtocol` + +- is optional +- Type: `string` +- cannot be null +- defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") + +### securityProtocol Type + +`string` + +## saslMechanism + + + + +`saslMechanism` + +- is optional +- Type: `string` +- cannot be null +- defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism") + +### saslMechanism Type + +`string` diff --git a/docs/appconfig/schema.md b/docs/appconfig/schema.md index 836bd7a9e..5d57aa1ec 100644 --- a/docs/appconfig/schema.md +++ b/docs/appconfig/schema.md @@ -567,10 +567,12 @@ Reference this group by using {"$ref":"https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig"} ``` -| Property | Type | Required | Nullable | Defined by | -| :-------------------- | -------- | -------- | -------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") | -| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------------------ | -------- | -------- | -------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| [username](#username) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-username.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/username") | +| [password](#password) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-password.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/password") | +| [securityProtocol](#securityprotocol) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") | +| [saslMechanism](#saslmechanism) | `string` | Optional | cannot be null | [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism") | ### username @@ -604,6 +606,38 @@ Reference this group by using `string` +### securityProtocol + + + + +`securityProtocol` + +- is optional +- Type: `string` +- cannot be null +- defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-securityprotocol.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/securityProtocol") + +#### securityProtocol Type + +`string` + +### saslMechanism + + + + +`saslMechanism` + +- is optional +- Type: `string` +- cannot be null +- defined in: [AppConfig](schema-definitions-kafkasaslconfig-properties-saslmechanism.md "https://cloud.redhat.com/schemas/clowder-appconfig#/definitions/KafkaSASLConfig/properties/saslMechanism") + +#### saslMechanism Type + +`string` + ## Definitions group BrokerConfig Reference this group by using