Skip to content

Commit

Permalink
Rebalance OIDC tests, security config validation
Browse files Browse the repository at this point in the history
Signed-off-by: Michael Edgar <[email protected]>
  • Loading branch information
MikeEdgar committed Nov 7, 2024
1 parent 7244262 commit 34e1195
Show file tree
Hide file tree
Showing 22 changed files with 395 additions and 51 deletions.
4 changes: 2 additions & 2 deletions api/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@
<excludes>
<exclude>com/github/streamshub/console/api/support/TrustAllCertificateManager.class</exclude>
</excludes>
<exclClassLoaders>*QuarkusClassLoader</exclClassLoaders>
<!--<exclClassLoaders>*QuarkusClassLoader</exclClassLoaders>-->
<destFile>${project.build.directory}/jacoco-quarkus.exec</destFile>
<append>true</append>
</configuration>
Expand All @@ -334,7 +334,7 @@
<excludes>
<exclude>com/github/streamshub/console/api/support/TrustAllCertificateManager.class</exclude>
</excludes>
<exclClassLoaders>*QuarkusClassLoader</exclClassLoaders>
<!--<exclClassLoaders>*QuarkusClassLoader</exclClassLoaders>-->
<destFile>${project.build.directory}/jacoco-quarkus.exec</destFile>
<append>true</append>
</configuration>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ private void addRoleChecker(KafkaContext ctx, QuarkusSecurityIdentity.Builder bu

Stream<Permission> globalPermissions = getPermissions(globalSecurity, roleNames, "");
Stream<Permission> clusterPermissions = clusterSecurity
.map(cs -> getPermissions(cs, roleNames, "kafkas/" + ctx.clusterId() + '/'))
.map(cs -> getPermissions(cs, roleNames, "kafkas/" + ctx.clusterConfig().getName() + '/'))
.orElseGet(Stream::empty);

List<Permission> possessedPermissions = Stream.concat(globalPermissions, clusterPermissions).toList();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,19 @@ public ConsolePermission(String resource, Collection<String> resourceNames, Priv
}

private static Set<Privilege> checkActions(Privilege[] actions) {
Set<Privilege> validActions = new HashSet<>(actions.length, 1);
for (Privilege action : actions) {
validActions.add(validateAndTrim(action, "Action"));
Objects.requireNonNull(actions);

if (actions.length == 0) {
throw new IllegalArgumentException("actions must not be zero length");
}
return Collections.unmodifiableSet(validActions);
}

private static Privilege validateAndTrim(Privilege action, String paramName) {
if (action == null) {
throw new IllegalArgumentException(String.format("%s must not be null", paramName));
Set<Privilege> validActions = new HashSet<>(actions.length, 1);

for (Privilege action : actions) {
validActions.add(Objects.requireNonNull(action));
}

return action;
return Collections.unmodifiableSet(validActions);
}

public ConsolePermission resourceName(String resourceName) {
Expand All @@ -74,18 +74,6 @@ boolean implies(ConsolePermission requiredPermission) {
return false;
}

// actions are optional, however if at least one action was specified,
// an intersection of compared sets must not be empty
if (requiredPermission.actions.isEmpty()) {
// no required actions
return true;
}

if (actions.isEmpty()) {
// no possessed actions
return false;
}

if (actions.contains(Privilege.ALL)) {
// all actions possessed
return true;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ private CompletableFuture<Void> maybeFetchConsumerGroups(Map<Uuid, Topic> topics

return consumerGroupService
.listConsumerGroupMembership(searchTopics)
.thenAccept(consumerGroups -> {
.thenAccept(consumerGroups ->
topics.forEach((topicId, topic) -> {
String idString = topicId.toString();

Expand All @@ -294,8 +294,8 @@ private CompletableFuture<Void> maybeFetchConsumerGroups(Map<Uuid, Topic> topics
topic.consumerGroups().data().addAll(identifiers);
topic.consumerGroups().addMeta("count", identifiers.size());
}
});
}).toCompletableFuture();
}))
.toCompletableFuture();
}

/* package */ CompletionStage<Map<Uuid, Either<Topic, Throwable>>> describeTopics(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,8 @@ void setup() {
utils = new TestHelper(bootstrapServers, config, null);

client.resources(Kafka.class).inAnyNamespace().delete();
consoleConfig.clearSecurity();

utils.apply(client, new KafkaBuilder()
.withNewMetadata()
.withName("test-kafka1")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,8 @@ void setup() throws IOException {
utils = new TestHelper(bootstrapServers, config, null);

client.resources(Kafka.class).inAnyNamespace().delete();
consoleConfig.clearSecurity();

utils.apply(client, utils.buildKafkaResource("test-kafka1", utils.getClusterId(), bootstrapServers));

// Wait for the informer cache to be populated with all Kafka CRs
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@
import com.github.streamshub.console.api.support.KafkaContext;
import com.github.streamshub.console.config.ConsoleConfig;
import com.github.streamshub.console.config.KafkaClusterConfig;
import com.github.streamshub.console.config.security.GlobalSecurityConfig;
import com.github.streamshub.console.config.security.GlobalSecurityConfigBuilder;
import com.github.streamshub.console.config.security.Privilege;
import com.github.streamshub.console.kafka.systemtest.TestPlainProfile;
Expand Down Expand Up @@ -136,10 +135,10 @@ void setup() throws IOException {
.map(k -> k.getProperties().get("bootstrap.servers"))
.orElseThrow());

consoleConfig.setSecurity(new GlobalSecurityConfig());
utils = new TestHelper(bootstrapServers, config, null);

client.resources(Kafka.class).inAnyNamespace().delete();
consoleConfig.clearSecurity();

utils.apply(client, new KafkaBuilder(utils.buildKafkaResource("test-kafka1", utils.getClusterId(), bootstrapServers,
new KafkaListenerAuthenticationCustomBuilder()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ void setup() throws IOException {
.map(k -> k.getProperties().get("bootstrap.servers"))
.orElseThrow());

consoleConfig.clearSecurity();
utils = new TestHelper(bootstrapServers, config, null);

clusterId1 = consoleConfig.getKafka().getCluster("test-kafka1").get().getId();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.eclipse.microprofile.config.Config;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
Expand All @@ -25,7 +24,6 @@
import com.github.streamshub.console.api.support.KafkaContext;
import com.github.streamshub.console.config.ConsoleConfig;
import com.github.streamshub.console.config.KafkaClusterConfig;
import com.github.streamshub.console.config.security.GlobalSecurityConfig;
import com.github.streamshub.console.config.security.GlobalSecurityConfigBuilder;
import com.github.streamshub.console.config.security.Privilege;
import com.github.streamshub.console.kafka.systemtest.TestPlainProfile;
Expand Down Expand Up @@ -86,6 +84,7 @@ void setup() throws IOException {
tokens = new TokenUtils(config);

client.resources(Kafka.class).inAnyNamespace().delete();
consoleConfig.clearSecurity();

Kafka kafka1 = new KafkaBuilder(utils.buildKafkaResource("test-kafka1", utils.getClusterId(), bootstrapServers))
.editOrNewStatus()
Expand Down Expand Up @@ -127,12 +126,6 @@ void setup() throws IOException {
clusterId1 = consoleConfig.getKafka().getCluster("default/test-kafka1").get().getId();
}

@AfterEach
void teardown() throws IOException {
client.resources(Kafka.class).inAnyNamespace().delete();
consoleConfig.setSecurity(new GlobalSecurityConfig());
}

@Test
void testListClustersWithNoRolesDefined() {
consoleConfig.setSecurity(oidcSecurity().build());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
import jakarta.ws.rs.core.Response.Status;

import org.eclipse.microprofile.config.Config;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
Expand Down Expand Up @@ -121,6 +120,7 @@ void setup() {

client.resources(Kafka.class).inAnyNamespace().delete();
client.resources(KafkaRebalance.class).inAnyNamespace().delete();
consoleConfig.clearSecurity();

utils.apply(client, new KafkaBuilder(utils.buildKafkaResource("test-kafka1", utils.getClusterId(), bootstrapServers))
.editSpec()
Expand Down Expand Up @@ -160,12 +160,6 @@ void setup() {
clusterId2 = consoleConfig.getKafka().getCluster("default/test-kafka2").get().getId();
}

@AfterEach
void tearDown() {
client.resources(Kafka.class).inAnyNamespace().delete();
client.resources(KafkaRebalance.class).inAnyNamespace().delete();
}

@Test
void testListRebalancesIncludesAllowedActions() {
whenRequesting(req -> req.get("", clusterId1))
Expand Down
Loading

0 comments on commit 34e1195

Please sign in to comment.