You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ja...@apache.org on 2022/03/30 08:24:38 UTC
[camel-quarkus] branch main updated: Kafka Oauth test bump Keycloak container version to 16.1.1 & leverage Strimzi dev services container Fixes #3531
This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 4875c67 Kafka Oauth test bump Keycloak container version to 16.1.1 & leverage Strimzi dev services container Fixes #3531
4875c67 is described below
commit 4875c67832235f0ce2c2ad9b014788b413b71b3f
Author: Zineb Bendhiba <be...@gmail.com>
AuthorDate: Mon Mar 14 15:12:04 2022 +0100
Kafka Oauth test bump Keycloak container version to 16.1.1 & leverage Strimzi dev services container
Fixes #3531
---
integration-tests/kafka-oauth/pom.xml | 2 +-
.../kafka/oauth/it/KafkaKeycloakTestResource.java | 22 ++--
.../kafka/oauth/it/container/KafkaContainer.java | 112 ---------------------
.../oauth/it/container/KeycloakContainer.java | 25 +----
.../src/test/resources/certificates/README.md | 48 ---------
.../test/resources/certificates/ca-truststore.p12 | Bin 1639 -> 0 bytes
.../src/test/resources/certificates/gen-ca.sh | 31 ------
.../resources/certificates/gen-keycloak-certs.sh | 31 ------
.../certificates/keycloak.server.keystore.p12 | Bin 5565 -> 0 bytes
.../resources/keycloak/scripts/keycloak-ssl.cli | 20 ----
10 files changed, 19 insertions(+), 272 deletions(-)
diff --git a/integration-tests/kafka-oauth/pom.xml b/integration-tests/kafka-oauth/pom.xml
index 888e2c1..2bfee7f 100644
--- a/integration-tests/kafka-oauth/pom.xml
+++ b/integration-tests/kafka-oauth/pom.xml
@@ -49,7 +49,7 @@
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
- <artifactId>quarkus-resteasy-jackson</artifactId>
+ <artifactId>quarkus-resteasy</artifactId>
</dependency>
<dependency>
<groupId>io.strimzi</groupId>
diff --git a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/KafkaKeycloakTestResource.java b/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/KafkaKeycloakTestResource.java
index 549ddb7..5124891 100644
--- a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/KafkaKeycloakTestResource.java
+++ b/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/KafkaKeycloakTestResource.java
@@ -20,9 +20,12 @@ import java.util.HashMap;
import java.util.Map;
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
-import org.apache.camel.quarkus.kafka.oauth.it.container.KafkaContainer;
+import io.strimzi.test.container.StrimziKafkaContainer;
import org.apache.camel.quarkus.kafka.oauth.it.container.KeycloakContainer;
import org.jboss.logging.Logger;
+import org.testcontainers.utility.MountableFile;
+
+import static io.strimzi.test.container.StrimziKafkaContainer.KAFKA_PORT;
/**
* Inspired from https://github.com/quarkusio/quarkus/tree/main/integration-tests/kafka-oauth-keycloak/
@@ -30,12 +33,11 @@ import org.jboss.logging.Logger;
public class KafkaKeycloakTestResource implements QuarkusTestResourceLifecycleManager {
private static final Logger log = Logger.getLogger(KafkaKeycloakTestResource.class);
- private KafkaContainer kafka;
+ private StrimziKafkaContainer kafka;
private KeycloakContainer keycloak;
@Override
public Map<String, String> start() {
-
Map<String, String> properties = new HashMap<>();
//Start keycloak container
@@ -45,10 +47,16 @@ public class KafkaKeycloakTestResource implements QuarkusTestResourceLifecycleMa
keycloak.createHostsFile();
//Start kafka container
- kafka = new KafkaContainer();
- kafka.start();
- log.info(kafka.getLogs());
- properties.put("kafka.bootstrap.servers", kafka.getBootstrapServers());
+ this.kafka = new StrimziKafkaContainer("quay.io/strimzi/kafka:latest-kafka-3.0.0")
+ .withBrokerId(1)
+ .withKafkaConfigurationMap(Map.of("listener.security.protocol.map", "JWT:SASL_PLAINTEXT,BROKER1:PLAINTEXT"))
+ .withNetworkAliases("kafka")
+ .withServerProperties(MountableFile.forClasspathResource("kafkaServer.properties"))
+ .withBootstrapServers(
+ c -> String.format("JWT://%s:%s", c.getContainerIpAddress(), c.getMappedPort(KAFKA_PORT)));
+ this.kafka.start();
+ log.info(this.kafka.getLogs());
+ properties.put("kafka.bootstrap.servers", this.kafka.getBootstrapServers());
properties.put("camel.component.kafka.brokers", kafka.getBootstrapServers());
return properties;
diff --git a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KafkaContainer.java b/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KafkaContainer.java
deleted file mode 100644
index e95e062..0000000
--- a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KafkaContainer.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.quarkus.kafka.oauth.it.container;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringReader;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.json.Json;
-import javax.json.stream.JsonParser;
-
-import com.github.dockerjava.api.command.InspectContainerResponse;
-import io.strimzi.test.container.StrimziKafkaContainer;
-import org.apache.commons.io.IOUtils;
-import org.jboss.logging.Logger;
-import org.testcontainers.containers.FixedHostPortGenericContainer;
-import org.testcontainers.containers.Network;
-import org.testcontainers.containers.wait.strategy.Wait;
-import org.testcontainers.images.builder.Transferable;
-import org.testcontainers.utility.MountableFile;
-
-/**
- * Inspired from https://github.com/quarkusio/quarkus/tree/main/integration-tests/kafka-oauth-keycloak/
- */
-public class KafkaContainer extends FixedHostPortGenericContainer<KafkaContainer> {
-
- private static final Logger LOGGER = Logger.getLogger(KafkaContainer.class);
-
- private static final String STARTER_SCRIPT = "/testcontainers_start.sh";
- private static final int KAFKA_PORT = 9092;
- private static final String LATEST_KAFKA_VERSION;
-
- private static final List<String> supportedKafkaVersions = new ArrayList<>();
-
- static {
- InputStream inputStream = StrimziKafkaContainer.class.getResourceAsStream("/kafka_versions.json");
- try {
- String json = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
- try (JsonParser parser = Json.createParser(new StringReader(json))) {
- parser.next();
- parser.getObject()
- .get("kafkaVersions")
- .asJsonObject()
- .keySet()
- .forEach(supportedKafkaVersions::add);
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
-
- // sort kafka version from low to high
- Collections.sort(supportedKafkaVersions);
-
- LATEST_KAFKA_VERSION = supportedKafkaVersions.get(supportedKafkaVersions.size() - 1);
- }
-
- public KafkaContainer() {
- super("quay.io/strimzi/kafka:" + "latest-kafka-" + LATEST_KAFKA_VERSION);
-
- withExposedPorts(KAFKA_PORT);
- withFixedExposedPort(KAFKA_PORT, KAFKA_PORT);
- withCopyFileToContainer(MountableFile.forClasspathResource("kafkaServer.properties"),
- "/opt/kafka/config/server.properties");
- waitingFor(Wait.forLogMessage(".*Kafka startTimeMs:.*", 1));
- withNetwork(Network.SHARED);
- withNetworkAliases("kafka");
- withEnv("LOG_DIR", "/tmp");
- }
-
- @Override
- protected void doStart() {
- // we need it for the startZookeeper(); and startKafka(); to run container before...
- withCommand("sh", "-c", "while [ ! -f " + STARTER_SCRIPT + " ]; do sleep 0.1; done; " + STARTER_SCRIPT);
- super.doStart();
- }
-
- @Override
- protected void containerIsStarting(InspectContainerResponse containerInfo, boolean reused) {
- super.containerIsStarting(containerInfo, reused);
- LOGGER.info("Kafka servers :: " + getBootstrapServers());
- String command = "#!/bin/bash \n";
- command += "bin/zookeeper-server-start.sh ./config/zookeeper.properties &\n";
- command += "export CLASSPATH=\"/opt/kafka/libs/strimzi/*:$CLASSPATH\" \n";
- command += "bin/kafka-server-start.sh ./config/server.properties" +
- " --override listeners=JWT://:" + KAFKA_PORT +
- " --override advertised.listeners=" + getBootstrapServers();
- copyFileToContainer(Transferable.of(command.getBytes(StandardCharsets.UTF_8), 700), STARTER_SCRIPT);
- }
-
- public String getBootstrapServers() {
- return String.format("JWT://%s:%s", getHost(), KAFKA_PORT);
- }
-
-}
diff --git a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KeycloakContainer.java b/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KeycloakContainer.java
index 0b46077..dcf86ae 100644
--- a/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KeycloakContainer.java
+++ b/integration-tests/kafka-oauth/src/test/java/org/apache/camel/quarkus/kafka/oauth/it/container/KeycloakContainer.java
@@ -18,7 +18,6 @@ package org.apache.camel.quarkus.kafka.oauth.it.container;
import java.io.FileWriter;
-import com.github.dockerjava.api.command.InspectContainerResponse;
import org.testcontainers.containers.FixedHostPortGenericContainer;
import org.testcontainers.containers.Network;
import org.testcontainers.containers.wait.strategy.Wait;
@@ -30,7 +29,7 @@ import org.testcontainers.utility.MountableFile;
public class KeycloakContainer extends FixedHostPortGenericContainer<KeycloakContainer> {
public KeycloakContainer() {
- super("quay.io/keycloak/keycloak:15.0.2");
+ super("quay.io/keycloak/keycloak:16.1.1");
withExposedPorts(8443);
withFixedExposedPort(8080, 8080);
withEnv("KEYCLOAK_USER", "admin");
@@ -41,27 +40,9 @@ public class KeycloakContainer extends FixedHostPortGenericContainer<KeycloakCon
waitingFor(Wait.forLogMessage(".*WFLYSRV0025.*", 1));
withNetwork(Network.SHARED);
withNetworkAliases("keycloak");
- withCreateContainerCmdModifier(cmd -> {
- cmd.withEntrypoint("");
- cmd.withCmd("/bin/bash", "-c", "cd /opt/jboss/keycloak " +
- "&& bin/jboss-cli.sh --file=ssl/keycloak-ssl.cli " +
- "&& rm -rf standalone/configuration/standalone_xml_history/current " +
- "&& cd .. " +
- "&& /opt/jboss/tools/docker-entrypoint.sh -Dkeycloak.profile.feature.upload_scripts=enabled -b 0.0.0.0");
- });
- }
-
- @Override
- protected void containerIsStarting(InspectContainerResponse containerInfo, boolean reused) {
- super.containerIsStarting(containerInfo);
- copyFileToContainer(MountableFile.forClasspathResource("certificates/ca-truststore.p12"),
- "/opt/jboss/keycloak/standalone/configuration/certs/ca-truststore.p12");
- copyFileToContainer(MountableFile.forClasspathResource("certificates/keycloak.server.keystore.p12"),
- "/opt/jboss/keycloak/standalone/configuration/certs/keycloak.server.keystore.p12");
- copyFileToContainer(MountableFile.forClasspathResource("keycloak/scripts/keycloak-ssl.cli"),
- "/opt/jboss/keycloak/ssl/keycloak-ssl.cli");
- copyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"),
+ withCopyFileToContainer(MountableFile.forClasspathResource("keycloak/realms/kafka-authz-realm.json"),
"/opt/jboss/keycloak/realms/kafka-authz-realm.json");
+ withCommand("-Dkeycloak.profile.feature.upload_scripts=enabled", "-b", "0.0.0.0");
}
public void createHostsFile() {
diff --git a/integration-tests/kafka-oauth/src/test/resources/certificates/README.md b/integration-tests/kafka-oauth/src/test/resources/certificates/README.md
deleted file mode 100644
index 5056a5b..0000000
--- a/integration-tests/kafka-oauth/src/test/resources/certificates/README.md
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-##
-# Inspired from https://github.com/quarkusio/quarkus/tree/main/integration-tests/kafka-oauth-keycloak/
-#
-# Generating the certificates and keystore
-
-## Creating a self-signed CA certificate and truststore
-
-```bash
-./gen-ca.sh
-```
-
-This creates `crt.ca` and adds the certificate to the keystore `ca-truststore.p12`.
-
-## Creating a server certificate and add it to keystore
-
-```bash
-./gen-keycloak-certs.sh
-```
-
-This creates server certificate for Keycloak, signs it and adds it to keystore `keycloak.server.keystore.p12`.
-
-## Cleanup
-
-```bash
-rm ca.srl
-rm ca.crt
-rm ca.key
-rm cert-file
-rm cert-signed
-```
\ No newline at end of file
diff --git a/integration-tests/kafka-oauth/src/test/resources/certificates/ca-truststore.p12 b/integration-tests/kafka-oauth/src/test/resources/certificates/ca-truststore.p12
deleted file mode 100644
index f3fdb05..0000000
Binary files a/integration-tests/kafka-oauth/src/test/resources/certificates/ca-truststore.p12 and /dev/null differ
diff --git a/integration-tests/kafka-oauth/src/test/resources/certificates/gen-ca.sh b/integration-tests/kafka-oauth/src/test/resources/certificates/gen-ca.sh
deleted file mode 100755
index c5c5af3..0000000
--- a/integration-tests/kafka-oauth/src/test/resources/certificates/gen-ca.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-set -e
-
-# create CA key
-openssl genrsa -out ca.key 4096
-
-# create CA certificate
-openssl req -x509 -new -nodes -sha256 -days 3650 -subj "/CN=quarkus.io" -key ca.key -out ca.crt
-
-
-PASSWORD=changeit
-
-# create p12 truststore
-keytool -keystore ca-truststore.p12 -storetype pkcs12 -alias ca -storepass $PASSWORD -keypass $PASSWORD -import -file ca.crt -noprompt
diff --git a/integration-tests/kafka-oauth/src/test/resources/certificates/gen-keycloak-certs.sh b/integration-tests/kafka-oauth/src/test/resources/certificates/gen-keycloak-certs.sh
deleted file mode 100755
index 2b921ea..0000000
--- a/integration-tests/kafka-oauth/src/test/resources/certificates/gen-keycloak-certs.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-set -e
-
-PASSWORD=changeit
-
-echo "#### Create server certificate for Keycloak"
-keytool -keystore keycloak.server.keystore.p12 -storetype pkcs12 -keyalg RSA -alias keycloak -validity 3650 -genkey -storepass $PASSWORD -keypass $PASSWORD -dname CN=keycloak -ext SAN=DNS:keycloak
-
-echo "#### Sign server certificate (export, sign, add signed to keystore)"
-keytool -keystore keycloak.server.keystore.p12 -storetype pkcs12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -certreq -file cert-file
-openssl x509 -req -CA ca.crt -CAkey ca.key -in cert-file -out cert-signed -days 3650 -CAcreateserial -passin pass:$PASSWORD
-keytool -keystore keycloak.server.keystore.p12 -alias CARoot -storepass $PASSWORD -keypass $PASSWORD -import -file ca.crt -noprompt
-keytool -keystore keycloak.server.keystore.p12 -alias keycloak -storepass $PASSWORD -keypass $PASSWORD -import -file cert-signed -noprompt
diff --git a/integration-tests/kafka-oauth/src/test/resources/certificates/keycloak.server.keystore.p12 b/integration-tests/kafka-oauth/src/test/resources/certificates/keycloak.server.keystore.p12
deleted file mode 100644
index 406c335..0000000
Binary files a/integration-tests/kafka-oauth/src/test/resources/certificates/keycloak.server.keystore.p12 and /dev/null differ
diff --git a/integration-tests/kafka-oauth/src/test/resources/keycloak/scripts/keycloak-ssl.cli b/integration-tests/kafka-oauth/src/test/resources/keycloak/scripts/keycloak-ssl.cli
deleted file mode 100644
index 405f1c8..0000000
--- a/integration-tests/kafka-oauth/src/test/resources/keycloak/scripts/keycloak-ssl.cli
+++ /dev/null
@@ -1,20 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements. See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License. You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-embed-server --server-config=standalone-ha.xml
-/core-service=management/security-realm=UndertowRealm:add()
-/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-path=certs/keycloak.server.keystore.p12, keystore-relative-to=jboss.server.config.dir, keystore-password=changeit)
-/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=security-realm, value=UndertowRealm)