System Tests authorizationST admin client fix (kroxylicious#3051)

* AuthorizationST fix issue with admin client configuration propagation

Signed-off-by: hzrncik <[email protected]>

* remove unused getConfigMapForSaslConfig

Signed-off-by: hzrncik <[email protected]>

* added temporary file path for config store needed to execute admin client calls

Signed-off-by: hzrncik <[email protected]>

---------

Signed-off-by: hzrncik <[email protected]>

Author: henryZrncik

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/Constants.java

@@ -178,7 +178,6 @@ private Constants() {
     public static final String KEYSTORE_TEMP_DIR = CREDENTIALS_TEMP_DIR + KEYSTORE_SECRET_NAME + "/";
     public static final String TRUSTSTORE_TEMP_DIR = CREDENTIALS_TEMP_DIR + TRUSTSTORE_SECRET_NAME + "/";
     public static final String CONFIG_PROP_FILE_NAME = "config.properties";
-    public static final String CONFIG_PROP_TEMP_DIR = "/home/strimzi/.admin_client/";
     public static final String KAF_CONFIG_TEMP_DIR = "/tmp/.kaf/";
     public static final String KAF_CONFIG_FILE_NAME = "config";
 }

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/steps/KafkaSteps.java

@@ -11,8 +11,10 @@
 import java.util.List;
 import java.util.Map;
 
+import org.apache.kafka.clients.CommonClientConfigs;
 import org.apache.kafka.clients.admin.ScramMechanism;
 import org.apache.kafka.common.config.ConfigException;
+import org.apache.kafka.common.config.SaslConfigs;
 import org.apache.kafka.common.config.TopicConfig;
 import org.apache.kafka.common.record.CompressionType;
 import org.apache.kafka.common.security.auth.SecurityProtocol;
@@ -22,8 +24,6 @@
 import io.fabric8.kubernetes.api.model.batch.v1.Job;
 
 import io.kroxylicious.systemtests.Constants;
-import io.kroxylicious.systemtests.resources.manager.ResourceManager;
-import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousConfigMapTemplates;
 import io.kroxylicious.systemtests.templates.testclients.TestClientsJobTemplates;
 import io.kroxylicious.systemtests.utils.DeploymentUtils;
 import io.kroxylicious.systemtests.utils.KafkaUtils;
@@ -117,11 +117,13 @@ public static void createTopicWithAuthentication(String deployNamespace, String
                 List.of(TOPIC_COMMAND, "create", BOOTSTRAP_ARG + bootstrap, TOPIC_ARG + topicName, TOPIC_PARTITIONS_ARG + partitions,
                         TOPIC_REP_FACTOR_ARG + replicas));
 
-        ResourceManager.getInstance().createResourceFromBuilderWithWait(
-                KroxyliciousConfigMapTemplates.getConfigMapForSaslConfig(deployNamespace, Constants.KAFKA_ADMIN_CLIENT_CONFIG_NAME, SecurityProtocol.SASL_PLAINTEXT.name,
-                        ScramMechanism.SCRAM_SHA_512.mechanismName(), Constants.KROXYLICIOUS_ADMIN_USER, usernamePasswords.get(Constants.KROXYLICIOUS_ADMIN_USER)));
+        // Build SASL configuration string for admin client to be passed as additional config env variable
+        String additionalConfig = CommonClientConfigs.SECURITY_PROTOCOL_CONFIG + "=" + SecurityProtocol.SASL_PLAINTEXT.name + "\n" +
+                SaslConfigs.SASL_MECHANISM + "=" + ScramMechanism.SCRAM_SHA_512.mechanismName() + "\n" +
+                SaslConfigs.SASL_JAAS_CONFIG + "=org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" +
+                Constants.KROXYLICIOUS_ADMIN_USER + "\" password=\"" + usernamePasswords.get(Constants.KROXYLICIOUS_ADMIN_USER) + "\";";
 
-        Job adminClientJob = TestClientsJobTemplates.authenticationAdminClientJob(name, args).build();
+        Job adminClientJob = TestClientsJobTemplates.authenticationAdminClientJob(name, args, additionalConfig).build();
         kubeClient().getClient().batch().v1().jobs().inNamespace(deployNamespace).resource(adminClientJob).create();
         String podName = KafkaUtils.getPodNameByLabel(deployNamespace, "app", name, Duration.ofSeconds(30));
         DeploymentUtils.waitForPodRunSucceeded(deployNamespace, podName, Duration.ofMinutes(5));

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/templates/kroxylicious/KroxyliciousConfigMapTemplates.java

@@ -6,13 +6,9 @@
 
 package io.kroxylicious.systemtests.templates.kroxylicious;
 
-import java.io.IOException;
-import java.io.StringWriter;
-import java.io.UncheckedIOException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Properties;
 
 import org.apache.kafka.clients.CommonClientConfigs;
 import org.apache.kafka.common.config.SaslConfigs;
@@ -115,42 +111,6 @@ private static String generateAclRules(List<String> aclRules) {
         return aclRule.toString();
     }
 
-    /**
-     * Gets config map for sasl config.
-     *
-     * @param namespace the namespace
-     * @param name the name
-     * @param securityProtocol the security protocol
-     * @param saslMechanism the sasl mechanism
-     * @return  the config map for additional config
-     */
-    public static ConfigMapBuilder getConfigMapForSaslConfig(String namespace, String name, String securityProtocol, String saslMechanism, String username,
-                                                             String usernamePassword) {
-        Properties adminConfig = new Properties();
-        adminConfig.put("ADDITIONAL_CONFIG", CommonClientConfigs.SECURITY_PROTOCOL_CONFIG + "=" + securityProtocol
-                + "\n" + SaslConfigs.SASL_MECHANISM + "=" + saslMechanism
-                + "\n" + SaslConfigs.SASL_JAAS_CONFIG + "=org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + username +
-                "\" password=\"" + usernamePassword + "\";");
-
-        String properties;
-        try (StringWriter writer = new StringWriter()) {
-            adminConfig.store(writer, "admin config");
-            properties = writer.toString();
-        }
-        catch (IOException e) {
-            throw new UncheckedIOException(e);
-        }
-
-        // @formatter:off
-        return new ConfigMapBuilder()
-                .withNewMetadata()
-                    .withName(name)
-                    .withNamespace(namespace)
-                .endMetadata()
-                .withData(Map.of(Constants.CONFIG_PROP_FILE_NAME, properties));
-        // @formatter:on
-    }
-
     /**
      * Gets config map for kaf config.
      *

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/templates/testclients/TestClientsJobTemplates.java

@@ -109,39 +109,29 @@ public static JobBuilder defaultAdminClientJob(String jobName, List<String> args
      * Authentication admin client job builder.
      *
      * @param jobName the job name
-     * @param args the args
+     * @param args the admin client arguments
+     * @param additionalConfig the additional config (SASL/SSL properties)
      * @return  the job builder
      */
-    public static JobBuilder authenticationAdminClientJob(String jobName, List<String> args) {
-        List<VolumeMount> volumeMounts = new ArrayList<>();
-        List<Volume> volumes = new ArrayList<>();
-        Volume configVolume = new VolumeBuilder()
-                .withName(Constants.KAFKA_ADMIN_CLIENT_CONFIG_NAME)
-                .withConfigMap(new ConfigMapVolumeSourceBuilder()
-                        .withName(Constants.KAFKA_ADMIN_CLIENT_CONFIG_NAME)
-                        .addNewItem()
-                        .withKey(Constants.CONFIG_PROP_FILE_NAME)
-                        .withPath(Constants.CONFIG_PROP_FILE_NAME)
-                        .endItem()
-                        .build())
-                .build();
-
-        VolumeMount configMount = new VolumeMountBuilder()
-                .withName(Constants.KAFKA_ADMIN_CLIENT_CONFIG_NAME)
-                .withMountPath(Constants.CONFIG_PROP_TEMP_DIR)
-                .build();
-        volumeMounts.add(configMount);
-        volumes.add(configVolume);
+    public static JobBuilder authenticationAdminClientJob(String jobName, List<String> args, String additionalConfig) {
+        // Firstly configure admin client with additional configuration, then run the actual admin-client command from arguments
+        String command = "admin-client configure common --from-env && admin-client " + String.join(" ", args);
 
         return baseClientJob(jobName)
                 .editSpec()
                 .editTemplate()
                 .editSpec()
-                .withVolumes(volumes)
                 .withContainers(ContainerTemplates.baseImageBuilder("admin", Environment.TEST_CLIENTS_IMAGE)
-                        .withCommand("admin-client")
-                        .withArgs(args)
-                        .withVolumeMounts(volumeMounts)
+                        .withCommand("sh")
+                        .withArgs("-c", command)
+                        .addNewEnv()
+                        .withName("CONFIG_FOLDER_PATH")
+                        .withValue("/tmp")
+                        .endEnv()
+                        .addNewEnv()
+                        .withName(ADDITIONAL_CONFIG_VAR)
+                        .withValue(additionalConfig)
+                        .endEnv()
                         .build())
                 .endSpec()
                 .endTemplate()