Skip to content

Commit 70630ac

Browse files
authored
Merge pull request kroxylicious#2236 from k-wall/issue-2235
Fix kroxylicious#2235: Avoid potential for NPE if virtual cluster defines TLS without trust anchor
2 parents 0d7c970 + 4d742fa commit 70630ac

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

kroxylicious-operator/src/main/java/io/kroxylicious/kubernetes/operator/VirtualKafkaClusterReconciler.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -466,6 +466,7 @@ static PrimaryToSecondaryMapper<VirtualKafkaCluster> virtualKafkaClusterToConfig
466466
cluster.getSpec().getIngresses().stream()
467467
.flatMap(ingress -> Optional.ofNullable(ingress.getTls()).stream())
468468
.map(Tls::getTrustAnchorRef)
469+
.filter(Objects::nonNull)
469470
.map(TrustAnchorRef::getRef)
470471
.toList());
471472
}
@@ -478,6 +479,7 @@ static SecondaryToPrimaryMapper<ConfigMap> configMapToVirtualKafkaCluster(EventS
478479
cluster -> cluster.getSpec().getIngresses().stream()
479480
.flatMap(ingress -> Optional.ofNullable(ingress.getTls()).stream())
480481
.map(Tls::getTrustAnchorRef)
482+
.filter(Objects::nonNull)
481483
.map(TrustAnchorRef::getRef)
482484
.toList());
483485
}

kroxylicious-operator/src/test/java/io/kroxylicious/kubernetes/operator/VirtualKafkaClusterReconcilerTest.java

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -764,7 +764,7 @@ void canMapFromVirtualKafkaClusterWithTrustAnchorToConfigMap() {
764764
}
765765

766766
@Test
767-
void canMapFromVirtualKafkaClusterWithoutTrustAnchorToConfigMap() {
767+
void canMapFromVirtualKafkaClusterWithTlsToConfigMap() {
768768
// Given
769769
var mapper = VirtualKafkaClusterReconciler.virtualKafkaClusterToConfigMap();
770770

@@ -775,6 +775,18 @@ void canMapFromVirtualKafkaClusterWithoutTrustAnchorToConfigMap() {
775775
assertThat(secondaryResourceIDs).isEmpty();
776776
}
777777

778+
@Test
779+
void canMapFromVirtualKafkaClusterWithoutTrustAnchorToConfigMap() {
780+
// Given
781+
var mapper = VirtualKafkaClusterReconciler.virtualKafkaClusterToConfigMap();
782+
783+
// When
784+
var secondaryResourceIDs = mapper.toSecondaryResourceIDs(CLUSTER_TLS_NO_FILTERS);
785+
786+
// Then
787+
assertThat(secondaryResourceIDs).isEmpty();
788+
}
789+
778790
@Test
779791
void canMapFromConfigMapToVirtualKafkaClusterWithTls() {
780792
// Given
@@ -801,6 +813,19 @@ void canMapFromConfigMapToVirtualKafkaClusterToleratesVirtualKafkaClusterWithout
801813
assertThat(primaryResourceIDs).isEmpty();
802814
}
803815

816+
@Test
817+
void canMapFromConfigMapToVirtualKafkaClusterToleratesVirtualKafkaClusterWithoutTrustAnchor() {
818+
// Given
819+
EventSourceContext<VirtualKafkaCluster> eventSourceContext = mockContextContaining(CLUSTER_TLS_NO_FILTERS);
820+
821+
// When
822+
var mapper = VirtualKafkaClusterReconciler.configMapToVirtualKafkaCluster(eventSourceContext);
823+
824+
// Then
825+
var primaryResourceIDs = mapper.toPrimaryResourceIDs(PEM_CONFIG_MAP);
826+
assertThat(primaryResourceIDs).isEmpty();
827+
}
828+
804829
@Test
805830
void ingressSecondaryToPrimaryMapper() {
806831
// given

0 commit comments

Comments
 (0)