[System Tests] adapted record encryption test cases to CR deployment (kroxylicious#2022)

* adapted record encryption test cases to CR deployment

Signed-off-by: Francisco Vila <fvila@redhat.com>

* removed commented code

Signed-off-by: Francisco Vila <fvila@redhat.com>

* fix format

Signed-off-by: Francisco Vila <fvila@redhat.com>

* removed unused pom dependency

Signed-off-by: Francisco Vila <fvila@redhat.com>

---------

Signed-off-by: Francisco Vila <fvila@redhat.com>

Author: franvila

kroxylicious-systemtests/pom.xml

@@ -175,6 +175,10 @@
             <groupId>io.kroxylicious</groupId>
             <artifactId>kroxylicious-kms-provider-fortanix-dsm-test-support</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.kroxylicious</groupId>
+            <artifactId>kroxylicious-record-encryption</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
@@ -183,10 +187,6 @@
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.dataformat</groupId>
-            <artifactId>jackson-dataformat-yaml</artifactId>
-        </dependency>
         <dependency>
             <groupId>info.schnatterer.moby-names-generator</groupId>
             <artifactId>moby-names-generator</artifactId>

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/Constants.java

@@ -24,6 +24,7 @@ private Constants() {
     public static final String KROXY_DEPLOYMENT_NAME = "kroxylicious-proxy";
     public static final String KROXYLICIOUS_PROXY_SIMPLE_NAME = "simple";
     public static final String KROXYLICIOUS_INGRESS_CLUSTER_IP = "cluster-ip";
+    public static final String KROXYLICIOUS_ENCRYPTION_FILTER_NAME = "encryption";
 
     /**
      * The service name for kroxylicious. Used for the bootstrap url

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/installation/kroxylicious/Kroxylicious.java

@@ -7,22 +7,20 @@
 package io.kroxylicious.systemtests.installation.kroxylicious;
 
 import java.time.Duration;
+import java.util.List;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import io.kroxylicious.kms.service.TestKmsFacade;
 import io.kroxylicious.systemtests.Constants;
-import io.kroxylicious.systemtests.Environment;
 import io.kroxylicious.systemtests.k8s.exception.KubeClusterException;
 import io.kroxylicious.systemtests.resources.kms.ExperimentalKmsConfig;
 import io.kroxylicious.systemtests.resources.manager.ResourceManager;
-import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousConfigMapTemplates;
-import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousDeploymentTemplates;
+import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousFilterTemplates;
 import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousKafkaClusterRefTemplates;
 import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousKafkaProxyIngressTemplates;
 import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousKafkaProxyTemplates;
-import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousServiceTemplates;
 import io.kroxylicious.systemtests.templates.kroxylicious.KroxyliciousVirtualKafkaClusterTemplates;
 
 import static io.kroxylicious.systemtests.k8s.KubeClusterResource.kubeClient;
@@ -34,7 +32,6 @@
 public class Kroxylicious {
     private static final Logger LOGGER = LoggerFactory.getLogger(Kroxylicious.class);
     private final String deploymentNamespace;
-    private final String containerImage;
     private final ResourceManager resourceManager = ResourceManager.getInstance();
 
     /**
@@ -44,22 +41,29 @@ public class Kroxylicious {
      */
     public Kroxylicious(String deploymentNamespace) {
         this.deploymentNamespace = deploymentNamespace;
-        String kroxyUrl = Environment.KROXY_IMAGE_REPO + (Environment.KROXY_IMAGE_REPO.endsWith(":") ? "" : ":");
-        this.containerImage = kroxyUrl + Environment.KROXY_VERSION;
     }
 
-    private void createRecordEncryptionFilterConfigMap(String clusterName, TestKmsFacade<?, ?, ?> testKmsFacade, ExperimentalKmsConfig experimentalKmsConfig) {
+    private void createRecordEncryptionFilterConfigMap(TestKmsFacade<?, ?, ?> testKmsFacade, ExperimentalKmsConfig experimentalKmsConfig) {
         LOGGER.info("Deploy Kroxylicious config Map with record encryption filter in {} namespace", deploymentNamespace);
-        resourceManager
-                .createResourceWithWait(
-                        KroxyliciousConfigMapTemplates.kroxyliciousRecordEncryptionConfig(clusterName, deploymentNamespace, testKmsFacade, experimentalKmsConfig)
-                                .build());
+        resourceManager.createResourceFromBuilder(
+                KroxyliciousFilterTemplates.kroxyliciousRecordEncryptionFilter(deploymentNamespace, testKmsFacade, experimentalKmsConfig));
     }
 
-    private void deployPortPerBrokerPlain(int replicas) {
-        LOGGER.info("Deploy Kroxylicious in {} namespace", deploymentNamespace);
-        resourceManager.createResourceWithWait(KroxyliciousDeploymentTemplates.defaultKroxyDeployment(deploymentNamespace, containerImage, replicas).build());
-        resourceManager.createResourceWithoutWait(KroxyliciousServiceTemplates.defaultKroxyService(deploymentNamespace).build());
+    /**
+     * Deploy port identifies node with filters.
+     *
+     * @param clusterName the cluster name
+     * @param filterNames the filter names
+     */
+    public void deployPortIdentifiesNodeWithFilters(String clusterName, List<String> filterNames) {
+        resourceManager.createResourceFromBuilder(
+                KroxyliciousKafkaProxyTemplates.defaultKafkaProxyDeployment(deploymentNamespace, Constants.KROXYLICIOUS_PROXY_SIMPLE_NAME),
+                KroxyliciousKafkaProxyIngressTemplates.defaultKafkaProxyIngressDeployment(deploymentNamespace, Constants.KROXYLICIOUS_INGRESS_CLUSTER_IP,
+                        Constants.KROXYLICIOUS_PROXY_SIMPLE_NAME),
+                KroxyliciousKafkaClusterRefTemplates.defaultKafkaClusterRefDeployment(deploymentNamespace, clusterName),
+                KroxyliciousVirtualKafkaClusterTemplates.virtualKafkaClusterWithFilterDeployment(deploymentNamespace, clusterName,
+                        Constants.KROXYLICIOUS_PROXY_SIMPLE_NAME,
+                        clusterName, Constants.KROXYLICIOUS_INGRESS_CLUSTER_IP, filterNames));
     }
 
     /**
@@ -79,24 +83,23 @@ public void deployPortIdentifiesNodeWithNoFilters(String clusterName) {
      * Deploy port per broker plain with record encryption filter.
      *
      * @param clusterName the cluster name
-     * @param replicas the replicas
      * @param testKmsFacade the test kms facade
      */
-    public void deployPortPerBrokerPlainWithRecordEncryptionFilter(String clusterName, int replicas, TestKmsFacade<?, ?, ?> testKmsFacade) {
-        deployPortPerBrokerPlainWithRecordEncryptionFilter(clusterName, replicas, testKmsFacade, null);
+    public void deployPortPerBrokerPlainWithRecordEncryptionFilter(String clusterName, TestKmsFacade<?, ?, ?> testKmsFacade) {
+        deployPortPerBrokerPlainWithRecordEncryptionFilter(clusterName, testKmsFacade, null);
     }
 
     /**
      * Deploy port per broker plain with record encryption filter.
      *
      * @param clusterName the cluster name
-     * @param replicas the replicas
      * @param testKmsFacade the test kms facade
+     * @param experimentalKmsConfig the experimental kms config
      */
-    public void deployPortPerBrokerPlainWithRecordEncryptionFilter(String clusterName, int replicas, TestKmsFacade<?, ?, ?> testKmsFacade,
+    public void deployPortPerBrokerPlainWithRecordEncryptionFilter(String clusterName, TestKmsFacade<?, ?, ?> testKmsFacade,
                                                                    ExperimentalKmsConfig experimentalKmsConfig) {
-        createRecordEncryptionFilterConfigMap(clusterName, testKmsFacade, experimentalKmsConfig);
-        deployPortPerBrokerPlain(replicas);
+        createRecordEncryptionFilterConfigMap(testKmsFacade, experimentalKmsConfig);
+        deployPortIdentifiesNodeWithFilters(clusterName, List.of(Constants.KROXYLICIOUS_ENCRYPTION_FILTER_NAME));
     }
 
     /**

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/resources/manager/ResourceManager.java

@@ -29,6 +29,7 @@
 import io.kroxylicious.kubernetes.api.v1alpha1.KafkaProxyIngress;
 import io.kroxylicious.kubernetes.api.v1alpha1.KafkaService;
 import io.kroxylicious.kubernetes.api.v1alpha1.VirtualKafkaCluster;
+import io.kroxylicious.kubernetes.filter.api.v1alpha1.KafkaProtocolFilter;
 import io.kroxylicious.systemtests.Constants;
 import io.kroxylicious.systemtests.enums.ConditionStatus;
 import io.kroxylicious.systemtests.k8s.HelmClient;
@@ -117,7 +118,8 @@ public static HelmClient helmClient() {
             new KroxyliciousResource<>(KafkaProxy.class),
             new KroxyliciousResource<>(KafkaService.class),
             new KroxyliciousResource<>(KafkaProxyIngress.class),
-            new KroxyliciousResource<>(VirtualKafkaCluster.class)
+            new KroxyliciousResource<>(VirtualKafkaCluster.class),
+            new KroxyliciousResource<>(KafkaProtocolFilter.class)
     };
 
     /**
@@ -153,17 +155,6 @@ public final void createResourceFromBuilder(Builder<? extends HasMetadata>... re
         createResource(true, Arrays.stream(resources).map(Builder::build).toList().toArray(new HasMetadata[0]));
     }
 
-    /**
-     * Create resource without wait.
-     *
-     * @param <T>    the type parameter
-     * @param resources the resources
-     */
-    @SafeVarargs
-    public final <T extends HasMetadata> void createResourceWithoutWait(T... resources) {
-        createResource(false, resources);
-    }
-
     /**
      * Create resource with wait.
      *

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/resources/operator/KroxyliciousOperatorBundleInstaller.java

@@ -23,6 +23,7 @@
 import org.junit.jupiter.api.extension.ExtensionContext;
 import org.junit.platform.commons.PreconditionViolationException;
 
+import io.fabric8.kubernetes.api.model.LocalObjectReferenceBuilder;
 import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
 import io.fabric8.kubernetes.api.model.apps.Deployment;
 import io.fabric8.kubernetes.api.model.apps.DeploymentBuilder;
@@ -139,6 +140,9 @@ private void applyDeploymentFile() {
                 .withImage(ImageUtils.changeRegistryOrgAndTag(deploymentImage, Environment.KROXY_REGISTRY, Environment.KROXY_ORG, Environment.KROXY_TAG))
                 .withImagePullPolicy(Constants.PULL_IMAGE_IF_NOT_PRESENT)
                 .endContainer()
+                .withImagePullSecrets(new LocalObjectReferenceBuilder()
+                        .withName("regcred")
+                        .build())
                 .endSpec()
                 .endTemplate()
                 .endSpec()

kroxylicious-systemtests/src/main/java/io/kroxylicious/systemtests/templates/kroxylicious/KroxyliciousConfigMapTemplates.java

@@ -6,110 +6,14 @@
 
 package io.kroxylicious.systemtests.templates.kroxylicious;
 
-import java.io.UncheckedIOException;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
-import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator;
-
-import io.fabric8.kubernetes.api.model.ConfigMapBuilder;
-
-import io.kroxylicious.kms.service.TestKmsFacade;
-import io.kroxylicious.systemtests.Constants;
-import io.kroxylicious.systemtests.resources.kms.ExperimentalKmsConfig;
-
 /**
  * The type Kroxylicious config templates.
  */
 public final class KroxyliciousConfigMapTemplates {
-    private static final YAMLFactory FACTORY = YAMLFactory.builder()
-            .disable(YAMLGenerator.Feature.WRITE_DOC_START_MARKER)
-            .build();
-    private static final ObjectMapper YAML_OBJECT_MAPPER = new ObjectMapper(FACTORY);
 
     private KroxyliciousConfigMapTemplates() {
     }
 
-    private static ConfigMapBuilder baseKroxyliciousConfig(String namespaceName) {
-        return new ConfigMapBuilder()
-                .withApiVersion("v1")
-                .withKind(Constants.CONFIG_MAP)
-                .editMetadata()
-                .withName(Constants.KROXY_CONFIG_NAME)
-                .withNamespace(namespaceName)
-                .endMetadata();
-    }
-
-    /**
-     * Kroxylicious record encryption config.
-     *
-     * @param clusterName the cluster name
-     * @param namespaceName the namespace name
-     * @param testKmsFacade the test kms facade
-     * @return the config map builder
-     */
-    public static ConfigMapBuilder kroxyliciousRecordEncryptionConfig(String clusterName, String namespaceName, TestKmsFacade<?, ?, ?> testKmsFacade,
-                                                                      ExperimentalKmsConfig experimentalKmsConfig) {
-        return baseKroxyliciousConfig(namespaceName)
-                .addToData("config.yaml", getRecordEncryptionConfigMap(clusterName, testKmsFacade, experimentalKmsConfig));
-    }
-
-    private static String buildEncryptionFilter(TestKmsFacade<?, ?, ?> testKmsFacade, ExperimentalKmsConfig experimentalKmsConfig) {
-        return """
-                - name: encrypt
-                  type: RecordEncryption
-                  config:
-                    kms: %s
-                    kmsConfig:
-                      %s
-                    selector: TemplateKekSelector
-                    selectorConfig:
-                      template: "KEK_$(topicName)"
-                    experimental:
-                      %s
-                """.formatted(testKmsFacade.getKmsServiceClass().getSimpleName(), getNestedYaml(testKmsFacade.getKmsServiceConfig(), 6),
-                getNestedYaml(experimentalKmsConfig, 6));
-    }
-
-    private static String getNestedYaml(Object config, int indent) {
-        String configYaml;
-
-        try {
-            configYaml = YAML_OBJECT_MAPPER.writeValueAsString(config).indent(indent).trim();
-        }
-        catch (JsonProcessingException e) {
-            throw new UncheckedIOException(e);
-        }
-
-        return configYaml;
-    }
-
-    private static String getRecordEncryptionConfigMap(String clusterName, TestKmsFacade<?, ?, ?> testKmsFacade, ExperimentalKmsConfig experimentalKmsConfig) {
-        String configYaml = buildEncryptionFilter(testKmsFacade, experimentalKmsConfig);
-
-        return """
-                management:
-                  endpoints:
-                    prometheus: {}
-                virtualClusters:
-                  - name: my-cluster-proxy
-                    gateways:
-                    - name: default
-                      portIdentifiesNode:
-                        bootstrapAddress: localhost:9292
-                        advertisedBrokerAddressPattern: %s
-                    targetCluster:
-                      bootstrapServers: %s-kafka-bootstrap.%s.svc.cluster.local:9092
-                    logFrames: false
-                filterDefinitions:
-                %s
-                defaultFilters:
-                  - encrypt
-                """
-                .formatted(Constants.KROXY_SERVICE_NAME, clusterName, Constants.KAFKA_DEFAULT_NAMESPACE, configYaml);
-    }
-
     /**
      * Gets default external kroxylicious config map.
      *