Merge remote-tracking branch 'origin/improvement/BB-694/update_auth_config_schema' into w/9.1/improvement/BB-694/update_auth_config_schema

Author: tmacro

.github/dockerfiles/cloudserver/Dockerfile

@@ -1,13 +1,9 @@
-ARG CLOUDSERVER_IMAGE=ghcr.io/scality/cloudserver:7.70.47
+ARG CLOUDSERVER_IMAGE=ghcr.io/scality/cloudserver:9.0.19
 
 FROM ${CLOUDSERVER_IMAGE}
 
 ADD ./config.json /conf/config.json
 
-# Update sources.list to use archive repositories for Buster
-RUN sed -i 's/deb.debian.org/archive.debian.org/g' /etc/apt/sources.list \
-    && sed -i 's/security.debian.org/archive.debian.org/g' /etc/apt/sources.list \
-    && sed -i '/buster-updates/d' /etc/apt/sources.list \
-    && apt update \
+RUN apt update \
     && apt install -y curl \
     && apt clean

.github/dockerfiles/ft/docker-compose.yaml

@@ -27,6 +27,8 @@ services:
     profiles: ['s3c']
     build:
       context: ../cloudserver
+      args:
+        CLOUDSERVER_IMAGE: "${CLOUDSERVER_IMAGE}"
     depends_on:
       - metadata
     ports:

.github/workflows/tests.yaml

@@ -223,7 +223,7 @@ jobs:
       fail-fast: false
       matrix:
         profile: [ 's3c' ]
-        cloudserver_tag: [ '7.70.47' ]
+        cloudserver_tag: [ '9.0.19' ]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -251,7 +251,7 @@ jobs:
         working-directory: .github/dockerfiles/ft
       - name: Create Zookeeper paths for tests with metadata
         run: |-
-          # Setup zookeeper paths for backbeat like we do in federation 
+          # Setup zookeeper paths for backbeat like we do in federation
           docker exec ft-kafka-1 /opt/kafka_2.11-0.10.1.0/bin/zookeeper-shell.sh localhost:2181 create /backbeat ""
           docker exec ft-kafka-1 /opt/kafka_2.11-0.10.1.0/bin/zookeeper-shell.sh localhost:2181 create /backbeat/replication-populator ""
           docker exec ft-kafka-1 /opt/kafka_2.11-0.10.1.0/bin/zookeeper-shell.sh localhost:2181 create /backbeat/replication-populator/raft-id-dispatcher ""

extensions/notification/NotificationConfigValidator.js

@@ -1,29 +1,46 @@
 const joi = require('joi');
 const { probeServerJoi } = require('../../lib/config/configItems.joi');
-
 const { MAX_QUEUED_DEFAULT }  = require('../../lib/constants').backbeatConsumer;
 
-const authSchema = joi.object({
-    type: joi.string(),
-    ssl: joi.boolean(),
-    protocol: joi.string(),
+const sslSchema = joi.object({
+    ssl: joi.boolean().default(false),
     ca: joi.string(),
     client: joi.string(),
     key: joi.string(),
     keyPassword: joi.string(),
-    keytab: joi.string(),
-    principal: joi.string(),
-    serviceName: joi.string(),
 });
 
+const saslAuthSchema = sslSchema.append({
+    protocol: joi.string().valid('SASL_PLAINTEXT', 'SASL_SSL').required(),
+});
+
+const kerberosAuthSchema = saslAuthSchema.append({
+    type: joi.string().valid('kerberos').required(),
+    keytab: joi.string().required(),
+    principal: joi.string().required(),
+    serviceName: joi.string().required(),
+});
+
+const basicAuthSchema = saslAuthSchema.append({
+    type: joi.string().valid('basic').required(),
+    credentialsFile: joi.string().required(),
+});
+
+const credentialsFileSchema = joi.object({
+    username: joi.string().required(),
+    password: joi.string().required(),
+});
+
+const authSchema = joi.alternatives().try(sslSchema, kerberosAuthSchema, basicAuthSchema).default({});
+
 const destinationSchema = joi.object({
     resource: joi.string().required(),
     type: joi.string().required(),
     host: joi.string().required(),
     port: joi.number().optional(),
     internalTopic: joi.string(),
     topic: joi.string().required(),
-    auth: authSchema.default({}),
+    auth: authSchema,
     requiredAcks: joi.number().when('type', {
         is: joi.string().not('kafka'),
         then: joi.forbidden(),
@@ -41,11 +58,11 @@ const joiSchema = joi.object({
     monitorNotificationFailures: joi.boolean().default(true),
     notificationFailedTopic: joi.string().optional(),
     zookeeperPath: joi.string().optional(),
-    queueProcessor: {
+    queueProcessor: joi.object({
         groupId: joi.string().required(),
         concurrency: joi.number().greater(0).default(1000),
         maxQueued: joi.number().greater(0).default(MAX_QUEUED_DEFAULT),
-    },
+    }),
     destinations: joi.array().items(destinationSchema).default([]),
     // TODO: BB-625 reset to being required after supporting probeserver in S3C
     // for bucket notification proceses
@@ -62,4 +79,8 @@ function configValidator(backbeatConfig, extConfig) {
     return validatedConfig;
 }
 
-module.exports = configValidator;
+module.exports = {
+    NotificationConfigValidator: configValidator,
+    authSchema,
+    credentialsFileSchema,
+};

extensions/notification/destination/KafkaProducer.js

@@ -1,16 +1,15 @@
 const joi = require('joi');
+const { authSchema } = require('../NotificationConfigValidator');
 
 const BackbeatProducer = require('../../../lib/BackbeatProducer');
 const authUtil = require('../utils/auth');
 
 class KafkaProducer extends BackbeatProducer {
 
     getConfigJoi() {
-        return super.getConfigJoi().append(
-            { auth: joi.object().optional() }
-        ).keys(
-            { topic: joi.string() }
-        );
+        return super.getConfigJoi()
+            .append({ auth: authSchema })
+            .keys({ topic: joi.string() });
     }
 
     getClientId() {

extensions/notification/index.js

@@ -1,4 +1,4 @@
-const NotificationConfigValidator = require('./NotificationConfigValidator');
+const { NotificationConfigValidator } = require('./NotificationConfigValidator');
 const NotificationOplogPopulatorUtils = require('./NotificationOplogPopulatorUtils');
 
 module.exports = {

tests/unit/notification/KafkaNotificationDestination.js

@@ -12,6 +12,7 @@ describe('KafkaNotificationDestination ::', () => {
     afterEach(() => {
         sinon.restore();
     });
+
     it('should properly configure producer', done => {
         const destConfig = {
             host: 'localhost',