[ST] Add CC API Users test (strimzi#10473)

Signed-off-by: Lukas Kral <lukywill16@gmail.com>
PaulRMellor · Aug 21, 2024 · 5ea2119 · 5ea2119
1 parent ce4d179
commit 5ea2119
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 17 deletions.
diff --git a/systemtest/src/main/java/io/strimzi/systemtest/templates/kubernetes/SecretTemplates.java b/systemtest/src/main/java/io/strimzi/systemtest/templates/kubernetes/SecretTemplates.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright Strimzi authors.
+ * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.strimzi.systemtest.templates.kubernetes;
+
+import io.fabric8.kubernetes.api.model.SecretBuilder;
+
+import java.util.Collections;
+
+public class SecretTemplates {
+
+    private SecretTemplates() {}
+
+    public static SecretBuilder secret(String namespaceName, String secretName, String dataKey, String dataValue) {
+        return new SecretBuilder()
+            .withNewMetadata()
+                .withName(secretName)
+                .withNamespace(namespaceName)
+            .endMetadata()
+            .withType("Opaque")
+            .withStringData(Collections.singletonMap(dataKey, dataValue));
+    }
+}
diff --git a/systemtest/src/main/java/io/strimzi/systemtest/utils/specific/CruiseControlUtils.java b/systemtest/src/main/java/io/strimzi/systemtest/utils/specific/CruiseControlUtils.java
@@ -77,13 +77,37 @@ public int getResponseCode() {
         }
     }
 
+    public static ApiResult callApiWithAdminCredentials(String namespaceName, HttpMethod method, Scheme scheme, int port, String endpoint, String endpointParameters) {
+        return callApi(
+            namespaceName,
+            method,
+            scheme,
+            port,
+            endpoint,
+            endpointParameters,
+            "admin:$(cat /opt/cruise-control/api-auth-config/cruise-control.apiAdminPassword)"
+        );
+    }
+
+    public static ApiResult callApi(String namespaceName, HttpMethod method, Scheme scheme, int port, String endpoint, String endpointParameters) {
+        return callApi(
+            namespaceName,
+            method,
+            scheme,
+            port,
+            endpoint,
+            endpointParameters,
+            ""
+        );
+    }
+
     @SuppressFBWarnings("DM_CONVERT_CASE")
-    public static ApiResult callApi(String namespaceName, HttpMethod method, Scheme scheme, int port, String endpoint, String endpointParameters, boolean withCredentials) {
+    public static ApiResult callApi(String namespaceName, HttpMethod method, Scheme scheme, int port, String endpoint, String endpointParameters, String userCreds) {
         String ccPodName = PodUtils.getFirstPodNameContaining(namespaceName, CONTAINER_NAME);
         String args = " -k -w \"%{http_code}\" ";
 
-        if (withCredentials) {
-            args += " --user admin:$(cat /opt/cruise-control/api-auth-config/cruise-control.apiAdminPassword) ";
+        if (!userCreds.isEmpty()) {
+            args += String.format(" --user %s ", userCreds);
         }
 
         String curl = "curl -X " + method.name() + " " + args + " " + scheme + "://localhost:" + port + endpoint + endpointParameters;
@@ -150,15 +174,4 @@ public static Properties getKafkaCruiseControlMetricsReporterConfiguration(Strin
 
         return cruiseControlProperties;
     }
-
-    /**
-     * Returns user defined network capacity value without KiB/s suffix.
-     *
-     * @param userCapacity User defined network capacity with KiB/s suffix.
-     *
-     * @return User defined network capacity without KiB/s as a Double.
-     */
-    public static Double removeNetworkCapacityKibSuffix(String userCapacity) {
-        return Double.valueOf(userCapacity.substring(0, userCapacity.length() - 5));
-    }
 }
diff --git a/systemtest/src/test/java/io/strimzi/systemtest/cruisecontrol/CruiseControlApiST.java b/systemtest/src/test/java/io/strimzi/systemtest/cruisecontrol/CruiseControlApiST.java
@@ -12,6 +12,7 @@
 import io.strimzi.systemtest.storage.TestStorage;
 import io.strimzi.systemtest.templates.crd.KafkaNodePoolTemplates;
 import io.strimzi.systemtest.templates.crd.KafkaTemplates;
+import io.strimzi.systemtest.templates.kubernetes.SecretTemplates;
 import io.strimzi.systemtest.utils.specific.CruiseControlUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -61,7 +62,7 @@ void testCruiseControlBasicAPIRequestsWithSecurityDisabled() {
 
         LOGGER.info("----> CRUISE CONTROL DEPLOYMENT STATE ENDPOINT <----");
         CruiseControlUtils.ApiResult response = CruiseControlUtils.callApi(testStorage.getNamespaceName(), CruiseControlUtils.HttpMethod.GET,
-                CruiseControlUtils.Scheme.HTTP, CRUISE_CONTROL_DEFAULT_PORT, CruiseControlEndpoints.STATE.toString(), "", false);
+                CruiseControlUtils.Scheme.HTTP, CRUISE_CONTROL_DEFAULT_PORT, CruiseControlEndpoints.STATE.toString(), "");
         String responseText = response.getResponseText();
         int responseCode = response.getResponseCode();
 
@@ -71,6 +72,68 @@ void testCruiseControlBasicAPIRequestsWithSecurityDisabled() {
         assertThat(responseText, containsString("NO_TASK_IN_PROGRESS"));
     }
 
+    /**
+     * @description This test case verifies the creation and usage of CruiseControl's API users.
+     *
+     * @steps
+     *  1. - Create NodePools for the Kafka cluster
+     *     - NodePools are created
+     *  2. - Create Secret containing the `arnost: heslo, USER` in the `.key` field
+     *     - Secret is correctly created
+     *  3. - Deploy Kafka with CruiseControl containing configuration for the CC API users, with reference to the Secret (and its `.key` value) created in
+     *       previous step
+     *     - Kafka cluster with CruiseControl are deployed, the CC API users configuration is applied
+     *  4. - Do request to CruiseControl's API, specifically to `/state` endpoint with `arnost:heslo` user
+     *     - Request is successful and response contains information about state of the CruiseControl
+     *
+     * @usecase
+     *  - cruise-control-api
+     */
+    @ParallelNamespaceTest
+    void testCruiseControlAPIUsers() {
+        final TestStorage testStorage = new TestStorage(ResourceManager.getTestContext());
+        final String ccApiUserSecretName = "cc-api-users";
+        final String ccApiUser = "arnost: heslo, USER\n";
+
+        resourceManager.createResourceWithWait(
+            NodePoolsConverter.convertNodePoolsIfNeeded(
+                KafkaNodePoolTemplates.brokerPool(testStorage.getNamespaceName(), testStorage.getBrokerPoolName(), testStorage.getClusterName(), 3).build(),
+                KafkaNodePoolTemplates.controllerPool(testStorage.getNamespaceName(), testStorage.getControllerPoolName(), testStorage.getClusterName(), 3).build()
+            )
+        );
+        resourceManager.createResourceWithWait(
+            SecretTemplates.secret(testStorage.getNamespaceName(), ccApiUserSecretName, "key", ccApiUser).build(),
+            KafkaTemplates.kafkaWithCruiseControl(testStorage.getNamespaceName(), testStorage.getClusterName(), 3, 3)
+                .editOrNewSpec()
+                    .withNewCruiseControl()
+                        .withNewHashLoginServiceApiUsers()
+                            .withNewValueFrom()
+                                .withNewSecretKeyRef("key", ccApiUserSecretName, false)
+                            .endValueFrom()
+                        .endHashLoginServiceApiUsers()
+                    .endCruiseControl()
+                .endSpec()
+                .build()
+        );
+
+        CruiseControlUtils.ApiResult response = CruiseControlUtils.callApi(
+            testStorage.getNamespaceName(),
+            CruiseControlUtils.HttpMethod.GET,
+            CruiseControlUtils.Scheme.HTTPS,
+            CRUISE_CONTROL_DEFAULT_PORT,
+            CruiseControlEndpoints.STATE.toString(),
+            "",
+            "arnost:heslo"
+        );
+
+        String responseText = response.getResponseText();
+        int responseCode = response.getResponseCode();
+
+        assertThat(responseCode, is(200));
+        assertThat(responseText, containsString("RUNNING"));
+        assertThat(responseText, containsString("NO_TASK_IN_PROGRESS"));
+    }
+
     @BeforeAll
     void setUp() {
         this.clusterOperator = this.clusterOperator

diff --git a/systemtest/src/test/java/io/strimzi/systemtest/metrics/MetricsST.java b/systemtest/src/test/java/io/strimzi/systemtest/metrics/MetricsST.java
@@ -592,8 +592,8 @@ void testKafkaBridgeMetrics() {
      */
     @ParallelTest
     void testCruiseControlMetrics() {
-        String cruiseControlMetrics = CruiseControlUtils.callApi(namespaceFirst, CruiseControlUtils.HttpMethod.GET, CruiseControlUtils.Scheme.HTTP,
-                CruiseControlUtils.CRUISE_CONTROL_METRICS_PORT, "/metrics", "", true).getResponseText();
+        String cruiseControlMetrics = CruiseControlUtils.callApiWithAdminCredentials(namespaceFirst, CruiseControlUtils.HttpMethod.GET, CruiseControlUtils.Scheme.HTTP,
+                CruiseControlUtils.CRUISE_CONTROL_METRICS_PORT, "/metrics", "").getResponseText();
         Matcher regex = Pattern.compile("^([^#].*)\\s+([^\\s]*)$", Pattern.MULTILINE).matcher(cruiseControlMetrics);
 
         LOGGER.info("Verifying that we have more than 0 groups");