Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Merged by Bors] - Consolidate TLS encryption and authentication#532

Closed
maltesander wants to merge 15 commits into
mainfrom
consolidate-encryption-and-authentication
Closed

[Merged by Bors] - Consolidate TLS encryption and authentication#532
maltesander wants to merge 15 commits into
mainfrom
consolidate-encryption-and-authentication

Conversation

@maltesander

@maltesander maltesander commented Dec 23, 2022
edited
Loading

Copy link
Copy Markdown
Member

Description

New structure looks like this:

apiVersion: kafka.stackable.tech/v1alpha1
kind: KafkaCluster
metadata:
  name: simple-kafka
spec:
  image:
    productVersion: 3.3.1
    stackableVersion: 0.3.0
  clusterConfig:
    authentication:
      - authenticationClass: kafka-client-auth-tls
    tls:
      internalSecretClass: kafka-internal-tls
      serverSecretClass: tls
    zookeeperConfigMapName: simple-kafka-znode
  brokers:
....

fixes: #529

test: https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/kafka-operator-it-custom/29/

Review Checklist

  • Code contains useful comments
  • CRD change approved (or not applicable)
  • (Integration-)Test cases added (or not applicable)
  • Documentation added (or not applicable)
  • Changelog updated (or not applicable)
  • Cargo.toml only contains references to git tags (not specific commits or branches)
  • Helm chart can be installed and deployed operator works (or not applicable)

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

@maltesander maltesander added release-note/action-required Denotes a PR that introduces potentially breaking changes that require user action. changelog/crd-change labels Dec 23, 2022
@maltesander maltesander requested a review from a team December 23, 2022 15:20
@maltesander maltesander self-assigned this Dec 23, 2022
@maltesander maltesander marked this pull request as ready for review December 23, 2022 15:52
sbernauer
sbernauer requested changes Jan 2, 2023
View reviewed changes

@sbernauer sbernauer left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the refactoring, many thanks!

Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/security.rs Outdated
Comment thread rust/operator/src/kafka_controller.rs Outdated
@maltesander maltesander requested a review from sbernauer January 2, 2023 09:45
sbernauer
sbernauer reviewed Jan 2, 2023
View reviewed changes
Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/authentication.rs Outdated
@maltesander maltesander requested a review from sbernauer January 2, 2023 10:03
sbernauer
sbernauer requested changes Jan 2, 2023
View reviewed changes

@sbernauer sbernauer left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, this should be it 🙈

Comment thread rust/crd/src/authentication.rs Outdated
Comment thread rust/crd/src/authentication.rs Outdated
Comment thread docs/modules/ROOT/pages/usage.adoc Outdated
Comment thread rust/crd/src/security.rs Outdated
vsupalov
vsupalov approved these changes Jan 2, 2023
View reviewed changes

@vsupalov vsupalov left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@maltesander maltesander requested a review from sbernauer January 2, 2023 13:12
@maltesander

maltesander commented Jan 2, 2023

Copy link
Copy Markdown
Member Author

bors merge

bors Bot pushed a commit that referenced this pull request Jan 2, 2023
@maltesander
Consolidate TLS encryption and authentication (#532)
d092e0e 
# Description

New structure looks like this:
```
apiVersion: kafka.stackable.tech/v1alpha1
kind: KafkaCluster
metadata:
  name: simple-kafka
spec:
  image:
    productVersion: 3.3.1
    stackableVersion: 0.3.0
  clusterConfig:
    authentication:
      - authenticationClass: kafka-client-auth-tls
    tls:
      internalSecretClass: kafka-internal-tls
      serverSecretClass: tls
    zookeeperConfigMapName: simple-kafka-znode
  brokers:
....
```

fixes: #529  

test: https://ci.stackable.tech/view/02%20Operator%20Tests%20(custom)/job/kafka-operator-it-custom/29/



Co-authored-by: Malte Sander <[email protected]>
@bors

bors Bot commented Jan 2, 2023

Copy link
Copy Markdown
Contributor

Pull request successfully merged into main.

Build succeeded!

And happy new year! 🎉

@bors bors Bot changed the title Consolidate TLS encryption and authentication [Merged by Bors] - Consolidate TLS encryption and authentication Jan 2, 2023
@bors bors Bot closed this Jan 2, 2023
@bors bors Bot deleted the consolidate-encryption-and-authentication branch January 2, 2023 13:57
@vsupalov vsupalov mentioned this pull request Jan 5, 2023
Closed
7 tasks
@maltesander

maltesander commented Jan 5, 2023

Copy link
Copy Markdown
Member Author

bors merge

@bors

bors Bot commented Jan 5, 2023

Copy link
Copy Markdown
Contributor

Already running a review

@sbernauer

sbernauer commented Jan 5, 2023

Copy link
Copy Markdown
Member

🤔

bors Bot pushed a commit to stackabletech/druid-operator that referenced this pull request Jan 10, 2023
@sbernauer
Consolidate encryption and auth (#366)
eacc322 
# Description

Fixes #365

Changes, heavily inspired by the [consolidation which recently happened for the kafka-operator](stackabletech/kafka-operator#532). Relates to stackabletech/issues#293

The new structure was guided by this snippet:
```
apiVersion: druid.stackable.tech/v1alpha1
kind: DruidCluster
metadata:
  name: derby-druid
spec:
  image:
    productVersion: 24.0.0
    stackableVersion: 0.3.0
  clusterConfig:
    authentication:
      - authenticationClass: druid-tls-authentication-class (tls) # String
      - authenticationClass: druid-ldap-authentication-class (ldap) # String
    authorization:
      opa:
        configMapName: test-opa
        package: druid
    zookeeperConfigMapName: druid-znode
    metadataStorageDatabase:
      dbType: derby
      connString: jdbc:derby://localhost:1527/var/druid/metadata.db;create=true
      host: localhost
      port: 1527
    deepStorage:
      hdfs:
        configMapName: druid-hdfs
        directory: /druid
    tls:
      serverSecretClass: secret_class # Option<String>. *In general* defaults to "tls"
      internalSecretClass: secret_class # Option<String>. *In general* defaults to "tls"
```

## Overview of introduced changes

While working on the main issue, adjacent and somewhat-related refactorings/changes were introduced as well:

* Prefer not to disable TLS for integration tests, where possible (justification: while the complexity is slightly higher, we are tested the recommended codepath more, as TLS is on by default)
* Introduce dedicated authorization and security rust files
* Adjustments to test helper scripts (mostly regarding uniformity and ergonomics)

## Highlight

Security-validation logic is well tested!



Co-authored-by: Vladislav Supalov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbernauer sbernauer sbernauer approved these changes

+1 more reviewer

@vsupalov vsupalov vsupalov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@maltesander maltesander

Labels

release-note/action-required Denotes a PR that introduces potentially breaking changes that require user action.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rework Kafka TLS / Auth structs

3 participants

@maltesander @sbernauer @vsupalov