diff --git a/data-plane/THIRD-PARTY.txt b/data-plane/THIRD-PARTY.txt index 0736b0e75c..3b19fa23de 100644 --- a/data-plane/THIRD-PARTY.txt +++ b/data-plane/THIRD-PARTY.txt @@ -47,9 +47,9 @@ Lists of 230 third-party dependencies. (Apache Software License 2.0) Debezium API (io.debezium:debezium-api:1.9.6.Final - https://debezium.io/debezium-parent/debezium-api) (Apache Software License 2.0) Debezium Core (io.debezium:debezium-core:1.9.6.Final - https://debezium.io/debezium-parent/debezium-core) (Apache License 2.0) Metrics Core (io.dropwizard.metrics:metrics-core:4.1.12.1 - https://metrics.dropwizard.io/metrics-core) - (Apache License, Version 2.0) Fabric8 :: Kubernetes :: Java Client (io.fabric8:kubernetes-client:6.7.2 - http://fabric8.io/kubernetes-client/) - (Apache License, Version 2.0) Fabric8 :: Kubernetes :: Java Client API (io.fabric8:kubernetes-client-api:6.7.2 - http://fabric8.io/kubernetes-client-api/) - (Apache License, Version 2.0) Fabric8 :: Kubernetes :: HttpClient :: JDK (io.fabric8:kubernetes-httpclient-jdk:6.7.2 - http://fabric8.io/kubernetes-httpclient-jdk/) + (Apache License, Version 2.0) Fabric8 :: Kubernetes :: Java Client (io.fabric8:kubernetes-client:6.10.0 - https://github.com/fabric8io/kubernetes-client/kubernetes-client) + (Apache License, Version 2.0) Fabric8 :: Kubernetes :: Java Client API (io.fabric8:kubernetes-client-api:6.10.0 - https://github.com/fabric8io/kubernetes-client/kubernetes-client-api) + (Apache License, Version 2.0) Fabric8 :: Kubernetes :: HttpClient :: JDK (io.fabric8:kubernetes-httpclient-jdk:6.10.0 - https://github.com/fabric8io/kubernetes-client/kubernetes-httpclient-jdk) (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: Admission Registration, Authentication and Authorization (io.fabric8:kubernetes-model-admissionregistration:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-admissionregistration/) (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: API Extensions (io.fabric8:kubernetes-model-apiextensions:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-apiextensions/) (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: Apps (io.fabric8:kubernetes-model-apps:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-apps/) @@ -72,8 +72,8 @@ Lists of 230 third-party dependencies. (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: Resource (io.fabric8:kubernetes-model-resource:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-resource/) (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: Scheduling (io.fabric8:kubernetes-model-scheduling:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-scheduling/) (Apache License, Version 2.0) Fabric8 :: Kubernetes Model :: Storage Class (io.fabric8:kubernetes-model-storageclass:6.7.2 - http://fabric8.io/kubernetes-model-generator/kubernetes-model-storageclass/) - (Apache License, Version 2.0) Fabric8 :: Kubernetes :: JUnit :: Server Mock (io.fabric8:kubernetes-server-mock:6.7.2 - http://fabric8.io/junit/kubernetes-server-mock/) - (Apache License, Version 2.0) Fabric8 :: Mock Web Server (io.fabric8:mockwebserver:0.2.2 - http://fabric8.io/) + (Apache License, Version 2.0) Fabric8 :: Kubernetes :: JUnit :: Server Mock (io.fabric8:kubernetes-server-mock:6.10.0 - https://github.com/fabric8io/kubernetes-client/junit/kubernetes-server-mock) + (Apache License, Version 2.0) Fabric8 :: Mock Web Server (io.fabric8:mockwebserver:6.10.0 - https://github.com/fabric8io/kubernetes-client/junit/mockwebserver) (Apache License, Version 2.0) Fabric8 :: Service Catalog :: Client (io.fabric8:servicecatalog-client:6.7.2 - http://fabric8.io/kubernetes-extensions/service-catalog/servicecatalog-client/) (Apache License, Version 2.0) Fabric8 :: Service Catalog :: Model (io.fabric8:servicecatalog-model:6.7.2 - http://fabric8.io/kubernetes-extensions/service-catalog/servicecatalog-model/) (The Apache Software License, Version 2.0) zjsonpatch (io.fabric8:zjsonpatch:0.3.0 - https://github.com/fabric8io/zjsonpatch/) @@ -226,7 +226,7 @@ Lists of 230 third-party dependencies. (Apache-2.0) scala-collection-compat (org.scala-lang.modules:scala-collection-compat_2.12:2.6.0 - http://www.scala-lang.org/) (Apache-2.0) scala-java8-compat (org.scala-lang.modules:scala-java8-compat_2.12:1.0.2 - http://www.scala-lang.org/) (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.9 - http://www.slf4j.org) - (Apache License, Version 2.0) SnakeYAML Engine (org.snakeyaml:snakeyaml-engine:2.6 - https://bitbucket.org/snakeyaml/snakeyaml-engine) + (Apache License, Version 2.0) SnakeYAML Engine (org.snakeyaml:snakeyaml-engine:2.7 - https://bitbucket.org/snakeyaml/snakeyaml-engine) (Apache License 2.0) wildfly-common (org.wildfly.common:wildfly-common:1.5.4.Final-format-001 - http://www.jboss.org/wildfly-common) (Apache-2.0) snappy-java (org.xerial.snappy:snappy-java:1.1.10.5 - https://github.com/xerial/snappy-java) (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.0 - https://bitbucket.org/snakeyaml/snakeyaml) diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/NamespacedName.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/NamespacedName.java new file mode 100644 index 0000000000..ba345d3093 --- /dev/null +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/NamespacedName.java @@ -0,0 +1,29 @@ +/* + * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.knative.eventing.kafka.broker.core; + +/** + * NamespacedName comprises a resource name, with a namespace, + * rendered as "/". + * @param namespace + * @param name + */ +public record NamespacedName(String namespace, String name) { + @Override + public String toString() { + return namespace + "/" + name; + } +} diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java new file mode 100644 index 0000000000..d9f5c35daa --- /dev/null +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenProvider.java @@ -0,0 +1,57 @@ +/* + * Copyright © 2018 Knative Authors (knative-dev@googlegroups.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.knative.eventing.kafka.broker.core.oidc; + +import dev.knative.eventing.kafka.broker.core.NamespacedName; +import io.fabric8.kubernetes.api.model.authentication.TokenRequest; +import io.fabric8.kubernetes.api.model.authentication.TokenRequestBuilder; +import io.fabric8.kubernetes.client.Config; +import io.fabric8.kubernetes.client.ConfigBuilder; +import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; + +public class TokenProvider { + + private final KubernetesClient kubernetesClient; + + public TokenProvider() { + Config clientConfig = new ConfigBuilder().build(); + + kubernetesClient = + new KubernetesClientBuilder().withConfig(clientConfig).build(); + } + + public String requestToken(NamespacedName serviceAccount, String audience) { + TokenRequest tokenRequest = new TokenRequestBuilder() + .withNewSpec() + .withAudiences(audience) + .withExpirationSeconds(3600L) + .endSpec() + .build(); + + tokenRequest = kubernetesClient + .serviceAccounts() + .inNamespace(serviceAccount.namespace()) + .withName(serviceAccount.name()) + .tokenRequest(tokenRequest); + + if (tokenRequest != null && tokenRequest.getStatus() != null) { + return tokenRequest.getStatus().getToken(); + } else { + return null; + } + } +} diff --git a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenVerifier.java b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenVerifier.java index cb55c48abb..e12c764de3 100644 --- a/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenVerifier.java +++ b/data-plane/core/src/main/java/dev/knative/eventing/kafka/broker/core/oidc/TokenVerifier.java @@ -61,7 +61,7 @@ public Future verify(String token, String expectedAudience) { public Future verify(HttpServerRequest request, String expectedAudience) { String authHeader = request.getHeader("Authorization"); - if (authHeader.isEmpty()) { + if (authHeader == null || authHeader.isEmpty()) { return Future.failedFuture("Request didn't contain Authorization header"); // change to exception } diff --git a/data-plane/pom.xml b/data-plane/pom.xml index 0325c63e09..e4cc02ab3d 100644 --- a/data-plane/pom.xml +++ b/data-plane/pom.xml @@ -58,7 +58,7 @@ 4.2.0 5.10.1 5.8.0 - 6.7.2 + 6.10.0 3.2.3 1.9.6.Final 3.4.0 @@ -208,6 +208,11 @@ + + io.fabric8 + kubernetes-client-api + ${fabric8.kubernetes.version} + io.fabric8 kubernetes-httpclient-jdk