Add strimzi SASL restricted user for TestRestrictedBrokerAuthSslSaslS…

…cram512 Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
openshift-knative · Mar 26, 2024 · c20051d · c20051d
1 parent 6492b4f
commit c20051d
Showing 1 changed file with 37 additions and 0 deletions.
diff --git a/hack/lib/strimzi.bash b/hack/lib/strimzi.bash
@@ -227,6 +227,43 @@ spec:
         host: "*"
 EOF
 
+  logger.info "Applying Strimzi SASL Restricted User"
+  cat <<-EOF | oc apply -f -
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: my-restricted-sasl-user
+  namespace: kafka
+  labels:
+    strimzi.io/cluster: my-cluster
+spec:
+  authentication:
+    type: scram-sha-512
+  authorization:
+    type: simple
+    acls:
+      # Example ACL rules for Broker with names following knative default brokers.topic.template
+      - resource:
+          type: topic
+          name: knative-broker-
+          patternType: prefix
+        operations:
+          - Create
+          - Describe
+          - Read
+          - Write
+          - Delete
+        host: "*"
+      # Example ACL rules for Consumer Group ID following knative default triggers.consumergroup.template
+      - resource:
+          type: group
+          name: knative-trigger-
+          patternType: prefix
+        operations:
+          - Read
+        host: "*"
+EOF
+
   logger.info "Waiting for Strimzi admin users to become ready"
   oc wait kafkauser --all --timeout=-1s --for=condition=Ready -n kafka