JiriOndrusek opened a new pull request, #6091: URL: https://github.com/apache/camel-quarkus/pull/6091
fixes https://github.com/apache/camel-quarkus/issues/6090 contains part of https://github.com/apache/camel-quarkus/issues/5967 - **kafka** test module works in FIPS - **kafka-sasl** uses plaintext sasl, therefore can not work in FIP (sasl scenario for FIPS is covered by kafka-sasl-ssl), the test is **disabled** in FIPS environment - **kafka-ssl** and **kafka-sasl-ssl** are both fixed by this PR ### Workaround because of strimzi kafka container. Password-based encryption support in FIPs mode was implemented in the Red Hat build of OpenJDK 17 update 4. OpenJdk17 should be present in the image according to this [blog post](https://strimzi.io/blog/2023/01/25/running-apache-kafka-on-fips-enabled-kubernetes-cluster/). Unfortunately, even the newest image ([3.7.0](https://quay.io/repository/strimzi-test-container/test-container?tab=tags&tag=latest-kafka-3.2.1%20bash)) uses java 11. I had to add a step in the `camel-quarkus-integration-tests-support-kafka` module when I was creating a custom image with OpenJDK 17. This workaround happens only in FIPS mode and only once. (The custom image with Java 17 is cached and the next runs should use it) ### Adaptation of certificate-generator project [Certificate-generator](https://github.com/cescoffier/certificate-generator/tree/main) project brings support for the generation of certificates easily and clearly. The project can be used as a common approach to certificate generation for the CQ (see discussion in this [ticket](https://github.com/apache/camel-quarkus/issues/5967)) CQ requires the certificates to be customized in case the external docker host is used (see the [code](https://github.com/apache/camel-quarkus/blob/3.10.0/integration-tests-support/kafka/src/main/java/org/apache/camel/quarkus/test/support/kafka/KafkaTestSupport.java#L63-L93) for kafka). To achieve the same functionality when using certificate-generator project I had to create a special annotation `TestCertificates` with the extension implementation (`TestCertificateGenerationExtension`). The extension is based on the original extension brought by certificate-generator project and customizes _cn_ and _SubjectAlternativeName_ in case the docker host is not localhost. The new annotation (`TestCertificates`) is placed into a new module **camel-quarkus-integration-tests-support-certificate** <!-- Uncomment and fill this section if your PR is not trivial [ ] An issue should be filed for the change unless this is a trivial change (fixing a typo or similar). One issue should ideally be fixed by not more than one commit and the other way round, each commit should fix just one issue, without pulling in other changes. [ ] Each commit in the pull request should have a meaningful and properly spelled subject line and body. Copying the title of the associated issue is typically enough. Please include the issue number in the commit message prefixed by #. [ ] The pull request description should explain what the pull request does, how, and why. If the info is available in the associated issue or some other external document, a link is enough. [ ] Phrases like Fix #<issueNumber> or Fixes #<issueNumber> will auto-close the named issue upon merging the pull request. Using them is typically a good idea. [ ] Please run mvn process-resources -Pformat (and amend the changes if necessary) before sending the pull request. [ ] Contributor guide is your good friend: https://camel.apache.org/camel-quarkus/latest/contributor-guide.html --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
