-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #19 from ecoupal-believe/acls
Feature: Add acl management
- Loading branch information
Showing
10 changed files
with
381 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package kafka | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
|
||
"github.com/Shopify/sarama" | ||
"github.com/electric-saw/kafta/pkg/cmd/util" | ||
) | ||
|
||
func ListAllAcls(conn *KafkaConnection) []sarama.ResourceAcls { | ||
filter := sarama.AclFilter{ | ||
ResourcePatternTypeFilter: sarama.AclPatternAny, | ||
ResourceType: sarama.AclResourceAny, | ||
PermissionType: sarama.AclPermissionAny, | ||
Operation: sarama.AclOperationAny, | ||
} | ||
acls, err := conn.Admin.ListAcls(filter) | ||
|
||
util.CheckErr(err) | ||
|
||
return acls | ||
} | ||
|
||
func CreateAcl(conn *KafkaConnection, resource_name string, resource_type sarama.AclResourceType, principal string, host string, operation sarama.AclOperation, permission_type sarama.AclPermissionType) error { | ||
if resource_name == "" { | ||
fmt.Println("Resource name is required") | ||
os.Exit(0) | ||
} | ||
|
||
resource := sarama.Resource{ | ||
ResourceName: resource_name, | ||
ResourceType: resource_type, | ||
} | ||
|
||
acl := sarama.Acl{ | ||
Principal: principal, | ||
Host: host, | ||
Operation: operation, | ||
PermissionType: permission_type, | ||
} | ||
|
||
if err := conn.Admin.CreateACL(resource, acl); err == nil { | ||
fmt.Println("Acl created") | ||
return err | ||
} else { | ||
return err | ||
} | ||
} | ||
|
||
func DeleteAcl(conn *KafkaConnection, resource_name string, resource_type sarama.AclResourceType, principal string, host string, operation sarama.AclOperation, permission_type sarama.AclPermissionType) error { | ||
if resource_name == "" { | ||
fmt.Println("Resource name is required") | ||
os.Exit(0) | ||
} | ||
|
||
if _, err := conn.Admin.DeleteACL(sarama.AclFilter{ | ||
ResourceName: &resource_name, | ||
ResourceType: resource_type, | ||
Principal: &principal, | ||
Host: &host, | ||
Operation: operation, | ||
PermissionType: permission_type, | ||
ResourcePatternTypeFilter: sarama.AclPatternAny, | ||
}, false); err == nil { | ||
fmt.Println("Acl deleted") | ||
return err | ||
} else { | ||
return err | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package acl | ||
|
||
import ( | ||
"github.com/Shopify/sarama" | ||
"github.com/electric-saw/kafta/internal/pkg/configuration" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func NewCmdAcl(config *configuration.Configuration) *cobra.Command { | ||
cmd := &cobra.Command{ | ||
Use: "acl", | ||
Short: "Acls management", | ||
} | ||
|
||
cmd.AddCommand(NewCmdListAcl(config)) | ||
cmd.AddCommand(NewCmdCreateAcl(config)) | ||
cmd.AddCommand(NewCmdDeleteAcl(config)) | ||
|
||
return cmd | ||
} | ||
|
||
type AclOptions struct { | ||
resource_name string | ||
resource_type sarama.AclResourceType | ||
acl_principal string | ||
acl_host string | ||
acl_operation sarama.AclOperation | ||
acl_permission_type sarama.AclPermissionType | ||
} | ||
|
||
var ResourceTypeMapping = map[sarama.AclResourceType][]string{ | ||
sarama.AclResourceAny: {"Any"}, | ||
sarama.AclResourceTopic: {"Topic"}, | ||
sarama.AclResourceGroup: {"Group"}, | ||
sarama.AclResourceCluster: {"Cluster"}, | ||
sarama.AclResourceTransactionalID: {"TransactionalID"}, | ||
sarama.AclResourceDelegationToken: {"DelegationToken"}, | ||
} | ||
|
||
var OperationMapping = map[sarama.AclOperation][]string{ | ||
sarama.AclOperationAll: {"All"}, | ||
sarama.AclOperationRead: {"Read"}, | ||
sarama.AclOperationWrite: {"Write"}, | ||
sarama.AclOperationCreate: {"Create"}, | ||
sarama.AclOperationDelete: {"Delete"}, | ||
sarama.AclOperationAlter: {"Alter"}, | ||
sarama.AclOperationDescribe: {"Describe"}, | ||
sarama.AclOperationClusterAction: {"ClusterAction"}, | ||
sarama.AclOperationDescribeConfigs: {"DescribeConfigs"}, | ||
sarama.AclOperationAlterConfigs: {"AlterConfigs"}, | ||
sarama.AclOperationIdempotentWrite: {"IdempotentWrite"}, | ||
} | ||
|
||
var PermissionMapping = map[sarama.AclPermissionType][]string{ | ||
sarama.AclPermissionDeny: {"Deny"}, | ||
sarama.AclPermissionAllow: {"Allow"}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package acl | ||
|
||
import ( | ||
"github.com/Shopify/sarama" | ||
"github.com/electric-saw/kafta/internal/pkg/configuration" | ||
"github.com/electric-saw/kafta/internal/pkg/kafka" | ||
cmdutil "github.com/electric-saw/kafta/pkg/cmd/util" | ||
"github.com/spf13/cobra" | ||
"github.com/thediveo/enumflag/v2" | ||
) | ||
|
||
type createAclOptions struct { | ||
config *configuration.Configuration | ||
AclOptions | ||
} | ||
|
||
func NewCmdCreateAcl(config *configuration.Configuration) *cobra.Command { | ||
options := &createAclOptions{config: config} | ||
cmd := &cobra.Command{ | ||
Use: "create [NAME] [--type=Topic] [--principal=User:CN=principal] [--host=*] [--operation=All] [--permission=Allow]", | ||
Short: "Create acl", | ||
Run: func(cmd *cobra.Command, args []string) { | ||
cmdutil.CheckErr(options.complete(cmd)) | ||
cmdutil.CheckErr(options.run()) | ||
}, | ||
} | ||
|
||
cmd.Flags().StringVarP(&options.resource_name, "configs", "c", "*", "Configs") | ||
|
||
cmd.Flags().VarP( | ||
enumflag.New(&options.resource_type, "type", ResourceTypeMapping, enumflag.EnumCaseInsensitive), | ||
"type", "t", | ||
"resource type can be 'Topic', 'Group', 'Cluster', 'TransactionalID', 'DelegationToken'") | ||
|
||
cmd.Flags().StringVarP(&options.acl_principal, "principal", "p", "", "Principal") | ||
|
||
cmd.Flags().StringVarP(&options.acl_host, "host", "s", "*", "Host") | ||
|
||
cmd.Flags().VarP( | ||
enumflag.New(&options.acl_operation, "operation", OperationMapping, enumflag.EnumCaseInsensitive), | ||
"operation", "o", | ||
"acl operation can be 'All', 'Read', 'Write', 'Create', 'Delete', 'Alter', 'Describe', 'ClusterAction', 'DescribeConfigs', 'AlterConfigs', 'IdempotentWrite'") | ||
|
||
cmd.Flags().VarP( | ||
enumflag.NewWithoutDefault(&options.acl_permission_type, "permission", PermissionMapping, enumflag.EnumCaseInsensitive), | ||
"permission", "m", | ||
"acl permission can be 'Deny', 'Allow'") | ||
|
||
return cmd | ||
} | ||
|
||
func (o *createAclOptions) complete(cmd *cobra.Command) error { | ||
args := cmd.Flags().Args() | ||
if len(args) > 1 { | ||
return cmdutil.HelpErrorf(cmd, "Unexpected args: %v", args) | ||
} | ||
if len(args) == 1 { | ||
o.resource_name = args[0] | ||
} | ||
if o.resource_type == sarama.AclResourceUnknown { | ||
o.resource_type = sarama.AclResourceTopic | ||
} | ||
if o.acl_operation == sarama.AclOperationUnknown { | ||
o.acl_operation = sarama.AclOperationAll | ||
} | ||
if o.acl_permission_type == sarama.AclPermissionUnknown { | ||
o.acl_permission_type = sarama.AclPermissionAllow | ||
} | ||
return nil | ||
} | ||
|
||
func (o *createAclOptions) run() error { | ||
conn := kafka.MakeConnection(o.config) | ||
defer conn.Close() | ||
return kafka.CreateAcl(conn, o.resource_name, o.resource_type, o.acl_principal, o.acl_host, o.acl_operation, o.acl_permission_type) | ||
} |
Oops, something went wrong.