feat: ACL defaults for host and permission

[gquintana]

Avoid setting on each and every ACL rule:

host: *
permission: ALLOW

They are set by default and can be overridden

[jrevillard]

Hi @gquintana ,

Wouldn't it be better to be able to manager default values settings section of the state ?

Something like this:

settings:
  topics:
    defaults:
      replication: 3
      configs:
        host: *
        permission: ALLOW

This would then allows to specify default value for all the configs.

Best, Jerome

[gquintana]

To me it's not a topic setting (think about cluster and group ACLs) but an ACL default. I am not sure being able to configure this default is necessary. I have to set defaults for each topic/group, in the end it's like setting every field on ACLs.

Note that the "host: *" is the default when using "kafka-acls.sh" tool. I chose the default "permission: ALLOW" because from security point of view everything should be forbidden, unless it's allowed by an ACL. Moreover it's the default, on Kafka Broker side (allow.everyone.if.no.acl.found defaults to false). The contrary (allow everything unless it's forbidden) doesn't make sense to me. Note to myself: the "pattern: LITERAL" should be also be the default

[jrevillard]

Ah sorry yes I clearly made a confusion !

Then I agree thanks !

[devshawn]

Thanks for the contribution -- should be in the next release shortly :)