Closed pjalbert27 closed 2 years ago
Hi, thanks for reporting this situation, I think the core situation here is that:
Hi @purbon,
I noticed a different behaviour between CCloudAclsProvider.java#L84
and CCloudUtils.java#L39
inside translateIfNecessary method.
In fact, in CCloudAclsProvider.java#L84
we have a String[] fields = principal.split(":")
before lookupServiceAccountId.get(fields[1])
contrary to CCloudUtils.java#L39
where we have juste serviceAccountIdByNameMap.getOrDefault(binding.getPrincipal(), ...)
without split(":")
On the other hand, at line CCloudUtils.java#L38
, we have ConfluentCloudPrincipal principal = ConfluentCloudPrincipal.fromString(binding.getPrincipal());
. This method return a POJO contains a value of principalType
and serviceAccountName
after applying a principalString.split(COLON_AS_SEPARATOR)
inside fromString
method.
So I think, instead of using serviceAccountIdByNameMap.getOrDefault(**binding.getPrincipal()**, ...)
we have to use serviceAccountIdByNameMap.getOrDefault(**principal.getServiceAccountName()**, ...)
I think this can fix issue reported by @pjalbert27.
Thanks.
Hi, thanks both for reporting this, I have created #485 that would amend this problem, so hopefully will not come back. Feel free to reopen this issue, or just comment here, in case this problem reappears, that hopefully will not.
Hi
This is related to #438
When having Julie manage principals with Confluent Cloud, we get an message error java.io.IOException: Translation of principal User:dev_myAccount failed, please review your system configuration
This serviceAccount dev_myAccount (sa-xxxx) exists on our confluent cloud
To Reproduce Steps to reproduce the behavior:
Include the following ccloud config in the connection properties file:
Run Julie with the above topology file. Version Julie : 4.1.2 Java : 17,0
Expected behavior The expected behavior is for the ACL to be created for the resource id associated with the dev_myAccount account and for the service account name to be dev_myAccount.
a/ Regarding request #438 it should work, may be i am doing something wrong ? I tried to set directly the dev_myAccount whithout the User: but raise an exception too java.lang.IllegalArgumentException: No enum constant com.purbon.kafka.topology.model.users.ConfluentCloudPrincipal.PrincipalType.dev_myAccount
b/ I take a look on code and build a specific version trying to understand what was the problem. In file CCloudUtils.java we search for the specified service account but unfortunatly the service account we are searching for is User:dev_myAccount against a list of service account without User:
I try with "updating" list with User: in key as follow (nota bene : i am not a skilled java developer)
Then after building this specific version, it succeed in creating what i expected to and acl are ok With the old cclou cli (ccloud kafka acl list)
With the new confluent cli (confluent kafka acl list)
Thank you