Closed petedannemann closed 6 months ago
Add create acls command
Implements: https://github.com/segmentio/topicctl/issues/135
Demo: This assumes you have this branch checked out and have ran make install to install topicctl from this branch
make install
# start kafka with authentication enabled $ docker-compose -f docker-compose-auth.yaml up -d $ topicctl create acls --help creates ACLs from configuration files Usage: topicctl create acls [acl configs] [flags] Flags: -h, --help help for acls Global Flags: -b, --broker-addr string Broker address --cluster-config string Cluster config --debug enable debug logging --dry-run Do a dry-run --expand-env Expand environment in cluster config --no-spinner disable all UI spinners --path-prefix string Prefix for ACL config paths --sasl-mechanism string SASL mechanism if using SASL (choices: AWS-MSK-IAM, PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512) --sasl-password string SASL password if using SASL; will override value set in cluster config --sasl-username string SASL username if using SASL; will override value set in cluster config --skip-confirm Skip confirmation prompts during creation process --tls-ca-cert string Path to client CA cert PEM file if using TLS --tls-cert string Path to client cert PEM file if using TLS --tls-enabled Use TLS for communication with brokers --tls-key string Path to client private key PEM file if using TLS --tls-server-name string Server name to use for TLS cert verification --tls-skip-verify Skip hostname verification when using TLS -z, --zk-addr string ZooKeeper address --zk-prefix string Prefix for cluster-related nodes in zk $ topicctl create acls examples/auth/acls/acl-default.yaml --cluster-config examples/auth/cluster.yaml [2023-11-16 14:35:53] INFO Processing ACL acl-default in config examples/auth/acls/acl-default.yaml with cluster config examples/auth/cluster.yaml [2023-11-16 14:35:53] INFO Starting creation for ACLs acl-default in environment local-env, cluster local-cluster-auth [2023-11-16 14:35:53] INFO Validating configs... [2023-11-16 14:35:53] INFO Checking if ACLs already exists... [2023-11-16 14:35:53] INFO It looks like these ACLs doesn't already exists. Will create them with this config: [ { "ResourceType": "Topic", "ResourceName": "my-topic", "ResourcePatternType": "Literal", "Principal": "User:default", "Host": "*", "Operation": "Read", "PermissionType": "Allow" }, { "ResourceType": "Topic", "ResourceName": "my-topic", "ResourcePatternType": "Literal", "Principal": "User:default", "Host": "*", "Operation": "Describe", "PermissionType": "Allow" }, { "ResourceType": "Group", "ResourceName": "my-group", "ResourcePatternType": "Prefixed", "Principal": "User:default", "Host": "*", "Operation": "Read", "PermissionType": "Allow" } ] OK to continue? (yes/no) yes [2023-11-16 14:35:57] INFO Creating new ACLs for user with config [ { "ResourceType": "Topic", "ResourceName": "my-topic", "ResourcePatternType": "Literal", "Principal": "User:default", "Host": "*", "Operation": "Read", "PermissionType": "Allow" }, { "ResourceType": "Topic", "ResourceName": "my-topic", "ResourcePatternType": "Literal", "Principal": "User:default", "Host": "*", "Operation": "Describe", "PermissionType": "Allow" }, { "ResourceType": "Group", "ResourceName": "my-group", "ResourcePatternType": "Prefixed", "Principal": "User:default", "Host": "*", "Operation": "Read", "PermissionType": "Allow" } ] [2023-11-16 14:35:57] INFO Create completed successfully! $ topicctl get acls --cluster-config examples/auth/cluster.yaml [2023-11-16 14:36:45] INFO ACLs: ----------------+--------------+---------------+-----------------+------+-----------+------------------ RESOURCE TYPE | PATTERN TYPE | RESOURCE NAME | PRINCIPAL | HOST | OPERATION | PERMISSION TYPE ----------------+--------------+---------------+-----------------+------+-----------+------------------ group | prefixed | my-group | User:default | * | read | allow topic | literal | my-topic | User:default | * | read | allow topic | literal | my-topic | User:default | * | describe | allow ----------------+--------------+---------------+-----------------+------+-----------+------------------
Add create acls command
Implements: https://github.com/segmentio/topicctl/issues/135
Demo: This assumes you have this branch checked out and have ran
make install
to install topicctl from this branch