search

segmentio / topicctl

Tool for declarative management of Kafka topics
MIT License
579 stars 54 forks source link

feat: create acls #165

Closed petedannemann closed 6 months ago

petedannemann commented 7 months ago

Add create acls command

Implements: https://github.com/segmentio/topicctl/issues/135

Demo: This assumes you have this branch checked out and have ran make install to install topicctl from this branch

# start kafka with authentication enabled
$ docker-compose -f docker-compose-auth.yaml up -d

$ topicctl create acls --help
creates ACLs from configuration files

Usage:
  topicctl create acls [acl configs] [flags]

Flags:
  -h, --help   help for acls

Global Flags:
  -b, --broker-addr string       Broker address
      --cluster-config string    Cluster config
      --debug                    enable debug logging
      --dry-run                  Do a dry-run
      --expand-env               Expand environment in cluster config
      --no-spinner               disable all UI spinners
      --path-prefix string       Prefix for ACL config paths
      --sasl-mechanism string    SASL mechanism if using SASL (choices: AWS-MSK-IAM, PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512)
      --sasl-password string     SASL password if using SASL; will override value set in cluster config
      --sasl-username string     SASL username if using SASL; will override value set in cluster config
      --skip-confirm             Skip confirmation prompts during creation process
      --tls-ca-cert string       Path to client CA cert PEM file if using TLS
      --tls-cert string          Path to client cert PEM file if using TLS
      --tls-enabled              Use TLS for communication with brokers
      --tls-key string           Path to client private key PEM file if using TLS
      --tls-server-name string   Server name to use for TLS cert verification
      --tls-skip-verify          Skip hostname verification when using TLS
  -z, --zk-addr string           ZooKeeper address
      --zk-prefix string         Prefix for cluster-related nodes in zk

$ topicctl create acls examples/auth/acls/acl-default.yaml --cluster-config examples/auth/cluster.yaml
[2023-11-16 14:35:53]  INFO Processing ACL acl-default in config examples/auth/acls/acl-default.yaml with cluster config examples/auth/cluster.yaml
[2023-11-16 14:35:53]  INFO Starting creation for ACLs acl-default in environment local-env, cluster local-cluster-auth
[2023-11-16 14:35:53]  INFO Validating configs...
[2023-11-16 14:35:53]  INFO Checking if ACLs already exists...
[2023-11-16 14:35:53]  INFO It looks like these ACLs doesn't already exists. Will create them with this config:
[
  {
    "ResourceType": "Topic",
    "ResourceName": "my-topic",
    "ResourcePatternType": "Literal",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Read",
    "PermissionType": "Allow"
  },
  {
    "ResourceType": "Topic",
    "ResourceName": "my-topic",
        "ResourcePatternType": "Literal",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Describe",
    "PermissionType": "Allow"
  },
  {
    "ResourceType": "Group",
    "ResourceName": "my-group",
    "ResourcePatternType": "Prefixed",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Read",
    "PermissionType": "Allow"
  }
]
OK to continue? (yes/no) yes
[2023-11-16 14:35:57]  INFO Creating new ACLs for user with config [
  {
    "ResourceType": "Topic",
    "ResourceName": "my-topic",
    "ResourcePatternType": "Literal",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Read",
    "PermissionType": "Allow"
  },
  {
    "ResourceType": "Topic",
    "ResourceName": "my-topic",
    "ResourcePatternType": "Literal",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Describe",
    "PermissionType": "Allow"
  },
  {
    "ResourceType": "Group",
    "ResourceName": "my-group",
    "ResourcePatternType": "Prefixed",
    "Principal": "User:default",
    "Host": "*",
    "Operation": "Read",
    "PermissionType": "Allow"
  }
]
[2023-11-16 14:35:57]  INFO Create completed successfully!

$ topicctl get acls --cluster-config examples/auth/cluster.yaml
[2023-11-16 14:36:45]  INFO ACLs:
----------------+--------------+---------------+-----------------+------+-----------+------------------
  RESOURCE TYPE | PATTERN TYPE | RESOURCE NAME |    PRINCIPAL    | HOST | OPERATION | PERMISSION TYPE
----------------+--------------+---------------+-----------------+------+-----------+------------------
  group         | prefixed     | my-group      | User:default    | *    | read      | allow
  topic         | literal      | my-topic      | User:default    | *    | read      | allow
  topic         | literal      | my-topic      | User:default    | *    | describe  | allow
----------------+--------------+---------------+-----------------+------+-----------+------------------