Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: delete acl #167

Merged
merged 123 commits into from
Dec 13, 2023
Merged

feat: delete acl #167

merged 123 commits into from
Dec 13, 2023

Conversation

petedannemann
Copy link
Contributor

@petedannemann petedannemann commented Nov 21, 2023
edited
Loading

Add support for deleting ACLs.

Implementation details:
Mutliple ACLs can be deleted at a time. The delete acls command requires all flags to be set to narrow down to desired ACLs to delete.

Demo:

$ topicctl get acls --resource-type topic --resource-pattern-type literal --resource-name my-topic --principal 'User:default' --host '*' --operation read --permission-type allow --cluster-config examples/auth/cluster.yaml
[2023-11-21 14:35:48]  INFO ACLs:
----------------+--------------+---------------+--------------+------+-----------+------------------
  RESOURCE TYPE | PATTERN TYPE | RESOURCE NAME |  PRINCIPAL   | HOST | OPERATION | PERMISSION TYPE
----------------+--------------+---------------+--------------+------+-----------+------------------
  topic         | literal      | my-topic      | User:default | *    | read      | allow
----------------+--------------+---------------+--------------+------+-----------+------------------
$ topicctl delete acls --resource-type topic --resource-pattern-type literal --resource-name my-topic --principal 'User:default' --host '*' --operation read --permission-type allow --cluster-config examples/auth/cluster.yaml
[2023-11-21 14:35:54]  INFO Checking if ACLs exists for filter:
{
  "ResourceTypeFilter": "Topic",
  "ResourceNameFilter": "my-topic",
  "ResourcePatternTypeFilter": "Literal",
  "PrincipalFilter": "User:default",
  "HostFilter": "*",
  "Operation": "Read",
  "PermissionType": "Allow"
}
[2023-11-21 14:35:54]  The following ACLs in the cluster are planned for deletion:
{
  "ResourceType": "topic",
  "ResourceName": "my-topic",
  "PatternType": "literal",
  "Principal": "User:default",
  "Host": "*",
  "Operation": "read",
  "PermissionType": "allow"
} 
Delete ACLs? (yes/no) yes
[2023-11-21 14:35:56]  INFO ACLs successfully deleted: {
  "Error": null,
  "ResourceType": "Topic",
  "ResourceName": "my-topic",
  "ResourcePatternType": "Literal",
  "Principal": "User:default",
  "Host": "*",
  "Operation": "Read",
  "PermissionType": "Allow"
}
$ topicctl get acls --resource-type topic --resource-pattern-type literal --resource-name my-topic --principal 'User:default' --host '*' --operation read --permission-type allow --cluster-config examples/auth/cluster.yaml
[2023-11-21 14:36:03]  INFO ACLs:
----------------+--------------+---------------+-----------+------+-----------+------------------
  RESOURCE TYPE | PATTERN TYPE | RESOURCE NAME | PRINCIPAL | HOST | OPERATION | PERMISSION TYPE
----------------+--------------+---------------+-----------+------+-----------+------------------
----------------+--------------+---------------+-----------+------+-----------+------------------

@petedannemann
bump kafka-go to include acl apis
b86d182
@petedannemann
add acl interfaces and aclinfo type stub
f1ec537
@petedannemann
pull latest kafka-go and use kafka-go aclresource type
07a63c7
@petedannemann
wip
474c260
@petedannemann
fix test
6e0ec36
@petedannemann
fix typos
7b9454d
@petedannemann
get acls working
49f7e19
@petedannemann
getacls working
8382e98
@petedannemann
upgrade cobra to latest
7b8ee42
@petedannemann
finish separating get into separate subcommands
2a7d2de
@petedannemann
remove unneeded variables
1b84ef3
@petedannemann
Merge branch 'chore/separate-subcmd-for-get' into spike/acls-and-users
ff7d81d
@petedannemann
wip
ea28ea9
@petedannemann
pr feedback
07667dd
@petedannemann
Revert "upgrade cobra to latest"
dcdd0e8 
This reverts commit 7b8ee42.
@petedannemann
Merge branch 'chore/separate-subcmd-for-get' into spike/acls-and-users
d58262c
@petedannemann
use getCliRunnerAndCtx in get acls
9f8f550
@petedannemann
more consistent variable names
4a78af2
@petedannemann
custom cobra type
1dbf200
@petedannemann
bring in new kafka-go
226ae1c
@petedannemann
support resource pattern type
acc011f
@petedannemann
add support for acloperationtype and remove options for unknown
2536e50
@petedannemann
improve descriptions
62671b0
@petedannemann
support permissiontype and host filters
3f050ca
@petedannemann
add resource name filter and fix permission type formatting
925670c
@petedannemann
support principal filtering
5cff332
@petedannemann
improve docs
e6e8c63
@petedannemann
add examples
e28cb01
@petedannemann
remove comment
9735b1b
@petedannemann
remove TODOs that are complete
b19a4e1
@petedannemann petedannemann changed the base branch from master to feat/create-acls November 21, 2023 19:39
@petedannemann petedannemann changed the title feat/delete acl feat: delete acl Nov 21, 2023
petedannemann
petedannemann commented Nov 21, 2023
View reviewed changes
pkg/cli/cli.go Outdated
return fmt.Errorf("No ACL matches filter:\n%+v", formatACLs(filter))
}

if len(clusterACLs) > 1 {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another option is to change the design to allow for multiple ACLs to be deleted at once. This may add additional risk

@petedannemann petedannemann marked this pull request as ready for review November 22, 2023 16:26
@petedannemann petedannemann requested a review from a team as a code owner November 22, 2023 16:26
hhahn-tw
hhahn-tw approved these changes Dec 12, 2023
View reviewed changes
pkg/acl/acl.go Outdated Show resolved Hide resolved
Base automatically changed from feat/create-acls to master December 13, 2023 20:43
@petedannemann petedannemann merged commit 049db25 into master Dec 13, 2023
8 checks passed
@petedannemann petedannemann deleted the feat/delete-acl branch December 13, 2023 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hhahn-tw hhahn-tw hhahn-tw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@petedannemann @hhahn-tw