def put(self, topicName):
"""
Create Topic ACL.
"""
args = acl_detail_parse.parse_args()
auser = args['user']
atype = args['type']
acl_user = "******" + auser
app.logger.info(
"Request to create ACL for topic {0} for user {1} and access type {2}."
.format(topicName, auser, atype))
try:
admin = KafkaAdminClient(
bootstrap_servers=config['cluster.broker.listeners'],
security_protocol=config['cluster.security.protocol'],
ssl_cafile=config['cluster.ssl.cafile'],
ssl_certfile=config['cluster.ssl.certfile'],
ssl_keyfile=config['cluster.ssl.keyfile'])
if atype == 'READ':
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl2 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl3 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.GROUP, "*"))
result = admin.create_acls([acl1, acl2, acl3])
elif atype == 'WRITE':
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl2 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.WRITE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl3 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.CREATE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.CLUSTER, "kafka-cluster"))
result = admin.create_acls([acl1, acl2, acl3])
else:
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
result = admin.create_acls([acl1])
except Exception as e:
ns_acl.abort(500, str(e.args))
finally:
admin.close()
if len(result["failed"]) == 0:
return {"creation": "success"}
else:
ns_acl.abort(500, "Internal Error(Failure in ACL assignment)")
def test_create_describe_delete_acls(self):
"""Tests that we can add, list and remove ACLs
"""
# Setup
brokers = '%s:%d' % (self.server.host, self.server.port)
admin_client = KafkaAdminClient(bootstrap_servers=brokers)
# Check that we don't have any ACLs in the cluster
acls, error = admin_client.describe_acls(
ACLFilter(principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic")))
self.assertIs(error, NoError)
self.assertEqual(0, len(acls))
# Try to add an ACL
acl = ACL(principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic"))
result = admin_client.create_acls([acl])
self.assertFalse(len(result["failed"]))
self.assertEqual(len(result["succeeded"]), 1)
# Check that we can list the ACL we created
acl_filter = ACLFilter(principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, "topic"))
acls, error = admin_client.describe_acls(acl_filter)
self.assertIs(error, NoError)
self.assertEqual(1, len(acls))
# Remove the ACL
delete_results = admin_client.delete_acls([
ACLFilter(principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic"))
])
self.assertEqual(1, len(delete_results))
self.assertEqual(1, len(
delete_results[0][1])) # Check number of affected ACLs
# Make sure the ACL does not exist in the cluster anymore
acls, error = admin_client.describe_acls(
ACLFilter(principal="*",
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic")))
self.assertIs(error, NoError)
self.assertEqual(0, len(acls))
