def get(self, topicName):
"""
Get Topic ACL.
"""
app.logger.info("Request to get ACL for topic {0}.".format(topicName))
try:
admin = KafkaAdminClient(
bootstrap_servers=config['cluster.broker.listeners'],
security_protocol=config['cluster.security.protocol'],
ssl_cafile=config['cluster.ssl.cafile'],
ssl_certfile=config['cluster.ssl.certfile'],
ssl_keyfile=config['cluster.ssl.keyfile'])
acl_filter = ACLFilter(principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acls, error = admin.describe_acls(acl_filter)
acl_list = []
for a in acls:
princpl = a.principal
oprtn = a.operation.name
acl_list.append({'user': princpl, 'type': oprtn})
return acl_list
except Exception as e:
ns_acl.abort(500, str(e.args))
finally:
admin.close()
def delete(self, topicName):
"""
Delete Topic ACL.
"""
args = acl_detail_parse.parse_args()
auser = args['user']
atype = args['type']
acl_user = "******" + auser
app.logger.info(
"Request to delete ACL for topic {0} for user {1} and access type {2}."
.format(topicName, auser, atype))
try:
admin = KafkaAdminClient(
bootstrap_servers=config['cluster.broker.listeners'],
security_protocol=config['cluster.security.protocol'],
ssl_cafile=config['cluster.ssl.cafile'],
ssl_certfile=config['cluster.ssl.certfile'],
ssl_keyfile=config['cluster.ssl.keyfile'])
results = admin.delete_acls([
ACLFilter(principal=acl_user,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
])
except Exception as e:
ns_acl.abort(500, str(e.args))
finally:
admin.close()
if len(results[0][1]) > 0:
return {"delete": "sucess"}
else:
ns_acl.abort(500, "Internal Error(Cannot delete any ACL)")
def test_create_describe_delete_acls(kafka_admin_client):
"""Tests that we can add, list and remove ACLs
"""
# Check that we don't have any ACLs in the cluster
acls, error = kafka_admin_client.describe_acls(
ACLFilter(
principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC, "topic")
)
)
assert error is NoError
assert len(acls) == 0
# Try to add an ACL
acl = ACL(
principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC, "topic")
)
result = kafka_admin_client.create_acls([acl])
assert len(result["failed"]) == 0
assert len(result["succeeded"]) == 1
# Check that we can list the ACL we created
acl_filter = ACLFilter(
principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC, "topic")
)
acls, error = kafka_admin_client.describe_acls(acl_filter)
assert error is NoError
assert len(acls) == 1
# Remove the ACL
delete_results = kafka_admin_client.delete_acls(
[
ACLFilter(
principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC, "topic")
)
]
)
assert len(delete_results) == 1
assert len(delete_results[0][1]) == 1 # Check number of affected ACLs
# Make sure the ACL does not exist in the cluster anymore
acls, error = kafka_admin_client.describe_acls(
ACLFilter(
principal="*",
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC, "topic")
)
)
assert error is NoError
assert len(acls) == 0
def put(self, topicName):
"""
Create Topic ACL.
"""
args = acl_detail_parse.parse_args()
auser = args['user']
atype = args['type']
acl_user = "******" + auser
app.logger.info(
"Request to create ACL for topic {0} for user {1} and access type {2}."
.format(topicName, auser, atype))
try:
admin = KafkaAdminClient(
bootstrap_servers=config['cluster.broker.listeners'],
security_protocol=config['cluster.security.protocol'],
ssl_cafile=config['cluster.ssl.cafile'],
ssl_certfile=config['cluster.ssl.certfile'],
ssl_keyfile=config['cluster.ssl.keyfile'])
if atype == 'READ':
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl2 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl3 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.GROUP, "*"))
result = admin.create_acls([acl1, acl2, acl3])
elif atype == 'WRITE':
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl2 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.WRITE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
acl3 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.CREATE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.CLUSTER, "kafka-cluster"))
result = admin.create_acls([acl1, acl2, acl3])
else:
acl1 = ACL(principal=acl_user,
host="*",
operation=ACLOperation.DESCRIBE,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, topicName))
result = admin.create_acls([acl1])
except Exception as e:
ns_acl.abort(500, str(e.args))
finally:
admin.close()
if len(result["failed"]) == 0:
return {"creation": "success"}
else:
ns_acl.abort(500, "Internal Error(Failure in ACL assignment)")
def test_create_describe_delete_acls(self):
"""Tests that we can add, list and remove ACLs
"""
# Setup
brokers = '%s:%d' % (self.server.host, self.server.port)
admin_client = KafkaAdminClient(bootstrap_servers=brokers)
# Check that we don't have any ACLs in the cluster
acls, error = admin_client.describe_acls(
ACLFilter(principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic")))
self.assertIs(error, NoError)
self.assertEqual(0, len(acls))
# Try to add an ACL
acl = ACL(principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic"))
result = admin_client.create_acls([acl])
self.assertFalse(len(result["failed"]))
self.assertEqual(len(result["succeeded"]), 1)
# Check that we can list the ACL we created
acl_filter = ACLFilter(principal=None,
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(
ResourceType.TOPIC, "topic"))
acls, error = admin_client.describe_acls(acl_filter)
self.assertIs(error, NoError)
self.assertEqual(1, len(acls))
# Remove the ACL
delete_results = admin_client.delete_acls([
ACLFilter(principal="User:test",
host="*",
operation=ACLOperation.READ,
permission_type=ACLPermissionType.ALLOW,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic"))
])
self.assertEqual(1, len(delete_results))
self.assertEqual(1, len(
delete_results[0][1])) # Check number of affected ACLs
# Make sure the ACL does not exist in the cluster anymore
acls, error = admin_client.describe_acls(
ACLFilter(principal="*",
host="*",
operation=ACLOperation.ANY,
permission_type=ACLPermissionType.ANY,
resource_pattern=ResourcePattern(ResourceType.TOPIC,
"topic")))
self.assertIs(error, NoError)
self.assertEqual(0, len(acls))