[ISSUE #184 #192] support plain acl configration

example/rocketmq_v1alpha1_broker_cr.yaml

@@ -26,6 +26,24 @@ data:
     flushDiskType=ASYNC_FLUSH
     # set brokerRole to ASYNC_MASTER or SYNC_MASTER. DO NOT set to SLAVE because the replica instance will automatically be set!!!
     brokerRole=ASYNC_MASTER
+    # set aclEnable to true to enable ACL, and set plain_acl.yml to configure ACL
+    aclEnable=false
+
+  plain_acl.yml: |
+    globalWhiteRemoteAddresses:
+    accounts:
+      - accessKey: RocketMQ
+        secretKey: 12345678
+        whiteRemoteAddress:
+        admin: false
+        defaultTopicPerm: DENY
+        defaultGroupPerm: SUB
+        topicPerms:
+          - TopicTest=PUB
+        groupPerms:
+          # the group should convert to retry topic
+          - oms_consumer_group=DENY
+
 
 ---
 apiVersion: rocketmq.apache.org/v1alpha1
@@ -75,6 +93,13 @@ spec:
         items:
           - key: broker-common.conf
             path: broker-common.conf
+    # uncomment the following to enable ACL
+#    - name: plain-acl
+#      configMap:
+#        name: broker-config
+#        items:
+#          - key: plain_acl.yml
+#            path: plain_acl.yml
   # volumeClaimTemplates defines the storageClass
   volumeClaimTemplates:
     - metadata:

pkg/constants/constants.go

@@ -52,6 +52,10 @@ const (
 	// BrokerConfigName is the name of mounted configuration file
 	BrokerConfigName = "broker-common.conf"
 
+	BrokerPlainAclConfigName = "plain_acl.yml"
+
+	BrokerPlainAclConfigPath = DataPath + "/rocketmq/broker/conf"
+
 	// UpdateBrokerConfig is update broker config command
 	UpdateBrokerConfig = "updateBrokerConfig"
 

pkg/controller/broker/broker_controller.go

@@ -484,19 +484,7 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker,
 							ContainerPort: cons.BrokerHighAvailabilityContainerPort,
 							Name:          cons.BrokerHighAvailabilityContainerPortName,
 						}},
-						VolumeMounts: []corev1.VolumeMount{{
-							MountPath: cons.LogMountPath,
-							Name:      broker.Spec.VolumeClaimTemplates[0].Name,
-							SubPath:   cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
-						}, {
-							MountPath: cons.StoreMountPath,
-							Name:      broker.Spec.VolumeClaimTemplates[0].Name,
-							SubPath:   cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
-						}, {
-							MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName,
-							Name:      broker.Spec.Volumes[0].Name,
-							SubPath:   cons.BrokerConfigName,
-						}},
+						VolumeMounts: getVolumeMounts(broker, brokerGroupIndex, replicaIndex),
 					}},
 					Volumes:         getVolumes(broker),
 					SecurityContext: getPodSecurityContext(broker),
@@ -512,6 +500,30 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker,
 
 }
 
+func getVolumeMounts(broker *rocketmqv1alpha1.Broker, brokerGroupIndex int, replicaIndex int) []corev1.VolumeMount {
+	mounts := []corev1.VolumeMount{{
+		MountPath: cons.LogMountPath,
+		Name:      broker.Spec.VolumeClaimTemplates[0].Name,
+		SubPath:   cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
+	}, {
+		MountPath: cons.StoreMountPath,
+		Name:      broker.Spec.VolumeClaimTemplates[0].Name,
+		SubPath:   cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
+	}, {
+		MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName,
+		Name:      broker.Spec.Volumes[0].Name,
+		SubPath:   cons.BrokerConfigName,
+	}}
+	if len(broker.Spec.Volumes) > 1 && broker.Spec.Volumes[1].Name == "plain-acl" {
+		mounts = append(mounts, corev1.VolumeMount{
+			MountPath: cons.BrokerPlainAclConfigPath + "/" + cons.BrokerPlainAclConfigName,
+			Name:      broker.Spec.Volumes[1].Name,
+			SubPath:   cons.BrokerPlainAclConfigName,
+		})
+	}
+	return mounts
+}
+
 func getENV(broker *rocketmqv1alpha1.Broker, replicaIndex int, brokerGroupIndex int) []corev1.EnvVar {
 	envs := []corev1.EnvVar{{
 		Name:  cons.EnvNameServiceAddress,