From be2f5fe1db0dff8addbb3bc5544d7be16ff38b58 Mon Sep 17 00:00:00 2001 From: Poleg Kashti Date: Tue, 8 Oct 2024 22:04:50 +0300 Subject: [PATCH 1/4] Closes #592 --- api/src/main/java/io/kafbat/ui/service/acl/AclsService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java index 4ea82fe12..b3877a336 100644 --- a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java +++ b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java @@ -158,7 +158,7 @@ public Mono createConsumerAcl(KafkaCluster cluster, CreateConsumerAclDTO r .then(); } - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups private List createConsumerBindings(CreateConsumerAclDTO request) { List bindings = new ArrayList<>(); bindings.addAll( @@ -172,7 +172,7 @@ private List createConsumerBindings(CreateConsumerAclDTO request) { bindings.addAll( createAllowBindings( GROUP, - List.of(READ), + List.of(READ, DESCRIBE), request.getPrincipal(), request.getHost(), request.getConsumerGroupsPrefix(), From 1fd3fad98aca33b2329200033ba2d604a04d4cfa Mon Sep 17 00:00:00 2001 From: polegkashti Date: Tue, 8 Oct 2024 22:04:50 +0300 Subject: [PATCH 2/4] Closes #592 --- api/src/main/java/io/kafbat/ui/service/acl/AclsService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java index 4ea82fe12..b3877a336 100644 --- a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java +++ b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java @@ -158,7 +158,7 @@ public Mono createConsumerAcl(KafkaCluster cluster, CreateConsumerAclDTO r .then(); } - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups private List createConsumerBindings(CreateConsumerAclDTO request) { List bindings = new ArrayList<>(); bindings.addAll( @@ -172,7 +172,7 @@ private List createConsumerBindings(CreateConsumerAclDTO request) { bindings.addAll( createAllowBindings( GROUP, - List.of(READ), + List.of(READ, DESCRIBE), request.getPrincipal(), request.getHost(), request.getConsumerGroupsPrefix(), From 7a408b35f359066a94ded35454d21d7e5027d1dd Mon Sep 17 00:00:00 2001 From: polegkashti Date: Wed, 9 Oct 2024 17:42:56 +0300 Subject: [PATCH 3/4] Fix failed acl tests --- .../ui/service/acl/AclsServiceTest.java | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java index 189e7c060..cfa46d1eb 100644 --- a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java +++ b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java @@ -103,10 +103,10 @@ void createsConsumerDependantAcls() { .topics(List.of("t1", "t2")) ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(6) + .hasSize(8) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "t1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -122,9 +122,15 @@ void createsConsumerDependantAcls() { .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test @@ -145,10 +151,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { .topicsPrefix("topicPref") ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(3) + .hasSize(4) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "topicPref", PatternType.PREFIXED), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -157,7 +163,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test From ddc7058c349b3d1acca95fbd6c7f40f5ec50ac16 Mon Sep 17 00:00:00 2001 From: polegkashti Date: Wed, 9 Oct 2024 17:42:56 +0300 Subject: [PATCH 4/4] Fix failed acl tests --- .../ui/service/acl/AclsServiceTest.java | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java index 189e7c060..cfa46d1eb 100644 --- a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java +++ b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java @@ -103,10 +103,10 @@ void createsConsumerDependantAcls() { .topics(List.of("t1", "t2")) ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(6) + .hasSize(8) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "t1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -122,9 +122,15 @@ void createsConsumerDependantAcls() { .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test @@ -145,10 +151,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { .topicsPrefix("topicPref") ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(3) + .hasSize(4) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "topicPref", PatternType.PREFIXED), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -157,7 +163,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test