Added Create and Delete ACL Feature To Admin Functions (#244) (#347)

* Added Create and Delete ACL Feature To Admin Functions (#244)

* Added support for createAcls

* use named variables and binding changes

* Added support for delete acls

* handled deleteAcl matching acls response array

* removed special handling for matching_acls failure

* Renamed variables in acl handler and report classes as the success and failure responses are stored in them

* Added DescribeAcl feature and fixed code review comments

* fixed describeAcl handle and report comments

* fixed callback result parsing for delete and describe acl

* fixed describe acl and delete acl response array processing

* Added unit tests for create acl handle and report

* Added unit tests for describe acl handle and report

* Added unit tests for delete acl handle and report

* handled acl pointers created for describe and delete acl unit tests

* Structured the acl unit test code

* Added non existing resource test for create acls

* Added resource literal any

* fixed describe_acl to support null resource name principal and host

* fixed segment fault error in fetching multiple acls

* fixed deletion of multiple acls matching the request filters

---------

Co-authored-by: Venkatesh Gnanasekaran <[email protected]>
Co-authored-by: Maciej Mensfeld <[email protected]>

* align admin api

* enable acls

---------

Co-authored-by: vgnanasekaran <[email protected]>
Co-authored-by: Venkatesh Gnanasekaran <[email protected]>

Author: 3 people

docker-compose.yml

@@ -23,3 +23,5 @@ services:
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
       KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
       KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer

lib/rdkafka.rb

@@ -13,6 +13,13 @@
 require "rdkafka/admin/create_topic_report"
 require "rdkafka/admin/delete_topic_handle"
 require "rdkafka/admin/delete_topic_report"
+require "rdkafka/admin/create_acl_handle"
+require "rdkafka/admin/create_acl_report"
+require "rdkafka/admin/delete_acl_handle"
+require "rdkafka/admin/delete_acl_report"
+require "rdkafka/admin/describe_acl_handle"
+require "rdkafka/admin/describe_acl_report"
+require "rdkafka/admin/acl_binding_result"
 require "rdkafka/bindings"
 require "rdkafka/callbacks"
 require "rdkafka/config"

lib/rdkafka/admin.rb

@@ -163,6 +163,316 @@ def delete_topic(topic_name)
       delete_topic_handle
     end
 
+    # Create acl
+    # @param resource_type - values of type rd_kafka_ResourceType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7307
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_TOPIC   = 2
+    #           RD_KAFKA_RESOURCE_GROUP   = 3
+    #           RD_KAFKA_RESOURCE_BROKER  = 4
+    # @param resource_pattern_type - values of type rd_kafka_ResourcePatternType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7320
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_PATTERN_MATCH    = 2
+    #           RD_KAFKA_RESOURCE_PATTERN_LITERAL  = 3
+    #           RD_KAFKA_RESOURCE_PATTERN_PREFIXED = 4
+    # @param operation - values of type rd_kafka_AclOperation_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8403
+    #        valid values are:
+    #           RD_KAFKA_ACL_OPERATION_ALL              = 2
+    #           RD_KAFKA_ACL_OPERATION_READ             = 3
+    #           RD_KAFKA_ACL_OPERATION_WRITE            = 4
+    #           RD_KAFKA_ACL_OPERATION_CREATE           = 5
+    #           RD_KAFKA_ACL_OPERATION_DELETE           = 6
+    #           RD_KAFKA_ACL_OPERATION_ALTER            = 7
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE         = 8
+    #           RD_KAFKA_ACL_OPERATION_CLUSTER_ACTION   = 9
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE_CONFIGS = 10
+    #           RD_KAFKA_ACL_OPERATION_ALTER_CONFIGS    = 11
+    #           RD_KAFKA_ACL_OPERATION_IDEMPOTENT_WRITE = 12
+    # @param permission_type - values of type rd_kafka_AclPermissionType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8435
+    #        valid values are:
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_DENY  = 2
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_ALLOW = 3
+    # @raise [RdkafkaError]
+    #
+    # @return [CreateAclHandle] Create acl handle that can be used to wait for the result of creating the acl
+    def create_acl(resource_type:, resource_name:, resource_pattern_type:, principal:, host:, operation:, permission_type:)
+      closed_admin_check(__method__)
+
+      # Create a rd_kafka_AclBinding_t representing the new acl
+      error_buffer = FFI::MemoryPointer.from_string(" " * 256)
+      new_acl_ptr = Rdkafka::Bindings.rd_kafka_AclBinding_new(
+        resource_type,
+        FFI::MemoryPointer.from_string(resource_name),
+        resource_pattern_type,
+        FFI::MemoryPointer.from_string(principal),
+        FFI::MemoryPointer.from_string(host),
+        operation,
+        permission_type,
+        error_buffer,
+        256
+      )
+      if new_acl_ptr.null?
+        raise Rdkafka::Config::ConfigError.new(error_buffer.read_string)
+      end
+
+      # Note that rd_kafka_CreateAcls can create more than one acl at a time
+      pointer_array = [new_acl_ptr]
+      acls_array_ptr = FFI::MemoryPointer.new(:pointer)
+      acls_array_ptr.write_array_of_pointer(pointer_array)
+
+      # Get a pointer to the queue that our request will be enqueued on
+      queue_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_queue_get_background(inner)
+      end
+
+      if queue_ptr.null?
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(new_acl_ptr)
+        raise Rdkafka::Config::ConfigError.new("rd_kafka_queue_get_background was NULL")
+      end
+
+      # Create and register the handle that we will return to the caller
+      create_acl_handle = CreateAclHandle.new
+      create_acl_handle[:pending] = true
+      create_acl_handle[:response] = -1
+      CreateAclHandle.register(create_acl_handle)
+
+      admin_options_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_AdminOptions_new(inner, Rdkafka::Bindings::RD_KAFKA_ADMIN_OP_CREATEACLS)
+      end
+
+      Rdkafka::Bindings.rd_kafka_AdminOptions_set_opaque(admin_options_ptr, create_acl_handle.to_ptr)
+
+      begin
+        @native_kafka.with_inner do |inner|
+          Rdkafka::Bindings.rd_kafka_CreateAcls(
+            inner,
+            acls_array_ptr,
+            1,
+            admin_options_ptr,
+            queue_ptr
+          )
+        end
+      rescue Exception
+        CreateAclHandle.remove(create_acl_handle.to_ptr.address)
+        raise
+      ensure
+        Rdkafka::Bindings.rd_kafka_AdminOptions_destroy(admin_options_ptr)
+        Rdkafka::Bindings.rd_kafka_queue_destroy(queue_ptr)
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(new_acl_ptr)
+      end
+
+      create_acl_handle
+    end
+
+    # Delete acl
+    #
+    # @param resource_type - values of type rd_kafka_ResourceType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7307
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_TOPIC   = 2
+    #           RD_KAFKA_RESOURCE_GROUP   = 3
+    #           RD_KAFKA_RESOURCE_BROKER  = 4
+    # @param resource_pattern_type - values of type rd_kafka_ResourcePatternType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7320
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_PATTERN_MATCH    = 2
+    #           RD_KAFKA_RESOURCE_PATTERN_LITERAL  = 3
+    #           RD_KAFKA_RESOURCE_PATTERN_PREFIXED = 4
+    # @param operation - values of type rd_kafka_AclOperation_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8403
+    #        valid values are:
+    #           RD_KAFKA_ACL_OPERATION_ALL              = 2
+    #           RD_KAFKA_ACL_OPERATION_READ             = 3
+    #           RD_KAFKA_ACL_OPERATION_WRITE            = 4
+    #           RD_KAFKA_ACL_OPERATION_CREATE           = 5
+    #           RD_KAFKA_ACL_OPERATION_DELETE           = 6
+    #           RD_KAFKA_ACL_OPERATION_ALTER            = 7
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE         = 8
+    #           RD_KAFKA_ACL_OPERATION_CLUSTER_ACTION   = 9
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE_CONFIGS = 10
+    #           RD_KAFKA_ACL_OPERATION_ALTER_CONFIGS    = 11
+    #           RD_KAFKA_ACL_OPERATION_IDEMPOTENT_WRITE = 12
+    # @param permission_type - values of type rd_kafka_AclPermissionType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8435
+    #        valid values are:
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_DENY  = 2
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_ALLOW = 3
+    # @raise [RdkafkaError]
+    #
+    # @return [DeleteAclHandle] Delete acl handle that can be used to wait for the result of deleting the acl
+    def delete_acl(resource_type:, resource_name:, resource_pattern_type:, principal:, host:, operation:, permission_type:)
+      closed_admin_check(__method__)
+
+      # Create a rd_kafka_AclBinding_t representing the acl to be deleted
+      error_buffer = FFI::MemoryPointer.from_string(" " * 256)
+
+      delete_acl_ptr = Rdkafka::Bindings.rd_kafka_AclBindingFilter_new(
+        resource_type,
+        resource_name ? FFI::MemoryPointer.from_string(resource_name) : nil,
+        resource_pattern_type,
+        principal ? FFI::MemoryPointer.from_string(principal) : nil,
+        host ? FFI::MemoryPointer.from_string(host) : nil,
+        operation,
+        permission_type,
+        error_buffer,
+        256
+      )
+
+      if delete_acl_ptr.null?
+        raise Rdkafka::Config::ConfigError.new(error_buffer.read_string)
+      end
+
+      # Note that rd_kafka_DeleteAcls can delete more than one acl at a time
+      pointer_array = [delete_acl_ptr]
+      acls_array_ptr = FFI::MemoryPointer.new(:pointer)
+      acls_array_ptr.write_array_of_pointer(pointer_array)
+
+      # Get a pointer to the queue that our request will be enqueued on
+      queue_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_queue_get_background(inner)
+      end
+
+      if queue_ptr.null?
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(new_acl_ptr)
+        raise Rdkafka::Config::ConfigError.new("rd_kafka_queue_get_background was NULL")
+      end
+
+      # Create and register the handle that we will return to the caller
+      delete_acl_handle = DeleteAclHandle.new
+      delete_acl_handle[:pending] = true
+      delete_acl_handle[:response] = -1
+      DeleteAclHandle.register(delete_acl_handle)
+
+      admin_options_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_AdminOptions_new(inner, Rdkafka::Bindings::RD_KAFKA_ADMIN_OP_DELETEACLS)
+      end
+
+      Rdkafka::Bindings.rd_kafka_AdminOptions_set_opaque(admin_options_ptr, delete_acl_handle.to_ptr)
+
+      begin
+        @native_kafka.with_inner do |inner|
+          Rdkafka::Bindings.rd_kafka_DeleteAcls(
+            inner,
+            acls_array_ptr,
+            1,
+            admin_options_ptr,
+            queue_ptr
+          )
+        end
+      rescue Exception
+        DeleteAclHandle.remove(delete_acl_handle.to_ptr.address)
+        raise
+      ensure
+        Rdkafka::Bindings.rd_kafka_AdminOptions_destroy(admin_options_ptr)
+        Rdkafka::Bindings.rd_kafka_queue_destroy(queue_ptr)
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(delete_acl_ptr)
+      end
+
+      delete_acl_handle
+    end
+
+    # Describe acls
+    #
+    # @param resource_type - values of type rd_kafka_ResourceType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7307
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_TOPIC   = 2
+    #           RD_KAFKA_RESOURCE_GROUP   = 3
+    #           RD_KAFKA_RESOURCE_BROKER  = 4
+    # @param resource_pattern_type - values of type rd_kafka_ResourcePatternType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L7320
+    #        valid values are:
+    #           RD_KAFKA_RESOURCE_PATTERN_MATCH    = 2
+    #           RD_KAFKA_RESOURCE_PATTERN_LITERAL  = 3
+    #           RD_KAFKA_RESOURCE_PATTERN_PREFIXED = 4
+    # @param operation - values of type rd_kafka_AclOperation_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8403
+    #        valid values are:
+    #           RD_KAFKA_ACL_OPERATION_ALL              = 2
+    #           RD_KAFKA_ACL_OPERATION_READ             = 3
+    #           RD_KAFKA_ACL_OPERATION_WRITE            = 4
+    #           RD_KAFKA_ACL_OPERATION_CREATE           = 5
+    #           RD_KAFKA_ACL_OPERATION_DELETE           = 6
+    #           RD_KAFKA_ACL_OPERATION_ALTER            = 7
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE         = 8
+    #           RD_KAFKA_ACL_OPERATION_CLUSTER_ACTION   = 9
+    #           RD_KAFKA_ACL_OPERATION_DESCRIBE_CONFIGS = 10
+    #           RD_KAFKA_ACL_OPERATION_ALTER_CONFIGS    = 11
+    #           RD_KAFKA_ACL_OPERATION_IDEMPOTENT_WRITE = 12
+    # @param permission_type - values of type rd_kafka_AclPermissionType_t
+    #        https://github.com/confluentinc/librdkafka/blob/292d2a66b9921b783f08147807992e603c7af059/src/rdkafka.h#L8435
+    #        valid values are:
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_DENY  = 2
+    #           RD_KAFKA_ACL_PERMISSION_TYPE_ALLOW = 3
+    # @raise [RdkafkaError]
+    #
+    # @return [DescribeAclHandle] Describe acl handle that can be used to wait for the result of fetching acls
+    def describe_acl(resource_type:, resource_name:, resource_pattern_type:, principal:, host:, operation:, permission_type:)
+      closed_admin_check(__method__)
+
+      # Create a rd_kafka_AclBinding_t with the filters to fetch existing acls
+      error_buffer = FFI::MemoryPointer.from_string(" " * 256)
+      describe_acl_ptr = Rdkafka::Bindings.rd_kafka_AclBindingFilter_new(
+        resource_type,
+        resource_name ? FFI::MemoryPointer.from_string(resource_name) : nil,
+        resource_pattern_type,
+        principal ? FFI::MemoryPointer.from_string(principal) : nil,
+        host ? FFI::MemoryPointer.from_string(host) : nil,
+        operation,
+        permission_type,
+        error_buffer,
+        256
+      )
+      if describe_acl_ptr.null?
+        raise Rdkafka::Config::ConfigError.new(error_buffer.read_string)
+      end
+
+      # Get a pointer to the queue that our request will be enqueued on
+      queue_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_queue_get_background(inner)
+      end
+
+      if queue_ptr.null?
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(new_acl_ptr)
+        raise Rdkafka::Config::ConfigError.new("rd_kafka_queue_get_background was NULL")
+      end
+
+      # Create and register the handle that we will return to the caller
+      describe_acl_handle = DescribeAclHandle.new
+      describe_acl_handle[:pending] = true
+      describe_acl_handle[:response] = -1
+      DescribeAclHandle.register(describe_acl_handle)
+
+      admin_options_ptr = @native_kafka.with_inner do |inner|
+        Rdkafka::Bindings.rd_kafka_AdminOptions_new(inner, Rdkafka::Bindings::RD_KAFKA_ADMIN_OP_DESCRIBEACLS)
+      end
+
+      Rdkafka::Bindings.rd_kafka_AdminOptions_set_opaque(admin_options_ptr, describe_acl_handle.to_ptr)
+
+      begin
+        @native_kafka.with_inner do |inner|
+          Rdkafka::Bindings.rd_kafka_DescribeAcls(
+            inner,
+            describe_acl_ptr,
+            admin_options_ptr,
+            queue_ptr
+          )
+        end
+      rescue Exception
+        DescribeAclHandle.remove(describe_acl_handle.to_ptr.address)
+        raise
+      ensure
+        Rdkafka::Bindings.rd_kafka_AdminOptions_destroy(admin_options_ptr)
+        Rdkafka::Bindings.rd_kafka_queue_destroy(queue_ptr)
+        Rdkafka::Bindings.rd_kafka_AclBinding_destroy(describe_acl_ptr)
+      end
+
+      describe_acl_handle
+    end
+
     private
     def closed_admin_check(method)
       raise Rdkafka::ClosedAdminError.new(method) if closed?

lib/rdkafka/admin/acl_binding_result.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Rdkafka
+  class Admin
+
+    # Extracts attributes of rd_kafka_AclBinding_t
+    #
+    class AclBindingResult
+      attr_reader :result_error, :error_string, :matching_acl_resource_type, :matching_acl_resource_name, :matching_acl_pattern_type, :matching_acl_principal, :matching_acl_host, :matching_acl_operation, :matching_acl_permission_type
+
+      def initialize(matching_acl)
+          rd_kafka_error_pointer        = Rdkafka::Bindings.rd_kafka_AclBinding_error(matching_acl)
+          @result_error                 = Rdkafka::Bindings.rd_kafka_error_code(rd_kafka_error_pointer)
+          error_string                 = Rdkafka::Bindings.rd_kafka_error_string(rd_kafka_error_pointer)
+          if error_string != FFI::Pointer::NULL
+            @error_string = error_string.read_string
+          end
+          @matching_acl_resource_type   = Rdkafka::Bindings.rd_kafka_AclBinding_restype(matching_acl)
+          matching_acl_resource_name    = Rdkafka::Bindings.rd_kafka_AclBinding_name(matching_acl)
+          if matching_acl_resource_name != FFI::Pointer::NULL
+            @matching_acl_resource_name = matching_acl_resource_name.read_string
+          end
+          @matching_acl_pattern_type    = Rdkafka::Bindings.rd_kafka_AclBinding_resource_pattern_type(matching_acl)
+          matching_acl_principal        = Rdkafka::Bindings.rd_kafka_AclBinding_principal(matching_acl)
+          if matching_acl_principal != FFI::Pointer::NULL
+            @matching_acl_principal = matching_acl_principal.read_string
+          end
+          matching_acl_host             = Rdkafka::Bindings.rd_kafka_AclBinding_host(matching_acl)
+          if matching_acl_host != FFI::Pointer::NULL
+            @matching_acl_host = matching_acl_host.read_string
+          end
+          @matching_acl_operation       = Rdkafka::Bindings.rd_kafka_AclBinding_operation(matching_acl)
+          @matching_acl_permission_type = Rdkafka::Bindings.rd_kafka_AclBinding_permission_type(matching_acl)
+        end
+      end
+  end
+end