Skip to content

fix: use mapped lowercase values in ACL table #1292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
craicoverflow merged 2 commits into from
Nov 5, 2021
Merged

fix: use mapped lowercase values in ACL table #1292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2ede3d9
fix: use mapped lowercase values in ACL table
Nov 5, 2021
2ea178c
style: fix formatting
Nov 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/commands/rhoas_kafka_acl.adoc
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions docs/commands/rhoas_kafka_acl_list.adoc
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 24 additions & 4 deletions pkg/kafka/aclutil/acl_table.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,34 @@ type permissionsRow struct {
func MapACLsToTableRows(bindings []kafkainstanceclient.AclBinding, localizer localize.Localizer) []permissionsRow {
rows := make([]permissionsRow, len(bindings))

for i, p := range bindings {
// get the SDK => CLI key mappings
permissionMap := GetPermissionTypeMap()
reversedPermissionMap := make(map[kafkainstanceclient.AclPermissionType]string)
for k, v := range permissionMap {
reversedPermissionMap[v] = k
}

// get the SDK => CLI key mappings
operationMap := GetOperationMap()
reversedOperationMap := make(map[kafkainstanceclient.AclOperation]string)
for k, v := range operationMap {
reversedOperationMap[v] = k
}

// get the SDK => CLI key mappings
resourceTypeMap := GetResourceTypeMap()
reversedResourceTypeMap := make(map[kafkainstanceclient.AclResourceType]string)
for k, v := range resourceTypeMap {
reversedResourceTypeMap[v] = k
}

for i, p := range bindings {
description := formatTablePatternType(p.PatternType, localizer)
row := permissionsRow{
Principal: formatTablePrincipal(p.GetPrincipal(), localizer),
Permission: string(p.GetPermission()),
Operation: string(p.GetOperation()),
Description: fmt.Sprintf("%s %s \"%s\"", p.GetResourceType(), description, p.GetResourceName()),
Permission: reversedPermissionMap[p.GetPermission()],
Operation: reversedOperationMap[p.GetOperation()],
Description: fmt.Sprintf("%s %s \"%s\"", reversedResourceTypeMap[p.GetResourceType()], description, p.GetResourceName()),
}
rows[i] = row
}
Expand Down
12 changes: 12 additions & 0 deletions pkg/kafka/aclutil/enums.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,13 @@ var resourceTypeFilterMap = map[string]kafkainstanceclient.AclResourceTypeFilter
ResourceTypeTRANSACTIONAL_ID: kafkainstanceclient.ACLRESOURCETYPEFILTER_TRANSACTIONAL_ID,
}

var resourceTypeMap = map[string]kafkainstanceclient.AclResourceType{
ResourceTypeCLUSTER: kafkainstanceclient.ACLRESOURCETYPE_CLUSTER,
ResourceTypeTOPIC: kafkainstanceclient.ACLRESOURCETYPE_TOPIC,
ResourceTypeGROUP: kafkainstanceclient.ACLRESOURCETYPE_GROUP,
ResourceTypeTRANSACTIONAL_ID: kafkainstanceclient.ACLRESOURCETYPE_TRANSACTIONAL_ID,
}

var operationFilterMap = map[string]kafkainstanceclient.AclOperationFilter{
OperationALL: kafkainstanceclient.ACLOPERATIONFILTER_ALL,
OperationREAD: kafkainstanceclient.ACLOPERATIONFILTER_READ,
Expand Down Expand Up @@ -141,3 +148,8 @@ func GetMappedResourceTypeFilterValue(resourceType string) kafkainstanceclient.A
func GetResourceTypeFilterKeyMap() map[string]string {
return resourceTypeOperationKeyMap
}

// GetResourceTypeMap gets the mappings for ACL resource types
func GetResourceTypeMap() map[string]kafkainstanceclient.AclResourceType {
return resourceTypeMap
}
12 changes: 6 additions & 6 deletions pkg/localize/locales/en/cmd/acl.en.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ one = 'Kafka ACL management for users and service accounts'
[kafka.acl.cmd.longDescription]
one = '''
Set of commands that will let you manage Kafka ACLs.
By default, every users and service account have limited access to their Kafka instance (Only DESCRIBE permission is enabled for TOPIC, ACL, and GROUP).
By default, every users and service account have limited access to their Kafka instance (Only describe permission is enabled for TOPIC, ACL, and GROUP).
'''

[kafka.acl.cmd.example]
Expand Down Expand Up @@ -141,10 +141,10 @@ By default, new Kafka instances contain the following ACLs:

PRINCIPAL (4) PERMISSION OPERATION DESCRIPTION
---------------- ------------ ------------------ ----------------
All accounts ALLOW DESCRIBE GROUP is "*"
All accounts ALLOW DESCRIBE CLUSTER is "*"
All accounts ALLOW DESCRIBE_CONFIGS TOPIC is "*"
All accounts ALLOW DESCRIBE TOPIC is "*"
All accounts allow describe group is "*"
All accounts allow describe cluster is "*"
All accounts allow describe-configs topic is "*"
All accounts allow describe topic is "*"

These ACLs allow all accounts in the organization to view the Kafka instance permissions and to view topics and consumer groups in the instance, but not to produce or consume messages.

Expand All @@ -155,7 +155,7 @@ The ACLs are displayed in a table by default. Alternatively, you can display the
one = 'Format in which to display the Kafka ACL rules (choose from: "json", "yml", "yaml")'

[kafka.acl.list.allAccounts]
one = 'All accounts'
one = 'All Accounts'

[kafka.acl.list.is]
one = 'is'
Expand Down