Skip to content

Commit

Permalink
Use resource ID in ksql cluster configure-acls (#2540)
Browse files Browse the repository at this point in the history
  • Loading branch information
@brianstrauch
brianstrauch authored Jan 11, 2024
1 parent a545919 commit 6a1625d
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 75 deletions.
11 changes: 4 additions & 7 deletions internal/ksql/command_cluster_configureacls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package ksql

import (
"fmt"
"strconv"

"github.com/spf13/cobra"

Expand Down Expand Up @@ -98,16 +97,14 @@ func (c *ksqlCommand) configureACLs(cmd *cobra.Command, args []string) error {
}

func (c *ksqlCommand) getServiceAccount(cluster *ksqlv2.KsqldbcmV2Cluster) (string, error) {
users, err := c.Client.User.GetServiceAccounts()
serviceAccounts, err := c.Client.User.GetServiceAccounts()
if err != nil {
return "", err
}

credentialIdentity := cluster.Spec.CredentialIdentity.GetId()

for _, user := range users {
if user.ServiceName == fmt.Sprintf("KSQL.%s", cluster.GetId()) || user.ResourceId == credentialIdentity {
return strconv.Itoa(int(user.Id)), nil
for _, serviceAccount := range serviceAccounts {
if serviceAccount.GetServiceName() == fmt.Sprintf("KSQL.%s", cluster.GetId()) || serviceAccount.ResourceId == cluster.Spec.CredentialIdentity.GetId() {
return serviceAccount.GetResourceId(), nil
}
}
return "", fmt.Errorf(errors.KsqldbNoServiceAccountErrorMsg, cluster.GetId())
Expand Down
68 changes: 34 additions & 34 deletions test/fixtures/output/ksql/cluster/configure-acls-dry-run.golden
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
Principal | Permission | Operation | Resource Type | Resource Name | Pattern Type
-------------+------------+------------------+------------------+------------------------------+---------------
User:12345 | ALLOW | ALTER | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | CLUSTER | kafka-cluster | LITERAL
User:12345 | ALLOW | DESCRIBE | GROUP | * | LITERAL
User:12345 | ALLOW | DESCRIBE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TOPIC | * | LITERAL
User:12345 | ALLOW | DESCRIBE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | CLUSTER | kafka-cluster | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | * | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | * | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
Principal | Permission | Operation | Resource Type | Resource Name | Pattern Type
----------------+------------+------------------+------------------+------------------------------+---------------
User:sa-12345 | ALLOW | ALTER | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | CLUSTER | kafka-cluster | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | GROUP | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | CLUSTER | kafka-cluster | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
68 changes: 34 additions & 34 deletions test/fixtures/output/ksql/cluster/configure-acls.golden
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
Principal | Permission | Operation | Resource Type | Resource Name | Pattern Type
-------------+------------+------------------+------------------+------------------------------+---------------
User:12345 | ALLOW | ALTER | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | ALTER_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | CREATE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DELETE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | CLUSTER | kafka-cluster | LITERAL
User:12345 | ALLOW | DESCRIBE | GROUP | * | LITERAL
User:12345 | ALLOW | DESCRIBE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TOPIC | * | LITERAL
User:12345 | ALLOW | DESCRIBE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | CLUSTER | kafka-cluster | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | * | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | * | LITERAL
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | READ | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TOPIC | pksqlc-zxcvb | PREFIXED
User:12345 | ALLOW | WRITE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
Principal | Permission | Operation | Resource Type | Resource Name | Pattern Type
----------------+------------+------------------+------------------+------------------------------+---------------
User:sa-12345 | ALLOW | ALTER | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | ALTER_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | CREATE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DELETE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | CLUSTER | kafka-cluster | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | GROUP | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | CLUSTER | kafka-cluster | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | * | LITERAL
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | DESCRIBE_CONFIGS | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | READ | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | GROUP | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TOPIC | _confluent-ksql-pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TOPIC | pksqlc-zxcvb | PREFIXED
User:sa-12345 | ALLOW | WRITE | TRANSACTIONAL_ID | pksqlc-zxcvb | LITERAL

0 comments on commit 6a1625d

Please sign in to comment.