Class: Karafka::Admin::Acl

Inherits:
Object
  • Object
show all
Defined in:
lib/karafka/admin/acl.rb

Overview

Struct and set of operations for ACLs management that simplifies their usage. It allows to use Ruby symbol based definitions instead of usage of librdkafka types (it allows to use rdkafka numerical types as well out of the box)

We map the numerical values because they are less descriptive and harder to follow.

This API works based on ability to create a ‘Karafka:Admin::Acl` object that can be then used using `#create`, `#delete` and `#describe` class API.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_type:, resource_name:, resource_pattern_type:, principal:, host: '*', operation:, permission_type:) ⇒ Acl

Initializes a new Acl instance with specified attributes.

Each parameter is mapped to its corresponding value in the respective *_MAP constant, allowing usage of more descriptive Ruby symbols instead of numerical types.

Parameters:

  • resource_type (Symbol, Integer)

    Specifies the type of Kafka resource (like :topic, :consumer_group). Accepts either a symbol from RESOURCE_TYPES_MAP or a direct rdkafka numerical type.

  • resource_name (String, nil)

    The name of the Kafka resource (like a specific topic name). Can be nil for certain types of resource pattern types.

  • resource_pattern_type (Symbol, Integer)

    Determines how the ACL is applied to the resource. Uses a symbol from RESOURCE_PATTERNS_TYPE_MAP or a direct rdkafka numerical type.

  • principal (String, nil)

    Specifies the principal (user or client) for which the ACL is being defined. Can be nil if not applicable.

  • host (String) (defaults to: '*')

    (default: ‘*’) Defines the host from which the principal can access the resource. Defaults to ‘*’ for all hosts.

  • operation (Symbol, Integer)

    Indicates the operation type allowed or denied by the ACL. Uses a symbol from OPERATIONS_MAP or a direct rdkafka numerical type.

  • permission_type (Symbol, Integer)

    Specifies whether to allow or deny the specified operation. Uses a symbol from PERMISSION_TYPES_MAP or a direct rdkafka numerical type.



212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# File 'lib/karafka/admin/acl.rb', line 212

def initialize(
  resource_type:,
  resource_name:,
  resource_pattern_type:,
  principal:,
  host: '*',
  operation:,
  permission_type:
)
  @resource_type = map(resource_type, RESOURCE_TYPES_MAP)
  @resource_name = resource_name
  @resource_pattern_type = map(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP)
  @principal = principal
  @host = host
  @operation = map(operation, OPERATIONS_MAP)
  @permission_type = map(permission_type, PERMISSION_TYPES_MAP)
  freeze
end

Instance Attribute Details

#hostObject (readonly)

Returns the value of attribute host.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def host
  @host
end

#operationObject (readonly)

Returns the value of attribute operation.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def operation
  @operation
end

#permission_typeObject (readonly)

Returns the value of attribute permission_type.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def permission_type
  @permission_type
end

#principalObject (readonly)

Returns the value of attribute principal.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def principal
  @principal
end

#resource_nameObject (readonly)

Returns the value of attribute resource_name.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def resource_name
  @resource_name
end

#resource_pattern_typeObject (readonly)

Returns the value of attribute resource_pattern_type.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def resource_pattern_type
  @resource_pattern_type
end

#resource_typeObject (readonly)

Returns the value of attribute resource_type.



188
189
190
# File 'lib/karafka/admin/acl.rb', line 188

def resource_type
  @resource_type
end

Class Method Details

.allArray<Acl>

Returns all acls on a cluster level

Returns:

  • (Array<Acl>)

    all acls



145
146
147
148
149
150
151
152
153
154
155
156
157
# File 'lib/karafka/admin/acl.rb', line 145

def all
  describe(
    new(
      resource_type: :any,
      resource_name: nil,
      resource_pattern_type: :any,
      principal: nil,
      operation: :any,
      permission_type: :any,
      host: '*'
    )
  )
end

.create(acl) ⇒ Array<Acl>

Creates (unless already present) a given ACL rule in Kafka

Parameters:

Returns:

  • (Array<Acl>)

    created acls



108
109
110
111
112
113
114
# File 'lib/karafka/admin/acl.rb', line 108

def create(acl)
  with_admin_wait do |admin|
    admin.create_acl(**acl.to_native_hash)
  end

  [acl]
end

.delete(acl) ⇒ Array<Acl>

Note:

More than one Acl may be removed if rules match that way

Removes acls matching provide acl pattern.

Parameters:

Returns:

  • (Array<Acl>)

    deleted acls



120
121
122
123
124
125
126
127
128
# File 'lib/karafka/admin/acl.rb', line 120

def delete(acl)
  result = with_admin_wait do |admin|
    admin.delete_acl(**acl.to_native_hash)
  end

  result.deleted_acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

.describe(acl) ⇒ Array<Acl>

Takes an Acl definition and describes all existing Acls matching its criteria

Parameters:

Returns:

  • (Array<Acl>)

    described acls



133
134
135
136
137
138
139
140
141
# File 'lib/karafka/admin/acl.rb', line 133

def describe(acl)
  result = with_admin_wait do |admin|
    admin.describe_acl(**acl.to_native_hash)
  end

  result.acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

Instance Method Details

#to_native_hashHash

Converts the Acl into a hash with native rdkafka types

Returns:

  • (Hash)

    hash with attributes matching rdkafka numerical types



233
234
235
236
237
238
239
240
241
242
243
# File 'lib/karafka/admin/acl.rb', line 233

def to_native_hash
  {
    resource_type: remap(resource_type, RESOURCE_TYPES_MAP),
    resource_name: resource_name,
    resource_pattern_type: remap(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP),
    principal: principal,
    host: host,
    operation: remap(operation, OPERATIONS_MAP),
    permission_type: remap(permission_type, PERMISSION_TYPES_MAP)
  }.freeze
end