Class: Karafka::Admin::Acl

Inherits:
Object
  • Object
show all
Defined in:
lib/karafka/admin/acl.rb

Overview

Struct and set of operations for ACLs management that simplifies their usage. It allows to use Ruby symbol based definitions instead of usage of librdkafka types (it allows to use rdkafka numerical types as well out of the box)

We map the numerical values because they are less descriptive and harder to follow.

This API works based on ability to create a Karafka:Admin::Acl object that can be then used using #create, #delete and #describe class API.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_type:, resource_name:, resource_pattern_type:, principal:, host: '*', operation:, permission_type:) ⇒ Acl

Initializes a new Acl instance with specified attributes.

Each parameter is mapped to its corresponding value in the respective *_MAP constant, allowing usage of more descriptive Ruby symbols instead of numerical types.

Parameters:

  • resource_type (Symbol, Integer)

    Specifies the type of Kafka resource (like :topic, :consumer_group). Accepts either a symbol from RESOURCE_TYPES_MAP or a direct rdkafka numerical type.

  • resource_name (String, nil)

    The name of the Kafka resource (like a specific topic name). Can be nil for certain types of resource pattern types.

  • resource_pattern_type (Symbol, Integer)

    Determines how the ACL is applied to the resource. Uses a symbol from RESOURCE_PATTERNS_TYPE_MAP or a direct rdkafka numerical type.

  • principal (String, nil)

    Specifies the principal (user or client) for which the ACL is being defined. Can be nil if not applicable.

  • host (String) (defaults to: '*')

    (default: ‘’) Defines the host from which the principal can access the resource. Defaults to ‘’ for all hosts.

  • operation (Symbol, Integer)

    Indicates the operation type allowed or denied by the ACL. Uses a symbol from OPERATIONS_MAP or a direct rdkafka numerical type.

  • permission_type (Symbol, Integer)

    Specifies whether to allow or deny the specified operation. Uses a symbol from PERMISSION_TYPES_MAP or a direct rdkafka numerical type.



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# File 'lib/karafka/admin/acl.rb', line 216

def initialize(
  resource_type:,
  resource_name:,
  resource_pattern_type:,
  principal:,
  host: '*',
  operation:,
  permission_type:
)
  @resource_type = map(resource_type, RESOURCE_TYPES_MAP)
  @resource_name = resource_name
  @resource_pattern_type = map(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP)
  @principal = principal
  @host = host
  @operation = map(operation, OPERATIONS_MAP)
  @permission_type = map(permission_type, PERMISSION_TYPES_MAP)
  freeze
end

Instance Attribute Details

#hostObject (readonly)

Returns the value of attribute host.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def host
  @host
end

#operationObject (readonly)

Returns the value of attribute operation.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def operation
  @operation
end

#permission_typeObject (readonly)

Returns the value of attribute permission_type.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def permission_type
  @permission_type
end

#principalObject (readonly)

Returns the value of attribute principal.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def principal
  @principal
end

#resource_nameObject (readonly)

Returns the value of attribute resource_name.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def resource_name
  @resource_name
end

#resource_pattern_typeObject (readonly)

Returns the value of attribute resource_pattern_type.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def resource_pattern_type
  @resource_pattern_type
end

#resource_typeObject (readonly)

Returns the value of attribute resource_type.



192
193
194
# File 'lib/karafka/admin/acl.rb', line 192

def resource_type
  @resource_type
end

Class Method Details

.allArray<Acl>

Returns all acls on a cluster level

Returns:

  • (Array<Acl>)

    all acls



149
150
151
152
153
154
155
156
157
158
159
160
161
# File 'lib/karafka/admin/acl.rb', line 149

def all
  describe(
    new(
      resource_type: :any,
      resource_name: nil,
      resource_pattern_type: :any,
      principal: nil,
      operation: :any,
      permission_type: :any,
      host: '*'
    )
  )
end

.create(acl) ⇒ Array<Acl>

Creates (unless already present) a given ACL rule in Kafka

Parameters:

Returns:

  • (Array<Acl>)

    created acls



112
113
114
115
116
117
118
# File 'lib/karafka/admin/acl.rb', line 112

def create(acl)
  with_admin_wait do |admin|
    admin.create_acl(**acl.to_native_hash)
  end

  [acl]
end

.delete(acl) ⇒ Array<Acl>

Note:

More than one Acl may be removed if rules match that way

Removes acls matching provide acl pattern.

Parameters:

Returns:

  • (Array<Acl>)

    deleted acls



124
125
126
127
128
129
130
131
132
# File 'lib/karafka/admin/acl.rb', line 124

def delete(acl)
  result = with_admin_wait do |admin|
    admin.delete_acl(**acl.to_native_hash)
  end

  result.deleted_acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

.describe(acl) ⇒ Array<Acl>

Takes an Acl definition and describes all existing Acls matching its criteria

Parameters:

Returns:

  • (Array<Acl>)

    described acls



137
138
139
140
141
142
143
144
145
# File 'lib/karafka/admin/acl.rb', line 137

def describe(acl)
  result = with_admin_wait do |admin|
    admin.describe_acl(**acl.to_native_hash)
  end

  result.acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

Instance Method Details

#to_native_hashHash

Converts the Acl into a hash with native rdkafka types

Returns:

  • (Hash)

    hash with attributes matching rdkafka numerical types



237
238
239
240
241
242
243
244
245
246
247
# File 'lib/karafka/admin/acl.rb', line 237

def to_native_hash
  {
    resource_type: remap(resource_type, RESOURCE_TYPES_MAP),
    resource_name: resource_name,
    resource_pattern_type: remap(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP),
    principal: principal,
    host: host,
    operation: remap(operation, OPERATIONS_MAP),
    permission_type: remap(permission_type, PERMISSION_TYPES_MAP)
  }.freeze
end