Class: Karafka::Admin::Acl

Inherits:

Object

• Object
• Karafka::Admin::Acl

Defined in:

lib/karafka/admin/acl.rb

Overview

Struct and set of operations for ACLs management that simplifies their usage. It allows to use Ruby symbol based definitions instead of usage of librdkafka types (it allows to use rdkafka numerical types as well out of the box)

We map the numerical values because they are less descriptive and harder to follow.

This API works based on ability to create a Karafka:Admin::Acl object that can be then used using #create, #delete and #describe class API.

Instance Attribute Summary

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #operation ⇒ Object readonly

  Returns the value of attribute operation.

• #permission_type ⇒ Object readonly

  Returns the value of attribute permission_type.

• #principal ⇒ Object readonly

  Returns the value of attribute principal.

• #resource_name ⇒ Object readonly

  Returns the value of attribute resource_name.

• #resource_pattern_type ⇒ Object readonly

  Returns the value of attribute resource_pattern_type.

• #resource_type ⇒ Object readonly

  Returns the value of attribute resource_type.

Class Method Summary

• .all ⇒ Array<Acl>

  Returns all acls on a cluster level.

• .create(acl) ⇒ Array<Acl>

  Creates (unless already present) a given ACL rule in Kafka.

• .delete(acl) ⇒ Array<Acl>

  Removes acls matching provide acl pattern.

• .describe(acl) ⇒ Array<Acl>

  Takes an Acl definition and describes all existing Acls matching its criteria.

Instance Method Summary

• #initialize(resource_type:, resource_name:, resource_pattern_type:, principal:, host: '*', operation:, permission_type:) ⇒ Acl constructor

  Initializes a new Acl instance with specified attributes.

• #to_native_hash ⇒ Hash

  Converts the Acl into a hash with native rdkafka types.

Constructor Details

#initialize(resource_type:, resource_name:, resource_pattern_type:, principal:, host: '*', operation:, permission_type:) ⇒ Acl

Initializes a new Acl instance with specified attributes.

Each parameter is mapped to its corresponding value in the respective *_MAP constant, allowing usage of more descriptive Ruby symbols instead of numerical types.

Parameters:

• resource_type (Symbol, Integer) —

  Specifies the type of Kafka resource (like :topic, :consumer_group). Accepts either a symbol from RESOURCE_TYPES_MAP or a direct rdkafka numerical type.

• resource_name (String, nil) —

  The name of the Kafka resource (like a specific topic name). Can be nil for certain types of resource pattern types.

• resource_pattern_type (Symbol, Integer) —

  Determines how the ACL is applied to the resource. Uses a symbol from RESOURCE_PATTERNS_TYPE_MAP or a direct rdkafka numerical type.

• principal (String, nil) —

  Specifies the principal (user or client) for which the ACL is being defined. Can be nil if not applicable.

• host (String) (defaults to: '*') —

  (default: ‘’) Defines the host from which the principal can access the resource. Defaults to ‘’ for all hosts.

• operation (Symbol, Integer) —

  Indicates the operation type allowed or denied by the ACL. Uses a symbol from OPERATIONS_MAP or a direct rdkafka numerical type.

• permission_type (Symbol, Integer) —

  Specifies whether to allow or deny the specified operation. Uses a symbol from PERMISSION_TYPES_MAP or a direct rdkafka numerical type.

# File 'lib/karafka/admin/acl.rb', line 216

def initialize(
  resource_type:,
  resource_name:,
  resource_pattern_type:,
  principal:,
  host: '*',
  operation:,
  permission_type:
)
  @resource_type = map(resource_type, RESOURCE_TYPES_MAP)
  @resource_name = resource_name
  @resource_pattern_type = map(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP)
  @principal = principal
  @host = host
  @operation = map(operation, OPERATIONS_MAP)
  @permission_type = map(permission_type, PERMISSION_TYPES_MAP)
  freeze
end

Instance Attribute Details

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/karafka/admin/acl.rb', line 192

def host
  @host
end

#operation ⇒ Object (readonly)

Returns the value of attribute operation.

# File 'lib/karafka/admin/acl.rb', line 192

def operation
  @operation
end

#permission_type ⇒ Object (readonly)

Returns the value of attribute permission_type.

# File 'lib/karafka/admin/acl.rb', line 192

def permission_type
  @permission_type
end

#principal ⇒ Object (readonly)

Returns the value of attribute principal.

# File 'lib/karafka/admin/acl.rb', line 192

def principal
  @principal
end

#resource_name ⇒ Object (readonly)

Returns the value of attribute resource_name.

# File 'lib/karafka/admin/acl.rb', line 192

def resource_name
  @resource_name
end

#resource_pattern_type ⇒ Object (readonly)

Returns the value of attribute resource_pattern_type.

# File 'lib/karafka/admin/acl.rb', line 192

def resource_pattern_type
  @resource_pattern_type
end

#resource_type ⇒ Object (readonly)

Returns the value of attribute resource_type.

# File 'lib/karafka/admin/acl.rb', line 192

def resource_type
  @resource_type
end

Class Method Details

.all ⇒ Array<Acl>

Returns all acls on a cluster level

Returns:

• (Array<Acl>) —

  all acls

# File 'lib/karafka/admin/acl.rb', line 149

def all
  describe(
    new(
      resource_type: :any,
      resource_name: nil,
      resource_pattern_type: :any,
      principal: nil,
      operation: :any,
      permission_type: :any,
      host: '*'
    )
  )
end

.create(acl) ⇒ Array<Acl>

Creates (unless already present) a given ACL rule in Kafka

Parameters:

• acl (Acl)

Returns:

• (Array<Acl>) —

  created acls

# File 'lib/karafka/admin/acl.rb', line 112

def create(acl)
  with_admin_wait do |admin|
    admin.create_acl(**acl.to_native_hash)
  end

  [acl]
end

.delete(acl) ⇒ Array<Acl>

Note:

More than one Acl may be removed if rules match that way

Removes acls matching provide acl pattern.

Parameters:

• acl (Acl)

Returns:

• (Array<Acl>) —

  deleted acls

# File 'lib/karafka/admin/acl.rb', line 124

def delete(acl)
  result = with_admin_wait do |admin|
    admin.delete_acl(**acl.to_native_hash)
  end

  result.deleted_acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

.describe(acl) ⇒ Array<Acl>

Takes an Acl definition and describes all existing Acls matching its criteria

Parameters:

• acl (Acl)

Returns:

• (Array<Acl>) —

  described acls

# File 'lib/karafka/admin/acl.rb', line 137

def describe(acl)
  result = with_admin_wait do |admin|
    admin.describe_acl(**acl.to_native_hash)
  end

  result.acls.map do |result_acl|
    from_rdkafka(result_acl)
  end
end

Instance Method Details

#to_native_hash ⇒ Hash

Converts the Acl into a hash with native rdkafka types

Returns:

• (Hash) —

  hash with attributes matching rdkafka numerical types

# File 'lib/karafka/admin/acl.rb', line 237

def to_native_hash
  {
    resource_type: remap(resource_type, RESOURCE_TYPES_MAP),
    resource_name: resource_name,
    resource_pattern_type: remap(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP),
    principal: principal,
    host: host,
    operation: remap(operation, OPERATIONS_MAP),
    permission_type: remap(permission_type, PERMISSION_TYPES_MAP)
  }.freeze
end