enhancement: support for acls-filter-regexp #1281
Conversation
| public List<AccessControl> findAll(String clusterId, Optional<String> search) throws ExecutionException, InterruptedException { | ||
| return toGroupedAcl(kafkaWrapper | ||
| .describeAcls(clusterId, AclBindingFilter.ANY) | ||
| .stream() | ||
| .filter(aclBinding -> isSearchMatch(search, aclBinding.entry().principal())) | ||
| .filter(aclBinding -> isMatchRegex(getAclFilterRegex(),aclBinding.entry().principal())) |
There was a problem hiding this comment.
space should be here?
| .filter(aclBinding -> isMatchRegex(getAclFilterRegex(),aclBinding.entry().principal())) | |
| .filter(aclBinding -> isMatchRegex(getAclFilterRegex(), aclBinding.entry().principal())) |
There was a problem hiding this comment.
@LittleWat - good catch :) Must have been my fingers.
| var searchResult = aclRepository.findByPrincipal(KafkaTestCluster.CLUSTER_ID, AccessControl.encodePrincipal("test:toto"), Optional.empty()); | ||
| assertEquals("test:toto", searchResult.getPrincipal()); | ||
| assertEquals(2, searchResult.getAcls().size()); | ||
| assertEquals(2, searchResult |
There was a problem hiding this comment.
I am not sure whether this test case is necessary or not.
There was a problem hiding this comment.
@LittleWat - I added to make sure few more principal patterns other than one starting with user* still works after my changes.
There was a problem hiding this comment.
Thanks! I just thought both the result(searchResult.getAcls().size() and searchResult.stream().filter(acl -> acl.getOperation().getPermissionType() == AclPermissionType.ALLOW).count()) ) are 2, so it might be okay to remove the latter one. This is just a thought so that you can ignore it. 🙇
| @@ -114,6 +117,8 @@ akhq: | |||
| attributes: | |||
| topics-filter-regexp: | |||
| - "test.*" | |||
| acls-filter-regexp: | |||
There was a problem hiding this comment.
I am not sure this is necessary because this group does not have acls/read role
There was a problem hiding this comment.
@LittleWat - Same comment as one below
| @@ -131,6 +136,9 @@ akhq: | |||
| - topic/insert | |||
| - topic/delete | |||
| - registry/version/delete | |||
| attributes: | |||
There was a problem hiding this comment.
@LittleWat - I added these as part of trying to locally test the changes for non-default groups. No harm in leaving it i think
There was a problem hiding this comment.
No harm in leaving it i think
Thank you for your reply! I think so too but I just felt a bit strange that no-filter group has the filter(acls-filter-regexp).
| @@ -104,6 +104,9 @@ akhq: | |||
| - connect/update | |||
| - connect/delete | |||
| - connect/state/update | |||
| attributes: | |||
There was a problem hiding this comment.
Sorry, this might be a stupid question. If we remove this, void findAllByUser() in AccessControlRepositoryTest.java will fail, right...? ( I mean that if we remove it, assertEquals(5, searchResult.getAcls().size()); would become assertEquals(7, searchResult.getAcls().size());)
|
Amazing ! |
|
Hello, I change akhq version 0.16 to the last 0.24 but i think may be the structure change for the mapping of groups and the permissions filters. But in the last version 0.24 i see this change [1][2] for declare the default-group: What's the good use for define my default-group the example 1 or the example 2 for the last version 0.24? Thank you for your help in advance. [1] https://akhq.io/docs/configuration/authentifications/external.html [2] https://github.com/tchiotludo/akhq/blob/0.24.0/application.example.yml |
This PR contains changes to support Regex for filtering security groups based on principal names added to the acl bindings