added acls from yaml

hifly81 · hifly81 · commit 878f10f954de · 2025-03-04T06:14:28.000-08:00
diff --git a/README.adoc b/README.adoc
@@ -3910,7 +3910,16 @@ docker exec -it broker /opt/kafka/bin/kafka-console-producer.sh --broker-list br
 org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [test]
 ----
 
-Set topic read and topic write ACLs on topic _test_ for user _alice_:
+Set topic read and topic write ACLs on topic _test_ for user _alice_; you have 2 options:
+
+1. Run script run-acl.sh:
+
+[source,bash]
+----
+docker exec broker sh -c "chmod +x /tmp/run-acl.sh && /tmp/run-acl.sh"
+----
+
+2. Run kafka acls cli:
 
 [source,bash]
 ----
diff --git a/acls/config/acl-config.yaml b/acls/config/acl-config.yaml
@@ -0,0 +1,12 @@
+name: "Alice Topic  Access"
+action: --add
+allow_principal: User:alice
+operations:
+  - WRITE
+  - READ
+
+resource_pattern_type: literal
+
+topics:
+  - test
+
diff --git a/acls/config/run-acl.sh b/acls/config/run-acl.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+ACL_FILE=/tmp/acl-config.yaml
+
+# Parse simple key-value pairs from YAML
+NAME=$(grep 'name:' $ACL_FILE | sed 's/.*: //')
+ACTION=$(grep 'action:' $ACL_FILE | sed 's/.*: //')
+ALLOW_PRINCIPAL=$(grep 'allow_principal:' $ACL_FILE | sed 's/.*: //')
+TRANSACTIONAL_ID=$(grep 'transactional_id:' $ACL_FILE| sed 's/.*: //')
+RESOURCE_PATTERN_TYPE=$(grep 'resource_pattern_type:' $ACL_FILE | sed 's/.*: //')
+
+# Extract and clean operations (remove '-' and trim spaces)
+OPERATIONS=()
+while IFS= read -r line; do
+    op=$(echo "$line" | sed -E 's/^\s*-\s*//' | xargs) # Remove '- ' and trim whitespace
+    [[ -n "$op" ]] && OPERATIONS+=("$op") # Add only if non-empty
+done < <(awk '/operations:/ {flag=1; next} /^[^ ]/ {flag=0} flag' $ACL_FILE)
+
+# Extract and clean topics (remove '-' and trim spaces)
+TOPICS=()
+while IFS= read -r line; do
+    topic=$(echo "$line" | sed -E 's/^\s*-\s*//' | xargs) # Remove '- ' and trim whitespace
+    [[ -n "$topic" ]] && TOPICS+=("$topic") # Add only if non-empty
+done < <(awk '/topics:/ {flag=1; next} /^[^ ]/ {flag=0} flag' $ACL_FILE)
+
+# Display the ACL name for better logging
+echo "Running ACL Setup: $NAME"
+
+# Loop through each topic and apply ACLs
+for topic in "${TOPICS[@]}"; do
+    # Construct the base command
+    CMD="/opt/kafka/bin/kafka-acls.sh --bootstrap-server broker:9092 --command-config /tmp/admin.properties $ACTION --allow-principal \"$ALLOW_PRINCIPAL\""
+
+    # Add each operation correctly
+    for op in "${OPERATIONS[@]}"; do
+        CMD+=" --operation $op"
+    done
+
+    # Add the topic and resource pattern type
+    CMD+=" --topic $topic"
+    CMD+=" --resource-pattern-type $RESOURCE_PATTERN_TYPE"
+
+    # Include transactional ID if provided
+    if [[ -n "$TRANSACTIONAL_ID" ]]; then
+        CMD+=" --transactional-id $TRANSACTIONAL_ID"
+    fi
+
+    # Print and execute the command
+    echo "Executing: $CMD"
+    eval "$CMD"
+done
diff --git a/acls/docker-compose.yml b/acls/docker-compose.yml
@@ -1,6 +1,4 @@
 ---
-version: '2'
-
 services:
 
   broker:
@@ -12,6 +10,9 @@ services:
     volumes:
       - ./config/alice.properties:/tmp/alice.properties
       - ./config/admin.properties:/tmp/admin.properties
+      - ./config/admin.properties:/tmp/admin.properties
+      - ./config/acl-config.yaml:/tmp/acl-config.yaml
+      - ./config/run-acl.sh:/tmp/run-acl.sh
     environment:
       KAFKA_NODE_ID: 1
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,AUTH:SASL_PLAINTEXT,INTERNAL:PLAINTEXT
diff --git a/confluent-for-kubernetes/k8s/confluent-platform-reducted.yaml b/confluent-for-kubernetes/k8s/confluent-platform-reducted.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   dataVolumeCapacity: 1G
   image:
-    application: docker.io/confluentinc/cp-kafka:7.8.0
+    application: docker.io/confluentinc/cp-kafka:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   replicas: 1
 ---
@@ -19,7 +19,7 @@ metadata:
 spec:
   replicas: 3
   image:
-    application: confluentinc/cp-kafka:7.8.0
+    application: confluentinc/cp-kafka:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   dataVolumeCapacity: 1Gi
   dependencies:
diff --git a/confluent-for-kubernetes/k8s/confluent-platform.yaml b/confluent-for-kubernetes/k8s/confluent-platform.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   dataVolumeCapacity: 1G
   image:
-    application: docker.io/confluentinc/cp-kafka:7.8.0
+    application: docker.io/confluentinc/cp-kafka:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   replicas: 1
 ---
@@ -19,7 +19,7 @@ metadata:
 spec:
   replicas: 3
   image:
-    application: confluentinc/cp-kafka:7.8.0
+    application: confluentinc/cp-kafka:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   dataVolumeCapacity: 1Gi
   dependencies:
@@ -37,7 +37,7 @@ metadata:
 spec:
   replicas: 1
   image:
-    application: confluentinc/cp-kafka-connect-base:7.8.0
+    application: confluentinc/cp-kafka-connect-base:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   dependencies:
     kafka:
@@ -63,7 +63,7 @@ metadata:
 spec:
   replicas: 1
   image:
-    application: confluentinc/cp-schema-registry:7.8.0
+    application: confluentinc/cp-schema-registry:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
 ---
 apiVersion: platform.confluent.io/v1beta1
@@ -76,6 +76,6 @@ spec:
     schemaRegistry:
       url: http://schemaregistry.confluent.svc.cluster.local:8081
   image:
-    application: confluentinc/cp-kafka-rest:7.8.0
+    application: confluentinc/cp-kafka-rest:7.8.1
     init: confluentinc/confluent-init-container:2.10.0
   replicas: 1
