/** * This is a convenience method for #{@link AdminClient#createAcls(Collection, CreateAclsOptions)} with * default options. See the overload for more details. * * This operation is supported by brokers with version 0.11.0.0 or higher. * * @param acls The ACLs to create * @return The CreateAclsResult. */ public CreateAclsResult createAcls(Collection<AclBinding> acls) { return createAcls(acls, new CreateAclsOptions()); }
@Test public void testCreateAcls() throws Exception { try (AdminClientUnitTestEnv env = mockClientEnv()) { env.kafkaClient().setNodeApiVersions(NodeApiVersions.create()); // Test a call where we successfully create two ACLs. env.kafkaClient().prepareResponse(new CreateAclsResponse(0, asList(new AclCreationResponse(ApiError.NONE), new AclCreationResponse(ApiError.NONE)))); CreateAclsResult results = env.adminClient().createAcls(asList(ACL1, ACL2)); assertCollectionIs(results.values().keySet(), ACL1, ACL2); for (KafkaFuture<Void> future : results.values().values()) future.get(); results.all().get(); // Test a call where we fail to create one ACL. env.kafkaClient().prepareResponse(new CreateAclsResponse(0, asList( new AclCreationResponse(new ApiError(Errors.SECURITY_DISABLED, "Security is disabled")), new AclCreationResponse(ApiError.NONE)) )); results = env.adminClient().createAcls(asList(ACL1, ACL2)); assertCollectionIs(results.values().keySet(), ACL1, ACL2); TestUtils.assertFutureError(results.values().get(ACL1), SecurityDisabledException.class); results.values().get(ACL2).get(); TestUtils.assertFutureError(results.all(), SecurityDisabledException.class); } }
env.adminClient().createAcls(asList(ACL1, ACL2)).all().get(); fail("Expected an authentication error."); } catch (ExecutionException e) {
public void setUpAclForUser(String username, Collection<String> consumedTopics, Collection<String> producedTopics) { Collection<AclBinding> existingAcls = userAcls(username); Collection<AclBinding> acls = new ArrayList<>(consumedTopics.size() + producedTopics.size()); Collection<AclBinding> effectiveAcls = new ArrayList<>(consumedTopics.size() + producedTopics.size()); String principal = "User:" + username; consumedTopics.forEach(t -> addAcl(acls, effectiveAcls, existingAcls, principal, t, AclOperation.READ)); producedTopics.forEach(t -> addAcl(acls, effectiveAcls, existingAcls, principal, t, AclOperation.WRITE)); try { adminClient.createAcls(acls).all().get(); List<AclBindingFilter> aclToDelete = existingAcls.stream() .filter(b -> b.resource().resourceType() == ResourceType.TOPIC && (b.entry().operation() == AclOperation.READ || b.entry().operation() == AclOperation.WRITE)) .filter(b -> !effectiveAcls.contains(b)) .map(b -> new AclBindingFilter( new ResourceFilter(ResourceType.TOPIC, b.resource().name()), new AccessControlEntryFilter(b.entry().principal(), b.entry().host(), b.entry().operation(), b.entry().permissionType()))) .collect(Collectors.toList()); if (!aclToDelete.isEmpty()) { try { adminClient.deleteAcls(aclToDelete).all().get(); } catch (InterruptedException | ExecutionException e) { log.error("Unable to delete old ACL for {}, topics {}, {}.", username, consumedTopics, producedTopics, e); } } } catch (InterruptedException | ExecutionException e1) { log.error("Unable to delete set ACL for {}, topics {}, {}.", username, consumedTopics, producedTopics, e1); } }