public void setUpAclForUser(String username, Collection<String> consumedTopics, Collection<String> producedTopics) {
Collection<AclBinding> existingAcls = userAcls(username);
Collection<AclBinding> acls = new ArrayList<>(consumedTopics.size() + producedTopics.size());
Collection<AclBinding> effectiveAcls = new ArrayList<>(consumedTopics.size() + producedTopics.size());
String principal = "User:" + username;
consumedTopics.forEach(t -> addAcl(acls, effectiveAcls, existingAcls, principal, t, AclOperation.READ));
producedTopics.forEach(t -> addAcl(acls, effectiveAcls, existingAcls, principal, t, AclOperation.WRITE));
try {
adminClient.createAcls(acls).all().get();
List<AclBindingFilter> aclToDelete = existingAcls.stream()
.filter(b -> b.resource().resourceType() == ResourceType.TOPIC && (b.entry().operation() == AclOperation.READ || b.entry().operation() == AclOperation.WRITE))
.filter(b -> !effectiveAcls.contains(b))
.map(b -> new AclBindingFilter(
new ResourceFilter(ResourceType.TOPIC, b.resource().name()),
new AccessControlEntryFilter(b.entry().principal(), b.entry().host(), b.entry().operation(), b.entry().permissionType())))
.collect(Collectors.toList());
if (!aclToDelete.isEmpty()) {
try {
adminClient.deleteAcls(aclToDelete).all().get();
} catch (InterruptedException | ExecutionException e) {
log.error("Unable to delete old ACL for {}, topics {}, {}.", username, consumedTopics, producedTopics, e);
}
}
} catch (InterruptedException | ExecutionException e1) {
log.error("Unable to delete set ACL for {}, topics {}, {}.", username, consumedTopics, producedTopics, e1);
}
}