From c6ce5dec14badbef4f9ffe7e15dac3f19d55c172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pere=20Urb=C3=B3n?= Date: Sun, 21 Nov 2021 09:45:11 +0100 Subject: [PATCH] fix incorrect rbac resource name for subjects and connectors (#405) --- .../roles/rbac/ClusterLevelRoleBuilder.java | 4 ++-- .../topology/api/mds/MDSApiClientTest.java | 23 +++++++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/purbon/kafka/topology/roles/rbac/ClusterLevelRoleBuilder.java b/src/main/java/com/purbon/kafka/topology/roles/rbac/ClusterLevelRoleBuilder.java index 85a777a0b..b85f5752d 100644 --- a/src/main/java/com/purbon/kafka/topology/roles/rbac/ClusterLevelRoleBuilder.java +++ b/src/main/java/com/purbon/kafka/topology/roles/rbac/ClusterLevelRoleBuilder.java @@ -45,7 +45,7 @@ public ClusterLevelRoleBuilder forSchemaSubject(String subject, String patternTy scope = new RequestScope(); scope.setClusters(clusters); - scope.addResource("Subject", "Subject:" + subject, patternType); + scope.addResource("Subject", subject, patternType); scope.build(); return this; @@ -59,7 +59,7 @@ public ClusterLevelRoleBuilder forAKafkaConnector(String connector) { scope = new RequestScope(); scope.setClusters(clusters); - scope.addResource("Connector", "Connector:" + connector, patternType); + scope.addResource("Connector", connector, patternType); scope.build(); return this; diff --git a/src/test/java/com/purbon/kafka/topology/api/mds/MDSApiClientTest.java b/src/test/java/com/purbon/kafka/topology/api/mds/MDSApiClientTest.java index 9a05b889e..cd6f01957 100644 --- a/src/test/java/com/purbon/kafka/topology/api/mds/MDSApiClientTest.java +++ b/src/test/java/com/purbon/kafka/topology/api/mds/MDSApiClientTest.java @@ -25,7 +25,7 @@ public void testBindSubjectRole() { assertThat(mdsRequest.getUrl()).isEqualTo("User:foo/roles/DeveloperRead/bindings"); assertThat(mdsRequest.getJsonEntity()) .isEqualTo( - "{\"resourcePatterns\":[{\"name\":\"Subject:topic-value\",\"patternType\":\"LITERAL\",\"resourceType\":\"Subject\"}],\"scope\":{\"clusters\":{\"kafka-cluster\":\"\",\"schema-registry-cluster\":\"\"}}}"); + "{\"resourcePatterns\":[{\"name\":\"topic-value\",\"patternType\":\"LITERAL\",\"resourceType\":\"Subject\"}],\"scope\":{\"clusters\":{\"kafka-cluster\":\"\",\"schema-registry-cluster\":\"\"}}}"); } @Test @@ -41,6 +41,25 @@ public void testBindSubjectRoleWithoutResourceType() { assertThat(mdsRequest.getUrl()).isEqualTo("User:foo/roles/DeveloperRead/bindings"); assertThat(mdsRequest.getJsonEntity()) .isEqualTo( - "{\"resourcePatterns\":[{\"name\":\"Subject:topic-value\",\"patternType\":\"LITERAL\",\"resourceType\":\"Subject\"}],\"scope\":{\"clusters\":{\"kafka-cluster\":\"\",\"schema-registry-cluster\":\"\"}}}"); + "{\"resourcePatterns\":[{\"name\":\"topic-value\",\"patternType\":\"LITERAL\",\"resourceType\":\"Subject\"}],\"scope\":{\"clusters\":{\"kafka-cluster\":\"\",\"schema-registry-cluster\":\"\"}}}"); + } + + @Test + public void testBindConnectRole() { + String principal = "User:foo"; + String connectorName = "jdbc-sink"; + + TopologyAclBinding binding = + apiClient + .bind(principal, DEVELOPER_READ) + .forAKafkaConnector(connectorName) + .apply("Connector", connectorName); + + MDSRequest mdsRequest = apiClient.buildRequest(binding); + + assertThat(mdsRequest.getUrl()).isEqualTo("User:foo/roles/DeveloperRead/bindings"); + assertThat(mdsRequest.getJsonEntity()) + .isEqualTo( + "{\"resourcePatterns\":[{\"name\":\"jdbc-sink\",\"patternType\":\"LITERAL\",\"resourceType\":\"Connector\"}],\"scope\":{\"clusters\":{\"kafka-cluster\":\"\",\"connect-cluster\":\"\"}}}"); } }