Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin API / Generate Namespace from existing KafkaUser #2

Open
twobeeb opened this issue Mar 10, 2021 · 1 comment
Open

Admin API / Generate Namespace from existing KafkaUser #2

twobeeb opened this issue Mar 10, 2021 · 1 comment
Assignees
@sebastienviale
Labels
refactor The change is an optimisation of the code base without any functional changes
Milestone
Release 1

Comments

@twobeeb
Copy link
Contributor

twobeeb commented Mar 10, 2021

When deploying this project on Kafka cluster with existing users, we need a method to generate the Namespace from existing cluster data (topics, Acls, Connects, ...)

Create and Admin API endpoint to create the Namespace based on existing Kafka User, as well as a resource prefix

POST /admin/namespace/{namespace}/generate-view
{
"name": "ns_project1",
"kafkaUser": "user1",
"prefixOwner": "project1"
}
@twobeeb twobeeb added the refactor The change is an optimisation of the code base without any functional changes label Mar 10, 2021
@twobeeb twobeeb assigned twobeeb and unassigned twobeeb Mar 10, 2021
@twobeeb twobeeb changed the title **Admin API / Generate Namespace from existing KafkaUser** Admin API / Generate Namespace from existing KafkaUser Mar 10, 2021
@twobeeb twobeeb added the API label Mar 19, 2021
@twobeeb twobeeb added this to the MVP1 milestone Mar 25, 2021
@sebastienviale sebastienviale self-assigned this Apr 21, 2021
@sebastienviale
Copy link
Collaborator

Steps to init namespace:

I
Create a namespace with a dummy user

{
  "kind": "Namespace",
  "metadata": {
    "name": "myNamespace",
    "cluster": "myCluster"
  },
  "spec": {
    "kafkaUser": "dummyUser"
  }
}

II

Call th endpoint /api/namespaces/{namespace}/init/{user}, for example /api/namespaces/myNamespace/init/myNamespaceUser

This will create:
A Namespace resoource with default values for validators
A BindingRole resource with default values for roles
A list of AccessControlEntry resources for all existing topics and groups in the cluster, plus an AccessControlEntry with a prefixed Topic with namespace name (to be updated if necessary) and an AccesControlEntry with prefixed Connect whit namespace name (to be update is necessary)

---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-1
    namespace: admin
  spec:
    resourceType: TOPIC
    resource: myNamespaceLowerCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-2
    namespace: admin
  spec:
    resourceType: TOPIC
    resource: myNamespaceUpperCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-3
    namespace: admin
  spec:
    resourceType: CONNECT
    resource: myNamespaceLowerCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-4
    namespace: admin
  spec:
    resourceType: CONNECT
    resource: myNamespaceUpperCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace

This API endpoint is called for Client with GET
kafkactl get init -n myNamespace namespaceUser

This will create a file.yml

III
Call the apply Client command to init the Namespace resource in NS4KFK with the myUser grantedTo

IV
Create a dummy namespace with a dummy user in order to delete ACLs in the broker created for dummy user

{
  "kind": "Namespace",
  "metadata": {
    "name": "dummyNamespace",
    "cluster": "myCluster"
  },
  "spec": {
    "kafkaUser": "dummyUser"
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sebastienviale sebastienviale

Labels
refactor The change is an optimisation of the code base without any functional changes
Projects
None yet
Milestone
Release 1
Development

No branches or pull requests
3 participants
@twobeeb @sebastienviale @loicgreffier