tchiotludo · tchiotludo · Dec 8, 2020 · Nov 24, 2020 · Dec 7, 2020 · Dec 8, 2020
diff --git a/.gitignore b/.gitignore
@@ -36,7 +36,7 @@ out/*
 logs/*
 
 ### Kafka HQ ###
-src/**/*-*.yml
+src/main/*-*.yml
 connects-plugins/
 
 ### Docs

diff --git a/src/main/java/org/akhq/configs/SecurityProperties.java b/src/main/java/org/akhq/configs/SecurityProperties.java
@@ -1,15 +1,26 @@
 package org.akhq.configs;
 
 import io.micronaut.context.annotation.ConfigurationProperties;
+import io.micronaut.core.convert.format.MapFormat;
 import lombok.Data;
 
+import javax.annotation.PostConstruct;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 @ConfigurationProperties("akhq.security")
 @Data
 public class SecurityProperties {
     private List<BasicAuth> basicAuth = new ArrayList<>();
-    private List<Group> groups;
     private String defaultGroup;
+
+    @MapFormat(transformation = MapFormat.MapTransformation.FLAT)
+    private Map<String, Group> groups = new HashMap<>();
+
+    @PostConstruct
+    public void init() {
+        groups.entrySet().forEach(entry -> entry.getValue().setName(entry.getKey()));
+    }
 }
diff --git a/src/main/java/org/akhq/utils/UserGroupUtils.java b/src/main/java/org/akhq/utils/UserGroupUtils.java
@@ -28,7 +28,7 @@ public List<String> getUserRoles(List<String> groups) {
             return new ArrayList<>();
         }
 
-        return securityProperties.getGroups().stream()
+        return securityProperties.getGroups().values().stream()
             .filter(group -> groups.contains(group.getName()))
             .filter(group -> group.getRoles() != null)
             .flatMap(group -> group.getRoles().stream())
@@ -48,7 +48,7 @@ public Map<String, Object> getUserAttributes(List<String> groups) {
             return null;
         }
 
-        return securityProperties.getGroups().stream()
+        return securityProperties.getGroups().values().stream()
             .filter(group -> groups.contains(group.getName()))
             .flatMap(group -> (group.getAttributes() != null) ? group.getAttributes().entrySet().stream() : null)
             .collect(Collectors.toMap(

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -133,39 +133,39 @@ akhq:
   security:
     default-group: admin
     groups:
-    - name: admin
-      roles:
-      - topic/read
-      - topic/insert
-      - topic/delete
-      - topic/config/update
-      - node/read
-      - node/config/update
-      - topic/data/read
-      - topic/data/insert
-      - topic/data/delete
-      - group/read
-      - group/delete
-      - group/offsets/update
-      - registry/read
-      - registry/insert
-      - registry/update
-      - registry/delete
-      - registry/version/delete
-      - acls/read
-      - connect/read
-      - connect/insert
-      - connect/update
-      - connect/delete
-      - connect/state/update
-    - name: reader
-      roles:
-      - topic/read
-      - node/read
-      - topic/data/read
-      - group/read
-      - registry/read
-      - acls/read
-      - connect/read
-    - name: no-roles
-      roles: []
+      admin:
+        roles:
+        - topic/read
+        - topic/insert
+        - topic/delete
+        - topic/config/update
+        - node/read
+        - node/config/update
+        - topic/data/read
+        - topic/data/insert
+        - topic/data/delete
+        - group/read
+        - group/delete
+        - group/offsets/update
+        - registry/read
+        - registry/insert
+        - registry/update
+        - registry/delete
+        - registry/version/delete
+        - acls/read
+        - connect/read
+        - connect/insert
+        - connect/update
+        - connect/delete
+        - connect/state/update
+      reader:
+        roles:
+        - topic/read
+        - node/read
+        - topic/data/read
+        - group/read
+        - registry/read
+        - acls/read
+        - connect/read
+      no-roles:
+        roles: []
diff --git a/src/test/java/org/akhq/configs/SecurityPropertiesTest.java b/src/test/java/org/akhq/configs/SecurityPropertiesTest.java
@@ -0,0 +1,56 @@
+package org.akhq.configs;
+
+import io.micronaut.context.ApplicationContext;
+import org.junit.jupiter.api.Test;
+import org.junit.platform.commons.util.CollectionUtils;
+
+import java.util.Collections;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class SecurityPropertiesTest {
+
+    @Test
+    void shouldReturnAllBasicGroups() {
+        ApplicationContext ctx = ApplicationContext.run(ApplicationContext.class);
+        SecurityProperties securityProperties = ctx.getBean(SecurityProperties.class);
+
+        assertEquals(
+                CollectionUtils.toSet(new String[] {"admin", "limited", "operator", "no-filter"}),
+                securityProperties.getGroups().keySet()
+        );
+
+        ctx.close();
+    }
+
+    @Test
+    void shouldReturnAllBasicPlusConfiguredGroups() {
+        ApplicationContext ctx = ApplicationContext.run(ApplicationContext.class, "extragroups");
+        SecurityProperties securityProperties = ctx.getBean(SecurityProperties.class);
+
+        assertEquals(
+                CollectionUtils.toSet(new String[] {"admin", "limited", "operator", "no-filter", "extra", "another"}),
+                securityProperties.getGroups().keySet()
+        );
+
+        ctx.close();
+    }
+
+    @Test
+    void shouldOverrideBasicGroups() {
+        ApplicationContext ctx = ApplicationContext.run(ApplicationContext.class, "overridegroups");
+        SecurityProperties securityProperties = ctx.getBean(SecurityProperties.class);
+
+        assertEquals(
+                CollectionUtils.toSet(new String[] {"admin", "limited", "operator", "no-filter", "extra"}),
+                securityProperties.getGroups().keySet()
+        );
+        assertEquals(
+                Collections.singletonList("topic/read"),
+                securityProperties.getGroups().get("admin").roles
+        );
+
+        ctx.close();
+    }
+
+}
diff --git a/src/test/resources/application-extragroups.yml b/src/test/resources/application-extragroups.yml
@@ -0,0 +1,10 @@
+akhq:
+  security:
+    groups:
+      extra:
+        roles:
+          - topic/read
+      another:
+        roles:
+          - topic/read
+
diff --git a/src/test/resources/application-overridegroups.yml b/src/test/resources/application-overridegroups.yml
@@ -0,0 +1,13 @@
+akhq:
+  security:
+    groups:
+      admin:
+        roles:
+          - topic/read
+      limited:
+        roles:
+          - topic/read
+      extra:
+        roles:
+          - topic/read
+
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
@@ -78,7 +78,7 @@ akhq:
   security:
     default-group: no-filter
     groups:
-      - name: admin
+      admin:
         roles:
           - topic/read
           - topic/insert
@@ -103,23 +103,23 @@ akhq:
           - connect/update
           - connect/delete
           - connect/state/update
-      - name: limited
+      limited:
         roles:
           - topic/read
           - topic/insert
           - topic/delete
           - registry/version/delete
         attributes:
           topics-filter-regexp: "test.*"
-      - name: operator
+      operator:
         roles:
           - topic/read
           - topic/data/read
           - topic/data/insert
           - topic/data/delete
         attributes:
           topics-filter-regexp: "test-operator.*"
-      - name: no-filter
+      no-filter:
         roles:
           - topic/read
           - topic/insert