Merge branch 'main' into chore/drop-msgs-v1

kafbat · Oct 24, 2024 · 1060ddb · 1060ddb
2 parents a5df4b3 + 0ad8695
commit 1060ddb
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 41 deletions.
diff --git a/.dev/dev_arm64.yaml b/.dev/dev_arm64.yaml
@@ -32,7 +32,8 @@ services:
       KAFKA_CLUSTERS_0_AUDIT_CONSOLEAUDITENABLED: 'true'
 
   kafka0:
-    image: confluentinc/cp-kafka:7.2.1.arm64
+    image: confluentinc/cp-kafka:7.6.0.arm64
+    user: "0:0"
     hostname: kafka0
     container_name: kafka0
     ports:
@@ -56,12 +57,10 @@ services:
       KAFKA_JMX_PORT: 9997
 #      KAFKA_JMX_HOSTNAME: localhost # uncomment this line and comment the next one if running with kafka-ui as a jar
       KAFKA_JMX_OPTS: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=kafka0 -Dcom.sun.management.jmxremote.rmi.port=9997
-    volumes:
-      - ../documentation/compose/scripts/update_run.sh:/tmp/update_run.sh
-    command: "bash -c 'if [ ! -f /tmp/update_run.sh ]; then echo \"ERROR: Did you forget the update_run.sh file that came with this docker-compose.yml file?\" && exit 1 ; else /tmp/update_run.sh && /etc/confluent/docker/run ; fi'"
+      CLUSTER_ID: 'MkU3OEVBNTcwNTJENDM2Qk'
 
   schema-registry0:
-    image: confluentinc/cp-schema-registry:7.2.1.arm64
+    image: confluentinc/cp-schema-registry:7.6.0.arm64
     ports:
       - 8085:8085
     depends_on:
@@ -77,7 +76,7 @@ services:
       SCHEMA_REGISTRY_KAFKASTORE_TOPIC: _schemas
 
   kafka-connect0:
-    image: confluentinc/cp-kafka-connect:7.2.1.arm64
+    image: confluentinc/cp-kafka-connect:7.6.0.arm64
     ports:
       - 8083:8083
     depends_on:
@@ -102,7 +101,7 @@ services:
       CONNECT_PLUGIN_PATH: "/usr/share/java,/usr/share/confluent-hub-components,/usr/local/share/kafka/plugins,/usr/share/filestream-connectors"
 
   ksqldb0:
-    image: confluentinc/ksqldb-server:0.18.0
+    image: confluentinc/cp-ksqldb-server:7.6.0.arm64
     depends_on:
       - kafka0
       - kafka-connect0
@@ -120,7 +119,7 @@ services:
       KSQL_CACHE_MAX_BYTES_BUFFERING: 0
 
   kafka-init-topics:
-    image: confluentinc/cp-kafka:7.2.1.arm64
+    image: confluentinc/cp-kafka:7.6.0.arm64
     volumes:
       - ../documentation/compose/data/message.json:/data/message.json
     depends_on:

diff --git a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java
@@ -158,7 +158,7 @@ public Mono<Void> createConsumerAcl(KafkaCluster cluster, CreateConsumerAclDTO r
         .then();
   }
 
-  //Read, Describe on topics, Read on consumerGroups
+  //Read, Describe on topics and consumerGroups
   private List<AclBinding> createConsumerBindings(CreateConsumerAclDTO request) {
     List<AclBinding> bindings = new ArrayList<>();
     bindings.addAll(
@@ -172,7 +172,7 @@ private List<AclBinding> createConsumerBindings(CreateConsumerAclDTO request) {
     bindings.addAll(
         createAllowBindings(
             GROUP,
-            List.of(READ),
+            List.of(READ, DESCRIBE),
             request.getPrincipal(),
             request.getHost(),
             request.getConsumerGroupsPrefix(),

diff --git a/api/src/main/java/io/kafbat/ui/service/rbac/extractor/OauthAuthorityExtractor.java b/api/src/main/java/io/kafbat/ui/service/rbac/extractor/OauthAuthorityExtractor.java
@@ -76,7 +76,7 @@ private Set<String> extractRoles(AccessControlService acs, DefaultOAuth2User pri
     var rolesFieldName = provider.getCustomParams().get(ROLES_FIELD_PARAM_NAME);
 
     if (rolesFieldName == null) {
-      log.warn("Provider [{}] doesn't contain a roles field param name, won't map roles", provider);
+      log.warn("Provider [{}] doesn't contain a roles field param name, won't map roles", provider.getClientName());
       return Collections.emptySet();
     }
 

diff --git a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java
@@ -103,10 +103,10 @@ void createsConsumerDependantAcls() {
             .topics(List.of("t1", "t2"))
     ).block();
 
-    //Read, Describe on topics, Read on consumerGroups
+    //Read, Describe on topics and consumerGroups
     Collection<AclBinding> createdBindings = createdCaptor.getValue();
     assertThat(createdBindings)
-        .hasSize(6)
+        .hasSize(8)
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.TOPIC, "t1", PatternType.LITERAL),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
@@ -122,9 +122,15 @@ void createsConsumerDependantAcls() {
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL),
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL),
+            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL),
-            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)));
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)));
   }
 
   @Test
@@ -145,10 +151,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() {
             .topicsPrefix("topicPref")
     ).block();
 
-    //Read, Describe on topics, Read on consumerGroups
+    //Read, Describe on topics and consumerGroups
     Collection<AclBinding> createdBindings = createdCaptor.getValue();
     assertThat(createdBindings)
-        .hasSize(3)
+        .hasSize(4)
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.TOPIC, "topicPref", PatternType.PREFIXED),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
@@ -157,7 +163,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() {
             new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)))
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED),
-            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)));
+            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED),
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)));
   }
 
   @Test

diff --git a/documentation/compose/scripts/clusterID b/documentation/compose/scripts/clusterID
diff --git a/documentation/compose/scripts/create_cluster_id.sh b/documentation/compose/scripts/create_cluster_id.sh
diff --git a/documentation/compose/scripts/update_run.sh b/documentation/compose/scripts/update_run.sh
diff --git a/documentation/compose/scripts/update_run_cluster.sh b/documentation/compose/scripts/update_run_cluster.sh