Skip to content

kafka: add more options to the user management script

  • Allow to specify the topic names
  • Allow to configure r/w and power users who can manage the topics under the prefixes

Related to T4265

Test Plan

  • getty
*** Running octocatalog-diff on host getty.internal.softwareheritage.org
I, [2022-06-03T18:02:52.796055 #90607]  INFO -- : Catalogs compiled for getty.internal.softwareheritage.org
I, [2022-06-03T18:02:53.704839 #90607]  INFO -- : Diffs computed for getty.internal.softwareheritage.org
diff origin/production/getty.internal.softwareheritage.org current/getty.internal.softwareheritage.org
*******************************************
  File[/usr/local/sbin/create_kafka_users_rocquencourt.sh] =>
   parameters =>
     content =>
      @@ -17,6 +17,10 @@
       fi
      _
      +topic_prefixes="swh.journal.objects. swh.journal.indexed."
      +privileged_topic_prefixes="swh.journal.objects_privileged."
      +
       privileged="unprivileged"
       cgrp_prefix=""
      +ops="READ DESCRIBE"
      _
       while (( $# )); do
      @@ -28,4 +32,18 @@
           shift
           shift
      +  elif [ $1 = "--topic_prefixes" ]; then
      +    topic_prefixes=$2
      +    shift
      +    shift
      +  elif [ $1 = "--privileged_topic_prefixes" ]; then
      +    privileged_topic_prefixes=$2
      +    shift
      +    shift
      +  elif [ $1 = "--rw" ]; then
      +    ops="${OPS} WRITE"
      +    shift
      +  elif [ $1 = "--admin" ]; then
      +    ops="${OPS} DELETE CREATE"
      +    shift
         else
           username=$1
      @@ -57,13 +75,11 @@
        --entity-name $username
      _
      -topic_prefixes="swh.journal.objects. swh.journal.indexed."
      -
       if [ $privileged = "privileged" ]; then
      - topic_prefixes="$topic_prefixes swh.journal.objects_privileged."
      + topic_prefixes="${topic_prefixes} ${privileged_topic_prefixes}"
       fi
      _
       for topic_prefix in $topic_prefixes; do
        echo "Granting access to topics $topic_prefix to $username"
      - for op in READ DESCRIBE; do
      + for op in ${OPS}; do
                /opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --topic $topic_prefix --allow-principal User:$username --operation $op
        done
*******************************************
  File[/usr/local/sbin/create_kafka_users_rocquencourt_staging.sh] =>
   parameters =>
     content =>
      @@ -17,6 +17,10 @@
       fi
      _
      +topic_prefixes="swh.journal.objects. swh.journal.indexed."
      +privileged_topic_prefixes="swh.journal.objects_privileged."
      +
       privileged="unprivileged"
       cgrp_prefix=""
      +ops="READ DESCRIBE"
      _
       while (( $# )); do
      @@ -28,4 +32,18 @@
           shift
           shift
      +  elif [ $1 = "--topic_prefixes" ]; then
      +    topic_prefixes=$2
      +    shift
      +    shift
      +  elif [ $1 = "--privileged_topic_prefixes" ]; then
      +    privileged_topic_prefixes=$2
      +    shift
      +    shift
      +  elif [ $1 = "--rw" ]; then
      +    ops="${OPS} WRITE"
      +    shift
      +  elif [ $1 = "--admin" ]; then
      +    ops="${OPS} DELETE CREATE"
      +    shift
         else
           username=$1
      @@ -57,13 +75,11 @@
        --entity-name $username
      _
      -topic_prefixes="swh.journal.objects. swh.journal.indexed."
      -
       if [ $privileged = "privileged" ]; then
      - topic_prefixes="$topic_prefixes swh.journal.objects_privileged."
      + topic_prefixes="${topic_prefixes} ${privileged_topic_prefixes}"
       fi
      _
       for topic_prefix in $topic_prefixes; do
        echo "Granting access to topics $topic_prefix to $username"
      - for op in READ DESCRIBE; do
      + for op in ${OPS}; do
                /opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --topic $topic_prefix --allow-principal User:$username --operation $op
        done
*******************************************
*** End octocatalog-diff on getty.internal.softwareheritage.org

Migrated from D7962 (view on Phabricator)

Merge request reports