ns4kafka icon indicating copy to clipboard operation
ns4kafka copied to clipboard
verified publisher icon michelin

Admin API / Generate Namespace from existing KafkaUser

Open jchanaud opened this issue 4 years ago • 1 comments

When deploying this project on Kafka cluster with existing users, we need a method to generate the Namespace from existing cluster data (topics, Acls, Connects, ...)

Create and Admin API endpoint to create the Namespace based on existing Kafka User, as well as a resource prefix

POST /admin/namespace/{namespace}/generate-view
{
"name": "ns_project1",
"kafkaUser": "user1",
"prefixOwner": "project1"
}

jchanaud avatar Mar 10 '21 20:03 jchanaud

Steps to init namespace:

I Create a namespace with a dummy user

{
  "kind": "Namespace",
  "metadata": {
    "name": "myNamespace",
    "cluster": "myCluster"
  },
  "spec": {
    "kafkaUser": "dummyUser"
  }
}

II

Call th endpoint /api/namespaces/{namespace}/init/{user}, for example /api/namespaces/myNamespace/init/myNamespaceUser

This will create: A Namespace resoource with default values for validators A BindingRole resource with default values for roles A list of AccessControlEntry resources for all existing topics and groups in the cluster, plus an AccessControlEntry with a prefixed Topic with namespace name (to be updated if necessary) and an AccesControlEntry with prefixed Connect whit namespace name (to be update is necessary)

---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-1
    namespace: admin
  spec:
    resourceType: TOPIC
    resource: myNamespaceLowerCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-2
    namespace: admin
  spec:
    resourceType: TOPIC
    resource: myNamespaceUpperCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-3
    namespace: admin
  spec:
    resourceType: CONNECT
    resource: myNamespaceLowerCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace
---
  apiVersion: v1
  kind: AccessControlEntry
  metadata:
    cluster: myCluster
    labels: null
    name: acl-myNamespace-4
    namespace: admin
  spec:
    resourceType: CONNECT
    resource: myNamespaceUpperCase
    resourcePatternType: PREFIXED
    permission: OWNER
    grantedTo: myNamespace

This API endpoint is called for Client with GET kafkactl get init -n myNamespace namespaceUser

This will create a file.yml

III Call the apply Client command to init the Namespace resource in NS4KFK with the myUser grantedTo

IV Create a dummy namespace with a dummy user in order to delete ACLs in the broker created for dummy user

{
  "kind": "Namespace",
  "metadata": {
    "name": "dummyNamespace",
    "cluster": "myCluster"
  },
  "spec": {
    "kafkaUser": "dummyUser"
  }
}

sebastienviale avatar May 06 '21 14:05 sebastienviale