From dc239b3352f6d32c8a67d1e51bca390c33c8d0ee Mon Sep 17 00:00:00 2001 From: H Vs Date: Fri, 21 Jun 2024 09:50:04 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controllers/ScramAclsController.cs | 263 ++++++++++++++++++ 1 file changed, 263 insertions(+) diff --git a/TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs b/TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs index 37042c3..28e636e 100644 --- a/TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs +++ b/TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs @@ -18,6 +18,88 @@ namespace TelpoKafkaConsole.WebApi.Controllers // POST api//Consumer [HttpPost("Consumer")] // 添加了路由 public async Task> Consumer([FromBody] ScramAclsConsumerReq consumer) + { + + // 创建 SASL 用户 + ScramCredentialsUser scramUser = new ScramCredentialsUser + { + Name = consumer.Name, + Password = consumer.Password + }; + await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser); + + // 检查并创建主题(如果不存在) + var topics = await _servicekafkaAdmin.DescribeTopicsAsync(new List { consumer.Topic }); + if (topics.Count == 0) + { + await _servicekafkaAdmin.CreateTopic(consumer.Topic, TimeSpan.FromDays(3), Math.Max(3, consumer.NumPartitions)); + } + + // 创建 ACLs + List aclBindings = new List + { + // 允许用户读取特定主题 + new AclBinding + { + Pattern = new ResourcePattern + { + Type = ResourceType.Topic, + Name = consumer.Topic, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Read, + PermissionType = AclPermissionType.Allow + } + }, + // 允许用户读取特定消费组 + new AclBinding + { + Pattern = new ResourcePattern + { + Type = ResourceType.Group, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Read, + PermissionType = AclPermissionType.Allow + } + }, + // 禁止用户执行任何其他操作(写入、修改、删除、描述等) + new AclBinding + { + Pattern = new ResourcePattern + { + Type = ResourceType.Group, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.All, + PermissionType = AclPermissionType.Deny + } + } + }; + + // 创建 ACLs + await _servicekafkaAdmin.CreateAclsAsync(aclBindings); + + return ApiResponse.Success($"创建消费者用户 {consumer.Name} 和 ACLs 规则成功"); + + + } + + /**public async Task> Consumer([FromBody] ScramAclsConsumerReq consumer) { // 创建用户 ScramCredentialsUser scramUser = new() @@ -52,6 +134,106 @@ namespace TelpoKafkaConsole.WebApi.Controllers // PermissionType = AclPermissionType.Deny // } //}, + //new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:superuser", + // Host = "*", + // Operation = AclOperation.All, + // PermissionType = AclPermissionType.Allow + // } + //}, + //// 禁止查看 + // new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:{consumer.Name}", + // Host = "*", + // Operation = AclOperation.Describe, + // PermissionType = AclPermissionType.Deny + // } + // }, + // // 禁止修改 + // new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:{consumer.Name}", + // Host = "*", + // Operation = AclOperation.Alter, + // PermissionType = AclPermissionType.Deny + // } + // }, + //// 禁止写入 + //new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:{consumer.Name}", + // Host = "*", + // Operation = AclOperation.Write, + // PermissionType = AclPermissionType.Deny + // } + // }, + //// 禁止创建 + //new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:{consumer.Name}", + // Host = "*", + // Operation = AclOperation.Create, + // PermissionType = AclPermissionType.Deny + // } + // }, + //new AclBinding() + // { + // Pattern = new ResourcePattern + // { + // Type = ResourceType.Broker, + // Name = "kafka-cluster", + // ResourcePatternType = ResourcePatternType.Literal + // }, + // Entry = new AccessControlEntry + // { + // Principal = $"User:{consumer.Name}", + // Host = "*", + // Operation = AclOperation.Unknown, + // PermissionType = AclPermissionType.Deny + // } + // }, new AclBinding() { Pattern = new ResourcePattern @@ -83,6 +265,86 @@ namespace TelpoKafkaConsole.WebApi.Controllers Operation = AclOperation.Read, PermissionType = AclPermissionType.Allow } + }, + new AclBinding() + { + Pattern = new ResourcePattern + { + Type = ResourceType.Any, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Write, + PermissionType = AclPermissionType.Deny + } + }, + new AclBinding() + { + Pattern = new ResourcePattern + { + Type = ResourceType.Topic, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Write, + PermissionType = AclPermissionType.Deny + } + }, + new AclBinding() + { + Pattern = new ResourcePattern + { + Type = ResourceType.Topic, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Alter, + PermissionType = AclPermissionType.Deny + } + }, + new AclBinding() + { + Pattern = new ResourcePattern + { + Type = ResourceType.Topic, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Describe, + PermissionType = AclPermissionType.Deny + } + }, + new AclBinding() + { + Pattern = new ResourcePattern + { + Type = ResourceType.Topic, + Name = consumer.Group, + ResourcePatternType = ResourcePatternType.Literal + }, + Entry = new AccessControlEntry + { + Principal = $"User:{consumer.Name}", + Host = "*", + Operation = AclOperation.Delete, + PermissionType = AclPermissionType.Deny + } } }; await _servicekafkaAdmin.CreateAclsAsync(aclBindings); @@ -90,6 +352,7 @@ namespace TelpoKafkaConsole.WebApi.Controllers return ApiResponse.Success($"创建 消费者用户 {consumer.Name} Acls 规则成功"); } + */ // POST api//Producer [HttpPost("Producer")] // 添加了路由