променени са 1 файла, в които са добавени 263 реда и са изтрити 0 реда
+ 263
- 0
TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs
Целия файл
| @@ -18,6 +18,88 @@ namespace TelpoKafkaConsole.WebApi.Controllers | |||
| // POST api/<ScramAclsController>/Consumer | |||
| [HttpPost("Consumer")] // 添加了路由 | |||
| public async Task<ApiResponse<string>> Consumer([FromBody] ScramAclsConsumerReq consumer) | |||
| { | |||
| // 创建 SASL 用户 | |||
| ScramCredentialsUser scramUser = new ScramCredentialsUser | |||
| { | |||
| Name = consumer.Name, | |||
| Password = consumer.Password | |||
| }; | |||
| await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser); | |||
| // 检查并创建主题(如果不存在) | |||
| var topics = await _servicekafkaAdmin.DescribeTopicsAsync(new List<string> { consumer.Topic }); | |||
| if (topics.Count == 0) | |||
| { | |||
| await _servicekafkaAdmin.CreateTopic(consumer.Topic, TimeSpan.FromDays(3), Math.Max(3, consumer.NumPartitions)); | |||
| } | |||
| // 创建 ACLs | |||
| List<AclBinding> aclBindings = new List<AclBinding> | |||
| { | |||
| // 允许用户读取特定主题 | |||
| new AclBinding | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Topic, | |||
| Name = consumer.Topic, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Read, | |||
| PermissionType = AclPermissionType.Allow | |||
| } | |||
| }, | |||
| // 允许用户读取特定消费组 | |||
| new AclBinding | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Group, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Read, | |||
| PermissionType = AclPermissionType.Allow | |||
| } | |||
| }, | |||
| // 禁止用户执行任何其他操作(写入、修改、删除、描述等) | |||
| new AclBinding | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Group, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.All, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| } | |||
| }; | |||
| // 创建 ACLs | |||
| await _servicekafkaAdmin.CreateAclsAsync(aclBindings); | |||
| return ApiResponse<string>.Success($"创建消费者用户 {consumer.Name} 和 ACLs 规则成功"); | |||
| } | |||
| /**public async Task<ApiResponse<string>> Consumer([FromBody] ScramAclsConsumerReq consumer) | |||
| { | |||
| // 创建用户 | |||
| ScramCredentialsUser scramUser = new() | |||
| @@ -52,6 +134,106 @@ namespace TelpoKafkaConsole.WebApi.Controllers | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| //}, | |||
| //new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:superuser", | |||
| // Host = "*", | |||
| // Operation = AclOperation.All, | |||
| // PermissionType = AclPermissionType.Allow | |||
| // } | |||
| //}, | |||
| //// 禁止查看 | |||
| // new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:{consumer.Name}", | |||
| // Host = "*", | |||
| // Operation = AclOperation.Describe, | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| // }, | |||
| // // 禁止修改 | |||
| // new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:{consumer.Name}", | |||
| // Host = "*", | |||
| // Operation = AclOperation.Alter, | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| // }, | |||
| //// 禁止写入 | |||
| //new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:{consumer.Name}", | |||
| // Host = "*", | |||
| // Operation = AclOperation.Write, | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| // }, | |||
| //// 禁止创建 | |||
| //new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:{consumer.Name}", | |||
| // Host = "*", | |||
| // Operation = AclOperation.Create, | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| // }, | |||
| //new AclBinding() | |||
| // { | |||
| // Pattern = new ResourcePattern | |||
| // { | |||
| // Type = ResourceType.Broker, | |||
| // Name = "kafka-cluster", | |||
| // ResourcePatternType = ResourcePatternType.Literal | |||
| // }, | |||
| // Entry = new AccessControlEntry | |||
| // { | |||
| // Principal = $"User:{consumer.Name}", | |||
| // Host = "*", | |||
| // Operation = AclOperation.Unknown, | |||
| // PermissionType = AclPermissionType.Deny | |||
| // } | |||
| // }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| @@ -83,6 +265,86 @@ namespace TelpoKafkaConsole.WebApi.Controllers | |||
| Operation = AclOperation.Read, | |||
| PermissionType = AclPermissionType.Allow | |||
| } | |||
| }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Any, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Write, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Topic, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Write, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Topic, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Alter, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Topic, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Describe, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| }, | |||
| new AclBinding() | |||
| { | |||
| Pattern = new ResourcePattern | |||
| { | |||
| Type = ResourceType.Topic, | |||
| Name = consumer.Group, | |||
| ResourcePatternType = ResourcePatternType.Literal | |||
| }, | |||
| Entry = new AccessControlEntry | |||
| { | |||
| Principal = $"User:{consumer.Name}", | |||
| Host = "*", | |||
| Operation = AclOperation.Delete, | |||
| PermissionType = AclPermissionType.Deny | |||
| } | |||
| } | |||
| }; | |||
| await _servicekafkaAdmin.CreateAclsAsync(aclBindings); | |||
| @@ -90,6 +352,7 @@ namespace TelpoKafkaConsole.WebApi.Controllers | |||
| return ApiResponse<string>.Success($"创建 消费者用户 {consumer.Name} Acls 规则成功"); | |||
| } | |||
| */ | |||
| // POST api/<ScramAclsController>/Producer | |||
| [HttpPost("Producer")] // 添加了路由 | |||
Loading…