Explorar el Código

调整权限

develop
H Vs hace 5 meses
padre
commit
dc239b3352
Se han modificado 1 ficheros con 263 adiciones y 0 borrados
  1. +263
    -0
      TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs

+ 263
- 0
TelpoKafkaConsole.WebApi/Controllers/ScramAclsController.cs Ver fichero

@@ -18,6 +18,88 @@ namespace TelpoKafkaConsole.WebApi.Controllers
// POST api/<ScramAclsController>/Consumer
[HttpPost("Consumer")] // 添加了路由
public async Task<ApiResponse<string>> Consumer([FromBody] ScramAclsConsumerReq consumer)
{

// 创建 SASL 用户
ScramCredentialsUser scramUser = new ScramCredentialsUser
{
Name = consumer.Name,
Password = consumer.Password
};
await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser);

// 检查并创建主题(如果不存在)
var topics = await _servicekafkaAdmin.DescribeTopicsAsync(new List<string> { consumer.Topic });
if (topics.Count == 0)
{
await _servicekafkaAdmin.CreateTopic(consumer.Topic, TimeSpan.FromDays(3), Math.Max(3, consumer.NumPartitions));
}

// 创建 ACLs
List<AclBinding> aclBindings = new List<AclBinding>
{
// 允许用户读取特定主题
new AclBinding
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Topic,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Read,
PermissionType = AclPermissionType.Allow
}
},
// 允许用户读取特定消费组
new AclBinding
{
Pattern = new ResourcePattern
{
Type = ResourceType.Group,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Read,
PermissionType = AclPermissionType.Allow
}
},
// 禁止用户执行任何其他操作(写入、修改、删除、描述等)
new AclBinding
{
Pattern = new ResourcePattern
{
Type = ResourceType.Group,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.All,
PermissionType = AclPermissionType.Deny
}
}
};

// 创建 ACLs
await _servicekafkaAdmin.CreateAclsAsync(aclBindings);

return ApiResponse<string>.Success($"创建消费者用户 {consumer.Name} 和 ACLs 规则成功");
}

/**public async Task<ApiResponse<string>> Consumer([FromBody] ScramAclsConsumerReq consumer)
{
// 创建用户
ScramCredentialsUser scramUser = new()
@@ -52,6 +134,106 @@ namespace TelpoKafkaConsole.WebApi.Controllers
// PermissionType = AclPermissionType.Deny
// }
//},
//new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:superuser",
// Host = "*",
// Operation = AclOperation.All,
// PermissionType = AclPermissionType.Allow
// }
//},
//// 禁止查看
// new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:{consumer.Name}",
// Host = "*",
// Operation = AclOperation.Describe,
// PermissionType = AclPermissionType.Deny
// }
// },
// // 禁止修改
// new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:{consumer.Name}",
// Host = "*",
// Operation = AclOperation.Alter,
// PermissionType = AclPermissionType.Deny
// }
// },
//// 禁止写入
//new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:{consumer.Name}",
// Host = "*",
// Operation = AclOperation.Write,
// PermissionType = AclPermissionType.Deny
// }
// },
//// 禁止创建
//new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:{consumer.Name}",
// Host = "*",
// Operation = AclOperation.Create,
// PermissionType = AclPermissionType.Deny
// }
// },
//new AclBinding()
// {
// Pattern = new ResourcePattern
// {
// Type = ResourceType.Broker,
// Name = "kafka-cluster",
// ResourcePatternType = ResourcePatternType.Literal
// },
// Entry = new AccessControlEntry
// {
// Principal = $"User:{consumer.Name}",
// Host = "*",
// Operation = AclOperation.Unknown,
// PermissionType = AclPermissionType.Deny
// }
// },
new AclBinding()
{
Pattern = new ResourcePattern
@@ -83,6 +265,86 @@ namespace TelpoKafkaConsole.WebApi.Controllers
Operation = AclOperation.Read,
PermissionType = AclPermissionType.Allow
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Any,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Write,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Write,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Alter,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Describe,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Delete,
PermissionType = AclPermissionType.Deny
}
}
};
await _servicekafkaAdmin.CreateAclsAsync(aclBindings);
@@ -90,6 +352,7 @@ namespace TelpoKafkaConsole.WebApi.Controllers

return ApiResponse<string>.Success($"创建 消费者用户 {consumer.Name} Acls 规则成功");
}
*/

// POST api/<ScramAclsController>/Producer
[HttpPost("Producer")] // 添加了路由


Cargando…
Cancelar
Guardar