using Confluent.Kafka.Admin;
using Microsoft.AspNetCore.Mvc;
using TelpoKafkaConsole.Model;
using TelpoKafkaConsole.Service;
using TelpoKafkaConsole.WebApi.Controllers.Api;
using TelpoKafkaConsole.WebApi.Model.Request;
using static Confluent.Kafka.ConfigPropertyNames;
namespace TelpoKafkaConsole.WebApi.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class ScramAclsController : ControllerBase
{
private readonly KafkaAdminService _servicekafkaAdmin;
public ScramAclsController(KafkaAdminService kafkaAdminService) { _servicekafkaAdmin = kafkaAdminService; }
// POST api/<ScramAclsController>/Consumer
[HttpPost("Consumer")] // 添加了路由
public async Task<ApiResponse<string>> Consumer([FromBody] ScramAclsConsumerReq consumer)
{
// 创建用户
ScramCredentialsUser scramUser = new()
{
Name = consumer.Name,
Password = consumer.Password,
};
await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser);
// 创建 topic
var topics = await _servicekafkaAdmin.DescribeTopicsAsync(new List<string> { consumer.Topic });
if (topics.Count.Equals(0))
{
await _servicekafkaAdmin.CreateTopic(consumer.Topic, TimeSpan.FromDays(3), consumer.NumPartitions);
}
// 创建 alcs
List<AclBinding> aclBindings = new()
{
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Broker,
Name = "kafka-cluster",
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.All,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Group,
Name = consumer.Group,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Read,
PermissionType = AclPermissionType.Allow
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = consumer.Topic,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{consumer.Name}",
Host = "*",
Operation = AclOperation.Read,
PermissionType = AclPermissionType.Allow
}
}
};
await _servicekafkaAdmin.CreateAclsAsync(aclBindings);
return ApiResponse<string>.Success($"创建 消费者用户 {consumer.Name} Acls 规则成功");
}
// POST api/<ScramAclsController>/Producer
[HttpPost("Producer")] // 添加了路由
public async Task<ApiResponse<string>> Producer([FromBody] ScramAclsProducerReq producer)
{
// 创建用户
ScramCredentialsUser scramUser = new()
{
Name = producer.Name,
Password = producer.Password,
};
await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser);
// 创建 topic
var topics = await _servicekafkaAdmin.DescribeTopicsAsync(new List<string> { producer.Topic });
if (topics.Count.Equals(0))
{
await _servicekafkaAdmin.CreateTopic(producer.Topic, TimeSpan.FromDays(3), producer.NumPartitions);
}
// 创建 alcs
List<AclBinding> aclBindings = new()
{
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Broker,
Name = "kafka-cluster",
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{producer.Name}",
Host = "*",
Operation = AclOperation.All,
PermissionType = AclPermissionType.Deny
}
},
new AclBinding()
{
Pattern = new ResourcePattern
{
Type = ResourceType.Topic,
Name = producer.Topic,
ResourcePatternType = ResourcePatternType.Literal
},
Entry = new AccessControlEntry
{
Principal = $"User:{producer.Name}",
Host = "*",
Operation = AclOperation.Write,
PermissionType = AclPermissionType.Allow
}
}
};
await _servicekafkaAdmin.CreateAclsAsync(aclBindings);
return ApiResponse<string>.Success($"创建 生产者用户 {producer.Name} Acls 规则成功");
}
// DELETE api/<ScramAclsController>/{username}
[HttpDelete("{username}")]
public async Task<ApiResponse<string>> Delete(string username)
{
// 删除用户
var scramUsers = await _servicekafkaAdmin.DescribeUserScramCredentialsAsync(new List<string>
{
username
});
if (scramUsers.Count==1)
{
ScramCredentialsUser scramUser = new()
{
Name = username
};
await _servicekafkaAdmin.AlterUserScramCredentialsAsync(scramUser, "DELETE");
}
// 删除alcs
var acls = await _servicekafkaAdmin.DescribeAclsAsync();
var userAclsBinding = acls.Where(i => i.Entry.Principal.EndsWith(username)).ToList();
if (userAclsBinding.Count>0)
{
await _servicekafkaAdmin.DeleteAclsAsync(userAclsBinding);
}
return ApiResponse<string>.Success($"删除用户 {username} 和 Acls 规则成功");
}
}
}