Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/templates/kafka/create_kafka_users.sh.erb
Show All 10 Lines | usage () { | ||||
echo "$0 [--privileged] [--consumer-group-prefix prefix] username" | echo "$0 [--privileged] [--consumer-group-prefix prefix] username" | ||||
} | } | ||||
if (( $# < 1 )) || (( $# > 4 )); then | if (( $# < 1 )) || (( $# > 4 )); then | ||||
usage | usage | ||||
exit 1 | exit 1 | ||||
fi | fi | ||||
topic_prefixes="swh.journal.objects. swh.journal.indexed." | |||||
privileged_topic_prefixes="swh.journal.objects_privileged." | |||||
privileged="unprivileged" | privileged="unprivileged" | ||||
cgrp_prefix="" | cgrp_prefix="" | ||||
ops="READ DESCRIBE" | |||||
while (( $# )); do | while (( $# )); do | ||||
if [ $1 = "--privileged" ]; then | if [ $1 = "--privileged" ]; then | ||||
privileged="privileged" | privileged="privileged" | ||||
shift | shift | ||||
elif [ $1 = "--consumer-group-prefix" ]; then | elif [ $1 = "--consumer-group-prefix" ]; then | ||||
cgrp_prefix=$2 | cgrp_prefix=$2 | ||||
shift | shift | ||||
shift | shift | ||||
elif [ $1 = "--topic_prefixes" ]; then | |||||
topic_prefixes=$2 | |||||
shift | |||||
shift | |||||
elif [ $1 = "--privileged_topic_prefixes" ]; then | |||||
privileged_topic_prefixes=$2 | |||||
shift | |||||
shift | |||||
elif [ $1 = "--rw" ]; then | |||||
ops="${OPS} WRITE" | |||||
shift | |||||
elif [ $1 = "--admin" ]; then | |||||
ops="${OPS} DELETE CREATE" | |||||
shift | |||||
else | else | ||||
username=$1 | username=$1 | ||||
break | break | ||||
fi | fi | ||||
done | done | ||||
if [ -z "$username" ]; then | if [ -z "$username" ]; then | ||||
usage | usage | ||||
Show All 13 Lines | |||||
/opt/kafka/bin/kafka-configs.sh \ | /opt/kafka/bin/kafka-configs.sh \ | ||||
--zookeeper "$zookeepers" \ | --zookeeper "$zookeepers" \ | ||||
--alter \ | --alter \ | ||||
--add-config "SCRAM-SHA-256=[iterations=8192,password=$password],SCRAM-SHA-512=[password=$password]" \ | --add-config "SCRAM-SHA-256=[iterations=8192,password=$password],SCRAM-SHA-512=[password=$password]" \ | ||||
--entity-type users \ | --entity-type users \ | ||||
--entity-name $username | --entity-name $username | ||||
topic_prefixes="swh.journal.objects. swh.journal.indexed." | |||||
if [ $privileged = "privileged" ]; then | if [ $privileged = "privileged" ]; then | ||||
topic_prefixes="$topic_prefixes swh.journal.objects_privileged." | topic_prefixes="${topic_prefixes} ${privileged_topic_prefixes}" | ||||
fi | fi | ||||
for topic_prefix in $topic_prefixes; do | for topic_prefix in $topic_prefixes; do | ||||
echo "Granting access to topics $topic_prefix to $username" | echo "Granting access to topics $topic_prefix to $username" | ||||
for op in READ DESCRIBE; do | for op in ${OPS}; do | ||||
/opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --topic $topic_prefix --allow-principal User:$username --operation $op | /opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --topic $topic_prefix --allow-principal User:$username --operation $op | ||||
done | done | ||||
done | done | ||||
echo "Granting access to consumer group prefix $cgrp_prefix to $username" | echo "Granting access to consumer group prefix $cgrp_prefix to $username" | ||||
/opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --group ${cgrp_prefix} --allow-principal User:$username --operation READ | /opt/kafka/bin/kafka-acls.sh --bootstrap-server $brokers --add --resource-pattern-type PREFIXED --group ${cgrp_prefix} --allow-principal User:$username --operation READ |