Kafka ACL Report

Kafka ACL Report - Description
Explore the docs »

View Demo · Report Bug · Request Feature

Table of Contents

1. About The Project
   • Built With
2. Getting Started
   • Prerequisites
   • Installation
3. Usage
4. Roadmap
5. Contributing
6. License
7. Contact
8. Acknowledgements

About The Project

Apache Kafka ACL lack a mean to provide a mean to list ACLs associated to a Principal with kafka-acls commands (KIP-357)

The kafka-acl-report.sh provide a temporary solution for now.

Built With

• BASH

Getting Started

To get a local copy up and running follow these simple steps.

Prerequisites

• Linux bash
• kafka-acls.sh or kafka-acls - if to be executed through shell pipe
• Output of kafka-acls.sh or kafka-acls - if using a filename or STDIN (with cat )

Installation

1. Clone the repo to the location of your choice

cd <clone-parent-path-dir>
git clone https://github.com/gnlabrie/kafka-acl-report.git

2. Check the executable permission of the script

cd <clone-parent-path-dir>/kafka-acl-report
ls -la bin/kafka-acl-report.sh

Script should have - at least - the executable permission for the owner.

-rwxr-xr-x 1 user 197609 4277 Sep 30 03:05 kafka-acl-report.sh

Usage

The kafka-acl-report.sh script is taking a principal as input and either a filename or reading STDIN

Usage: kafka-acl-report.sh -p <principal> [ -f <filename> ]
 -p <principal>       (mandatory) The PRINCIPAL (case sensitive) you are looking to report on
 -f <filename>       (optional)  A file containing the output of the kafka-acls command
                                  If filename is not present, the script will read from STDIN

Show usage

cd <clone-parent-path-dir>/kafka-acl-report
./kafka-acl-report/bin/kafka-acl-report.sh -h

Example from sample directory

Principal with GROUP ACLs (username1)

cd <clone-parent-path-dir>/kafka-acl-report
cat ../sample/small.acls | ./kafka-acl-report/bin/kafka-acl-report.sh -u username1
The ACL for USER username1 are ...
   On GROUP group2 (LITERAL) has ALL ALLOW from HOST *

Principal with READ (LITERAL) ACLs on a TOPIC (username2)

cd <clone-parent-path-dir>/kafka-acl-report
cat ../sample/small.acls | ./kafka-acl-report/bin/kafka-acl-report.sh -u username2
The ACL for USER username2 are ...
   On TOPIC topic2 (LITERAL) has READ ALLOW from HOST *

Principal with WRITE (PREFIXED) ACLs on a TOPIC (username3)

cd <clone-parent-path-dir>/kafka-acl-report
cat ../sample/small.acls | ./kafka-acl-report/bin/kafka-acl-report.sh -u username3
The ACL for USER username3 are ...
   On TOPIC topic3 (PREFIXED) has WRITE ALLOW from HOST *

Principal with READ (PREFIXED) ACLs on a TOPIC (username4)

cd <clone-parent-path-dir>/kafka-acl-report
cat ../sample/small.acls | ./kafka-acl-report/bin/kafka-acl-report.sh -u username4
The ACL for USER username4 are ...
   On TOPIC topic3 (PREFIXED) has WRITE ALLOW from HOST *

Principal with no ACLs found (username)

cd <clone-parent-path-dir>/kafka-acl-report
cat ../sample/small.acls | ./kafka-acl-report/bin/kafka-acl-report.sh -u username
The ACL for USER username are ...

Roadmap

See the open issues for a list of proposed features (and known issues).

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

License

Distributed under the MIT License. See LICENSE for more information.

Contact

• Name : Guy Labrie
• Email: guy.labrie@cgsc.ca
• Project Link: https://github.com/gnlabrie/kafka-acl-report

Acknowledgements

Donation

If you like the tool and want to support the code, you can pay me a coke ...