Created
July 1, 2024 15:39
-
-
Save ram-pi/0658a42b0a8d7c77ccfb16df51089df4 to your computer and use it in GitHub Desktop.
Read kafka-acls --list and generate kafka-acls --add
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Parse an input file got from the output of the kafka-acls --list command and generate the kafka-acls --add commands | |
| # to add the same ACLs to another cluster. | |
| # The input file should be in the following format: | |
| # Current ACLs for resource `Group:my-group`: | |
| # (principal=User:my-user, host=*, operation=DESCRIBE, permissionType=ALLOW) | |
| # (principal=User:my-user, host=*, operation=READ, permissionType=ALLOW) | |
| # (principal=User:my-user, host=*, operation=WRITE, permissionType=ALLOW) | |
| # The script will generate the following commands: | |
| # kafka-acls --bootstrap-server <bootstrap-server> --command-config <command-config-path> --add --allow-principal 'User:my-user' --allow-host '*' --operation DESCRIBE --resource-pattern-type LITERAL --group my-group | |
| # kafka-acls --bootstrap-server <bootstrap-server> --command-config <command-config-path> --add --allow-principal 'User:my-user' --allow-host '*' --operation READ --resource-pattern-type LITERAL --group my-group | |
| # kafka-acls --bootstrap-server <bootstrap-server> --command-config <command-config-path> --add --allow-principal 'User:my-user' --allow-host '*' --operation WRITE --resource-pattern-type LITERAL --group my-group | |
| # help message if less than 3 arguments are passed | |
| if [ $# -lt 3 ]; then | |
| echo "Usage: $0 <filename> <bootstrap-server> <command-config-path>" | |
| exit 1 | |
| fi | |
| FILENAME=$1 | |
| BOOTSTRAP_SERVER=$2 | |
| COMMAND_CONFIG_PATH=$3 | |
| while read line ; do | |
| echo "$line" | grep -q ^Cur | |
| if [ $? -eq 0 ]; then | |
| TYPE=$(echo "$line" | cut -d= -f2 | cut -d, -f1 | cut -d\) -f1) | |
| NAME=$(echo "$line" | cut -d= -f3 | cut -d, -f1 | cut -d\) -f1) | |
| PATTERNTYPE=$(echo "$line" | cut -d= -f4 | cut -d, -f1 | cut -d\) -f1) | |
| else | |
| if [ ! -n "$line" ]; then | |
| continue | |
| fi | |
| PRINCIPAL=$(echo "$line" | awk -F'principal=' '{print $2}'| sed s/\,\ host\=.*$//) | |
| HOST=$(echo "$line" | awk -F'host=' '{print $2}'| sed s/\,\ operation\=.*$//) | |
| OPERATION=$(echo "$line" | awk -F'operation=' '{print $2}'| sed s/\,\ permissionType\=.*$//) | |
| PERMISSIONTYPE=$(echo "$line" | awk -F'permissionType=' '{print $2}'| cut -d')' -f1) | |
| # if PERMISSIONTYPE != ALLOW continue and skip | |
| if [ "$PERMISSIONTYPE" != "ALLOW" ]; then | |
| echo "Skipping $line as permissionType is not ALLOW." | |
| continue | |
| fi | |
| # if TYPE = TOPIC | |
| if [ "$TYPE" = "TOPIC" ]; then | |
| echo kafka-acls \ | |
| --bootstrap-server "${BOOTSTRAP_SERVER}" \ | |
| --command-config "${COMMAND_CONFIG_PATH}" \ | |
| --add \ | |
| --allow-principal \'"${PRINCIPAL}"\' \ | |
| --allow-host \'"${HOST}"\' \ | |
| --operation "$OPERATION" \ | |
| --resource-pattern-type "$PATTERNTYPE" \ | |
| --topic "$$NAME" | |
| fi | |
| # if TYPE = GROUP | |
| if [ "$TYPE" = "GROUP" ]; then | |
| echo kafka-acls \ | |
| --bootstrap-server "${BOOTSTRAP_SERVER}" \ | |
| --command-config "${COMMAND_CONFIG_PATH}" \ | |
| --add \ | |
| --allow-principal \'"${PRINCIPAL}"\' \ | |
| --allow-host \'"${HOST}"\' \ | |
| --operation "$OPERATION" \ | |
| --resource-pattern-type "$PATTERNTYPE" \ | |
| --group "$NAME" | |
| fi | |
| fi | |
| done < $FILENAME | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment