diff --git a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java index 4ea82fe12..b3877a336 100644 --- a/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java +++ b/api/src/main/java/io/kafbat/ui/service/acl/AclsService.java @@ -158,7 +158,7 @@ public Mono createConsumerAcl(KafkaCluster cluster, CreateConsumerAclDTO r .then(); } - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups private List createConsumerBindings(CreateConsumerAclDTO request) { List bindings = new ArrayList<>(); bindings.addAll( @@ -172,7 +172,7 @@ private List createConsumerBindings(CreateConsumerAclDTO request) { bindings.addAll( createAllowBindings( GROUP, - List.of(READ), + List.of(READ, DESCRIBE), request.getPrincipal(), request.getHost(), request.getConsumerGroupsPrefix(), diff --git a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java index 189e7c060..cfa46d1eb 100644 --- a/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java +++ b/api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java @@ -103,10 +103,10 @@ void createsConsumerDependantAcls() { .topics(List.of("t1", "t2")) ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(6) + .hasSize(8) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "t1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -122,9 +122,15 @@ void createsConsumerDependantAcls() { .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test @@ -145,10 +151,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { .topicsPrefix("topicPref") ).block(); - //Read, Describe on topics, Read on consumerGroups + //Read, Describe on topics and consumerGroups Collection createdBindings = createdCaptor.getValue(); assertThat(createdBindings) - .hasSize(3) + .hasSize(4) .contains(new AclBinding( new ResourcePattern(ResourceType.TOPIC, "topicPref", PatternType.PREFIXED), new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) @@ -157,7 +163,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() { new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))) .contains(new AclBinding( new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), - new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))); + new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW))) + .contains(new AclBinding( + new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED), + new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW))); } @Test