diff --git a/src/main/java/com/michelin/ns4kafka/service/AclService.java b/src/main/java/com/michelin/ns4kafka/service/AclService.java index d476f6f9..e394e79f 100644 --- a/src/main/java/com/michelin/ns4kafka/service/AclService.java +++ b/src/main/java/com/michelin/ns4kafka/service/AclService.java @@ -255,7 +255,7 @@ public void delete(AccessControlEntry accessControlEntry) { * @return A list of ACLs */ public List findAllGrantedToNamespace(Namespace namespace) { - return accessControlEntryRepository.findAll() + return findAllForCluster(namespace.getMetadata().getCluster()) .stream() .filter(acl -> acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) || acl.getSpec().getGrantedTo().equals(PUBLIC_GRANTED_TO)) @@ -269,7 +269,7 @@ public List findAllGrantedToNamespace(Namespace namespace) { * @return A list of ACLs */ public List findAllGrantedByNamespace(Namespace namespace) { - return accessControlEntryRepository.findAll() + return findAllForCluster(namespace.getMetadata().getCluster()) .stream() .filter(acl -> acl.getMetadata().getNamespace().equals(namespace.getMetadata().getName())) .toList(); @@ -282,7 +282,7 @@ public List findAllGrantedByNamespace(Namespace namespace) { * @return A list of ACLs */ public List findAllGrantedByNamespaceToOthers(Namespace namespace) { - return accessControlEntryRepository.findAll() + return findAllForCluster(namespace.getMetadata().getCluster()) .stream() .filter(acl -> acl.getMetadata().getNamespace().equals(namespace.getMetadata().getName())) .filter(acl -> !acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName())) @@ -296,7 +296,7 @@ public List findAllGrantedByNamespaceToOthers(Namespace name * @return A list of ACLs */ public List findAllRelatedToNamespace(Namespace namespace) { - return accessControlEntryRepository.findAll() + return findAllForCluster(namespace.getMetadata().getCluster()) .stream() .filter(acl -> acl.getMetadata().getNamespace().equals(namespace.getMetadata().getName()) || acl.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) @@ -374,7 +374,7 @@ public List findAllRelatedToNamespaceByWildcardName(Namespac */ public List findResourceOwnerGrantedToNamespace(Namespace namespace, AccessControlEntry.ResourceType resourceType) { - return accessControlEntryRepository.findAll() + return findAllForCluster(namespace.getMetadata().getCluster()) .stream() .filter(accessControlEntry -> accessControlEntry.getSpec().getGrantedTo().equals(namespace.getMetadata().getName()) @@ -402,7 +402,8 @@ public List findAllPublicGrantedTo() { * @return A list of ACLs */ public List findAllForNamespace(Namespace namespace) { - return accessControlEntryRepository.findAll().stream() + return findAllForCluster(namespace.getMetadata().getCluster()) + .stream() .filter(accessControlEntry -> accessControlEntry.getMetadata().getNamespace() .equals(namespace.getMetadata().getName())) .toList(); diff --git a/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java b/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java index 54045e9a..7c3caa28 100644 --- a/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java +++ b/src/test/java/com/michelin/ns4kafka/service/AclServiceTest.java @@ -150,8 +150,10 @@ void shouldNotValidateAclBecauseNotOwnerOfTopLevelResourceHavingBadPrefix() { .permission(AccessControlEntry.Permission.OWNER) .resource("main.sub") .grantedTo("namespace") - .build() - ) + .build()) + .metadata(Metadata.builder() + .cluster("local") + .build()) .build() )); @@ -196,6 +198,9 @@ void shouldNotValidateAclBecauseNotOwnerOfTopLevelResourceHavingBadLiteral() { .resource("resource1") .grantedTo("namespace") .build()) + .metadata(Metadata.builder() + .cluster("local") + .build()) .build() )); @@ -217,6 +222,7 @@ void shouldValidateAclBecauseOwnerOfLiteral() { .metadata(Metadata.builder() .name("acl-name") .namespace("namespace") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -239,8 +245,10 @@ void shouldValidateAclBecauseOwnerOfLiteral() { .permission(AccessControlEntry.Permission.OWNER) .resource("resource1") .grantedTo("namespace") - .build() - ) + .build()) + .metadata(Metadata.builder() + .cluster("local") + .build()) .build() )); @@ -261,6 +269,7 @@ void shouldValidateAclBecauseOwnerOfPrefix() { .metadata(Metadata.builder() .name("acl-name") .namespace("namespace") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -284,8 +293,10 @@ void shouldValidateAclBecauseOwnerOfPrefix() { .permission(AccessControlEntry.Permission.OWNER) .resource("main") .grantedTo("namespace") - .build() - ) + .build()) + .metadata(Metadata.builder() + .cluster("local") + .build()) .build() )); @@ -306,6 +317,7 @@ void shouldValidateAclWhenGrantedToAll() { .metadata(Metadata.builder() .name("acl-name") .namespace("namespace") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -328,8 +340,10 @@ void shouldValidateAclWhenGrantedToAll() { .permission(AccessControlEntry.Permission.OWNER) .resource("main") .grantedTo("namespace") - .build() - ) + .build()) + .metadata(Metadata.builder() + .cluster("local") + .build()) .build() )); @@ -697,6 +711,7 @@ void shouldFindAllAclsGrantedToNamespace() { Namespace namespace = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") + .cluster("cluster") .build()) .build(); @@ -704,24 +719,36 @@ void shouldFindAllAclsGrantedToNamespace() { .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace1") .build()) + .metadata(Metadata.builder() + .cluster("cluster") + .build()) .build(); AccessControlEntry ace2 = AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace1") .build()) + .metadata(Metadata.builder() + .cluster("cluster") + .build()) .build(); AccessControlEntry ace3 = AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace2") .build()) + .metadata(Metadata.builder() + .cluster("cluster") + .build()) .build(); AccessControlEntry ace4 = AccessControlEntry.builder() .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("*") .build()) + .metadata(Metadata.builder() + .cluster("cluster") + .build()) .build(); when(accessControlEntryRepository.findAll()) @@ -769,12 +796,14 @@ void shouldFindAllAclForNamespace() { Namespace ns = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") + .cluster("local") .build()) .build(); AccessControlEntry ace1 = AccessControlEntry.builder() .metadata(Metadata.builder() .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace1") @@ -784,6 +813,7 @@ void shouldFindAllAclForNamespace() { AccessControlEntry ace2 = AccessControlEntry.builder() .metadata(Metadata.builder() .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace2") @@ -793,6 +823,7 @@ void shouldFindAllAclForNamespace() { AccessControlEntry ace3 = AccessControlEntry.builder() .metadata(Metadata.builder() .namespace("namespace2") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .grantedTo("namespace2") @@ -935,6 +966,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { Namespace ns = Namespace.builder() .metadata(Metadata.builder() .name("namespace2") + .cluster("cluster") .build()) .build(); @@ -942,6 +974,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-acl-topic") .namespace("namespace1") + .cluster("cluster") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -953,6 +986,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("acl-ns1-read-to-ns2") .namespace("namespace1") + .cluster("cluster") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -964,6 +998,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-connect-write-to-ns2") .namespace("namespace1") + .cluster("cluster") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) @@ -975,6 +1010,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns2-acl-topic") .namespace("namespace2") + .cluster("cluster") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -986,6 +1022,7 @@ void shouldFindAclGrantedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns3-read-topic-all") .namespace("namespace3") + .cluster("cluster") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1006,6 +1043,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { Namespace ns = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") + .cluster("local") .build()) .build(); @@ -1013,6 +1051,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-acl-topic") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1024,6 +1063,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-read-ns2") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1035,6 +1075,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-connect-write-to-ns2") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) @@ -1046,6 +1087,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns2-acl-topic") .namespace("namespace2") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1057,6 +1099,7 @@ void shouldFindAclGrantedByNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns3-read-topic-all") .namespace("namespace3") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1077,6 +1120,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { Namespace ns = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") + .cluster("local") .build()) .build(); @@ -1084,6 +1128,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { .metadata(Metadata.builder() .name("ns1-acl-topic") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1095,6 +1140,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { .metadata(Metadata.builder() .name("ns1-read-ns2") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1106,6 +1152,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { .metadata(Metadata.builder() .name("ns1-connect-write-to-ns2") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) @@ -1117,6 +1164,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { .metadata(Metadata.builder() .name("ns2-acl-topic") .namespace("namespace2") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1128,6 +1176,7 @@ void shouldFindAclGrantedByNamespaceToOthersByWildcardName() { .metadata(Metadata.builder() .name("ns3-read-topic-all") .namespace("namespace3") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1149,6 +1198,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-acl-topic") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1160,6 +1210,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("acl-ns2-read-to-ns1") .namespace("namespace2") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1171,6 +1222,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns1-acl-connect") .namespace("namespace1") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) @@ -1182,6 +1234,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns2-acl-topic") .namespace("namespace2") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1193,6 +1246,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns3-read-topic-all") .namespace("namespace3") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) @@ -1204,6 +1258,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { .metadata(Metadata.builder() .name("ns3-write-acl-ns1") .namespace("namespace3") + .cluster("local") .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.GROUP) @@ -1216,6 +1271,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { Namespace ns1 = Namespace.builder() .metadata(Metadata.builder() .name("namespace1") + .cluster("local") .build()) .build(); @@ -1228,6 +1284,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { Namespace ns2 = Namespace.builder() .metadata(Metadata.builder() .name("namespace2") + .cluster("local") .build()) .build(); @@ -1237,6 +1294,7 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { Namespace ns3 = Namespace.builder() .metadata(Metadata.builder() .name("namespace3") + .cluster("local") .build()) .build(); @@ -1247,8 +1305,15 @@ void shouldFindAclRelatedToNamespaceByWildcardName() { @Test void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { Namespace ns = Namespace.builder() - .metadata(Metadata.builder().name("namespace1").build()).build(); + .metadata(Metadata.builder() + .name("namespace1") + .cluster("local") + .build()) + .build(); AccessControlEntry acl1 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .permission(AccessControlEntry.Permission.OWNER) @@ -1256,6 +1321,9 @@ void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { .build(); AccessControlEntry acl2 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .permission(AccessControlEntry.Permission.READ) @@ -1263,6 +1331,9 @@ void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { .build(); AccessControlEntry acl3 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.CONNECT) .permission(AccessControlEntry.Permission.OWNER) @@ -1270,6 +1341,9 @@ void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { .build(); AccessControlEntry acl4 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .permission(AccessControlEntry.Permission.OWNER) @@ -1277,6 +1351,9 @@ void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { .build(); AccessControlEntry acl5 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.TOPIC) .permission(AccessControlEntry.Permission.READ) @@ -1284,6 +1361,9 @@ void shouldFindResourceWhereGivenNamespaceIsOwnerOf() { .build(); AccessControlEntry acl6 = AccessControlEntry.builder() + .metadata(Metadata.builder() + .cluster("local") + .build()) .spec(AccessControlEntry.AccessControlEntrySpec.builder() .resourceType(AccessControlEntry.ResourceType.GROUP) .permission(AccessControlEntry.Permission.WRITE)