feat: add multi-file support and cce user accounts (#6)

Author: devshawn

docs/_coverpage.md

@@ -6,4 +6,5 @@
 - Automated Topic & ACL Management
 - Manage topics, services, and ACLs with desired state files
 
-[Documentation](/documentation.md)
+[Documentation](/documentation.md)
+[GitHub](https://github.com/devshawn/kafka-gitops)

src/main/java/com/devshawn/kafka/gitops/StateManager.java

@@ -19,6 +19,7 @@
 import com.devshawn.kafka.gitops.service.ConfluentCloudService;
 import com.devshawn.kafka.gitops.service.KafkaService;
 import com.devshawn.kafka.gitops.service.ParserService;
+import com.devshawn.kafka.gitops.service.RoleService;
 import com.devshawn.kafka.gitops.util.LogUtil;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -38,6 +39,7 @@ public class StateManager {
     private final ObjectMapper objectMapper;
     private final ParserService parserService;
     private final KafkaService kafkaService;
+    private final RoleService roleService;
     private final ConfluentCloudService confluentCloudService;
 
     private PlanManager planManager;
@@ -49,6 +51,7 @@ public StateManager(ManagerConfig managerConfig, ParserService parserService) {
         this.objectMapper = initializeObjectMapper();
         this.kafkaService = new KafkaService(KafkaGitopsConfigLoader.load());
         this.parserService = parserService;
+        this.roleService = new RoleService();
         this.confluentCloudService = new ConfluentCloudService(objectMapper);
         this.planManager = new PlanManager(managerConfig, kafkaService, objectMapper);
         this.applyManager = new ApplyManager(managerConfig, kafkaService);
@@ -93,11 +96,12 @@ public void createServiceAccounts() {
         AtomicInteger count = new AtomicInteger();
         if (isConfluentCloudEnabled(desiredStateFile)) {
             desiredStateFile.getServices().forEach((name, service) -> {
-                if (serviceAccounts.stream().noneMatch(it -> it.getName().equals(name))) {
-                    confluentCloudService.createServiceAccount(name);
-                    LogUtil.printSimpleSuccess(String.format("Successfully created service account: %s", name));
-                    count.getAndIncrement();
-                }
+                createServiceAccount(name, serviceAccounts, count);
+            });
+
+            desiredStateFile.getUsers().forEach((name, user) -> {
+                String serviceAccountName = String.format("user-%s", name);
+                createServiceAccount(serviceAccountName, serviceAccounts, count);
             });
         } else {
             throw new ConfluentCloudException("Confluent Cloud must be enabled in the state file to use this command.");
@@ -108,6 +112,14 @@ public void createServiceAccounts() {
         }
     }
 
+    private void createServiceAccount(String name, List<ServiceAccount> serviceAccounts, AtomicInteger count) {
+        if (serviceAccounts.stream().noneMatch(it -> it.getName().equals(name))) {
+            confluentCloudService.createServiceAccount(name);
+            LogUtil.printSimpleSuccess(String.format("Successfully created service account: %s", name));
+            count.getAndIncrement();
+        }
+    }
+
     private DesiredState getDesiredState() {
         DesiredStateFile desiredStateFile = parserService.parseStateFile();
         DesiredState.Builder desiredState = new DesiredState.Builder()
@@ -116,6 +128,7 @@ private DesiredState getDesiredState() {
 
         if (isConfluentCloudEnabled(desiredStateFile)) {
             generateConfluentCloudServiceAcls(desiredState, desiredStateFile);
+            generateConfluentCloudUserAcls(desiredState, desiredStateFile);
         } else {
             generateServiceAcls(desiredState, desiredStateFile);
         }
@@ -147,6 +160,22 @@ private void generateConfluentCloudServiceAcls(DesiredState.Builder desiredState
         });
     }
 
+    private void generateConfluentCloudUserAcls(DesiredState.Builder desiredState, DesiredStateFile desiredStateFile) {
+        List<ServiceAccount> serviceAccounts = confluentCloudService.getServiceAccounts();
+        desiredStateFile.getUsers().forEach((name, user) -> {
+            AtomicReference<Integer> index = new AtomicReference<>(0);
+            String serviceAccountName = String.format("user-%s", name);
+
+            Optional<ServiceAccount> serviceAccount = serviceAccounts.stream().filter(it -> it.getName().equals(serviceAccountName)).findFirst();
+            String serviceAccountId = serviceAccount.orElseThrow(() -> new ServiceAccountNotFoundException(serviceAccountName)).getId();
+
+            user.getRoles().forEach(role -> {
+                List<AclDetails.Builder> acls = roleService.getAcls(role, String.format("User:%s", serviceAccountId));
+                acls.forEach(acl -> desiredState.putAcls(String.format("%s-%s", name, index.getAndSet(index.get() + 1)), acl.build()));
+            });
+        });
+    }
+
     private void generateServiceAcls(DesiredState.Builder desiredState, DesiredStateFile desiredStateFile) {
         desiredStateFile.getServices().forEach((name, service) -> {
             AtomicReference<Integer> index = new AtomicReference<>(0);

src/main/java/com/devshawn/kafka/gitops/domain/state/DesiredStateFile.java

@@ -18,6 +18,8 @@ public interface DesiredStateFile {
 
     Map<String, TopicDetails> getTopics();
 
+    Map<String, UserDetails> getUsers();
+
     Map<String, Map<String, CustomAclDetails>> getCustomServiceAcls();
 
     class Builder extends DesiredStateFile_Builder {

src/main/java/com/devshawn/kafka/gitops/domain/state/UserDetails.java

@@ -0,0 +1,16 @@
+package com.devshawn.kafka.gitops.domain.state;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.inferred.freebuilder.FreeBuilder;
+
+import java.util.List;
+
+@FreeBuilder
+@JsonDeserialize(builder = UserDetails.Builder.class)
+public interface UserDetails {
+
+    List<String> getRoles();
+
+    class Builder extends UserDetails_Builder {
+    }
+}

src/main/java/com/devshawn/kafka/gitops/domain/state/settings/Settings.java

@@ -13,6 +13,8 @@ public interface Settings {
 
     Optional<SettingsTopics> getTopics();
 
+    Optional<SettingsFiles> getFiles();
+
     class Builder extends Settings_Builder {
     }
 }

src/main/java/com/devshawn/kafka/gitops/domain/state/settings/SettingsFiles.java

@@ -0,0 +1,20 @@
+package com.devshawn.kafka.gitops.domain.state.settings;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.inferred.freebuilder.FreeBuilder;
+
+import java.util.Optional;
+
+@FreeBuilder
+@JsonDeserialize(builder = SettingsFiles.Builder.class)
+public interface SettingsFiles {
+
+    Optional<String> getServices();
+
+    Optional<String> getTopics();
+
+    Optional<String> getUsers();
+
+    class Builder extends SettingsFiles_Builder {
+    }
+}

src/main/java/com/devshawn/kafka/gitops/service/ParserService.java

@@ -1,6 +1,7 @@
 package com.devshawn.kafka.gitops.service;
 
 import com.devshawn.kafka.gitops.domain.state.DesiredStateFile;
+import com.devshawn.kafka.gitops.domain.state.settings.SettingsFiles;
 import com.devshawn.kafka.gitops.exception.ValidationException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -16,6 +17,7 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Paths;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -36,10 +38,32 @@ public ParserService(File file) {
     }
 
     public DesiredStateFile parseStateFile() {
+        DesiredStateFile desiredStateFile = parseStateFile(file);
+        if (desiredStateFile.getSettings().isPresent() && desiredStateFile.getSettings().get().getFiles().isPresent()) {
+            DesiredStateFile.Builder builder = new DesiredStateFile.Builder().mergeFrom(desiredStateFile);
+            SettingsFiles settingsFiles = desiredStateFile.getSettings().get().getFiles().get();
+            if (settingsFiles.getServices().isPresent()) {
+                DesiredStateFile servicesFile = loadServiceFile(settingsFiles.getServices().get());
+                builder.putAllServices(servicesFile.getServices());
+            }
+            if (settingsFiles.getTopics().isPresent()) {
+                DesiredStateFile topicsFile = loadTopicsFile(settingsFiles.getTopics().get());
+                builder.putAllTopics(topicsFile.getTopics());
+            }
+            if (settingsFiles.getUsers().isPresent()) {
+                DesiredStateFile usersFile = loadUsersFile(settingsFiles.getUsers().get());
+                builder.putAllUsers(usersFile.getUsers());
+            }
+            return builder.build();
+        }
+        return desiredStateFile;
+    }
+
+    public DesiredStateFile parseStateFile(File stateFile) {
         log.info("Parsing desired state file...");
 
         try {
-            return objectMapper.readValue(file, DesiredStateFile.class);
+            return objectMapper.readValue(stateFile, DesiredStateFile.class);
         } catch (ValueInstantiationException ex) {
             List<String> fields = getYamlFields(ex);
             String joinedFields = String.join(" -> ", fields);
@@ -64,6 +88,34 @@ public DesiredStateFile parseStateFile() {
         }
     }
 
+    private DesiredStateFile loadServiceFile(String servicesFileName) {
+        File servicesFile = getAdditionalFile(servicesFileName);
+        if (!servicesFile.exists()) {
+            throw new ValidationException(String.format("Services file '%s' could not be found.", servicesFileName));
+        }
+        return parseStateFile(servicesFile);
+    }
+
+    private DesiredStateFile loadTopicsFile(String topicsFileName) {
+        File topicsFile = getAdditionalFile(topicsFileName);
+        if (!topicsFile.exists()) {
+            throw new ValidationException(String.format("Topics file '%s' could not be found.", topicsFileName));
+        }
+        return parseStateFile(topicsFile);
+    }
+
+    private DesiredStateFile loadUsersFile(String usersFileName) {
+        File usersFile = getAdditionalFile(usersFileName);
+        if (!usersFile.exists()) {
+            throw new ValidationException(String.format("Users file '%s' could not be found.", usersFileName));
+        }
+        return parseStateFile(usersFile);
+    }
+
+    private File getAdditionalFile(String fileName) {
+        return new File(Paths.get(file.getAbsoluteFile().getParent(), fileName).toString());
+    }
+
     private List<String> getYamlFields(JsonMappingException ex) {
         return ex.getPath().stream()
                 .map(JsonMappingException.Reference::getFieldName)

src/main/java/com/devshawn/kafka/gitops/service/RoleService.java

@@ -0,0 +1,70 @@
+package com.devshawn.kafka.gitops.service;
+
+import com.devshawn.kafka.gitops.domain.state.AclDetails;
+import com.devshawn.kafka.gitops.domain.state.ServiceDetails;
+import com.devshawn.kafka.gitops.exception.ValidationException;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+public class RoleService extends ServiceDetails {
+
+    public List<AclDetails.Builder> getAcls(String role, String principal) {
+        switch (role.toLowerCase()) {
+            case "reader":
+                return getReaderAcls(principal);
+            case "writer":
+                return getWriterAcls(principal);
+            case "operator":
+                return getOperatorAcls(principal);
+            default:
+                throw new ValidationException(String.format("Role '%s' does not exist. Supported roles: 'reader', 'writer', 'operator'.", role));
+        }
+    }
+
+    private List<AclDetails.Builder> getReaderAcls(String principal) {
+        List<AclDetails.Builder> acls = new ArrayList<>();
+        acls.add(generateReadAcl("*", Optional.of(principal)));
+        acls.add(generateConsumerGroupAcl("*", Optional.of(principal), "READ"));
+        return acls;
+    }
+
+    private List<AclDetails.Builder> getWriterAcls(String principal) {
+        List<AclDetails.Builder> acls = new ArrayList<>();
+        acls.add(generateWriteACL("*", Optional.of(principal)));
+        return acls;
+    }
+
+    private List<AclDetails.Builder> getOperatorAcls(String principal) {
+        List<AclDetails.Builder> acls = new ArrayList<>();
+        acls.add(getClusterDescribeAcl(principal));
+        acls.add(getWildcardTopicAcl(principal, "DESCRIBE"));
+        acls.add(getWildcardTopicAcl(principal, "DESCRIBE_CONFIGS"));
+        acls.add(generateConsumerGroupAcl("*", Optional.of(principal), "READ"));
+        acls.add(generateConsumerGroupAcl("*", Optional.of(principal), "DESCRIBE"));
+        return acls;
+    }
+
+    private AclDetails.Builder getWildcardTopicAcl(String principal, String operation) {
+        return new AclDetails.Builder()
+                .setHost("*")
+                .setType("TOPIC")
+                .setPermission("ALLOW")
+                .setPrincipal(principal)
+                .setOperation(operation)
+                .setPattern("LITERAL")
+                .setName("*");
+    }
+
+    private AclDetails.Builder getClusterDescribeAcl(String principal) {
+        return new AclDetails.Builder()
+                .setHost("*")
+                .setType("CLUSTER")
+                .setPermission("ALLOW")
+                .setPrincipal(principal)
+                .setOperation("DESCRIBE")
+                .setPattern("LITERAL")
+                .setName("kafka-cluster");
+    }
+}

src/test/groovy/com/devshawn/kafka/gitops/PlanCommandIntegrationSpec.groovy

@@ -117,7 +117,8 @@ class PlanCommandIntegrationSpec extends Specification {
         where:
         planName << [
                 "invalid-missing-principal",
-                "invalid-topic"
+                "invalid-topic",
+                "unrecognized-property"
         ]
     }
 }

src/test/resources/plans/unrecognized-property-output.txt

@@ -0,0 +1,3 @@
+Generating execution plan...
+
+[INVALID] Unrecognized field: [test] in state file definition: topics -> test-topic

src/test/resources/plans/unrecognized-property.yaml

@@ -0,0 +1,5 @@
+topics:
+  test-topic:
+    test: invalid
+    partitions: 1
+    replication: 1