Support to Add, Remove and List ACLs (Fixes #6)

README.md

@@ -49,7 +49,12 @@ parameters [here](https://github.com/bitnami/charts/tree/master/bitnami/kafka/#i
       ```
       helm repo add bitnami https://charts.bitnami.com/bitnami
       kubectl create ns kafka-cluster
-      helm upgrade --install kafka-dev -n kafka-cluster bitnami/kafka --set auth.clientProtocol=sasl --set deleteTopicEnable=true --wait
+      helm upgrade --install kafka-dev -n kafka-cluster bitnami/kafka \
+        --version 15.0.1 \
+        --set auth.clientProtocol=sasl \
+        --set deleteTopicEnable=true \
+        --set authorizerClassName="kafka.security.authorizer.AclAuthorizer" \
+        --wait
       ```
 
    Username is "user", obtain password using the following
@@ -84,34 +89,29 @@ parameters [here](https://github.com/bitnami/charts/tree/master/bitnami/kafka/#i
       sudo kubefwd svc -n kafka-cluster
       ```
 
-5. (optional) Install [kafka cli](https://github.com/birdayz/kaf).
+5. (optional) Install the [kafka cli](https://github.com/twmb/kcl).
 
 
 6. (optional) Configure the kafka cli to talk against local Kafka installation:
 
-    1. Create a config file for the client with the following content at `~/.kaf/config`:
+    1. Create a config file for the client with the following content at `~/.kcl/config.toml`:
 
        ```
-       current-cluster: local
-       clusteroverride: ""
-       clusters:
-       - name: local
-         version: ""
-         brokers:
-         - kafka-dev-0.kafka-dev-headless:9092
-         SASL:
-           mechanism: PLAIN
-           username: user
-           password: <password-you-obtained-in-step-2>
-         TLS: null
-         security-protocol: ""
-         schema-registry-url: ""
+       seed_brokers = ["kafka-dev-0.kafka-dev-headless:9092"]
+       timeout_ms = 10000
+
+       [sasl]
+       method = "plain"
+       user = "user"
+       pass = "<password-you-obtained-in-step-2>"
        ```
 
         1. Verify that cli could talk to the Kafka cluster:
 
        ```
-       kaf nodes
+       export  KCL_CONFIG_DIR=~/.kcl
+
+       kcl metadata --all
        ```
 
 ### Building and Running the provider locally

apis/acl/acl.go

@@ -0,0 +1,18 @@
+/*
+Copyright 2020 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package acl contains group Sample API versions
+package acl

apis/acl/v1alpha1/acl_types.go

@@ -0,0 +1,97 @@
+/*
+Copyright 2020 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"reflect"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+)
+
+// AccessControlListParameters are the configurable fields of a AccessControlList.
+type AccessControlListParameters struct {
+	// +kubebuilder
+	ResourceName	string `json:"resourceName"`
+	// +kubebuilder:validation:Enum=Unknown;Any;Topic;Group;Cluster;TransactionalID
+	ResourceType string `json:"resourceType"`
+	ResourcePrinciple    string `json:"resourcePrinciple"`
+	ResourceHost         string `json:"resourceHost"`
+	// +kubebuilder:validation:Enum=Unknown;Any;All;Read;Write;Create;Delete;Alter;Describe;ClusterAction;DescribeConfigs;AlterConfigs;IdempotentWrite
+	ResourceOperation string `json:"resourceOperation"`
+	// +kubebuilder:validation:Enum=Unknown;Any;Allow;Deny
+	ResourcePermissionType string `json:"resourcePermissionType"`
+	// +kubebuilder:validation:Enum=Prefixed;Any;Match;Literal
+	ResourcePatternTypeFilter string `json:"resourcePatternTypeFilter"`
+}
+
+// AccessControlListObservation are the observable fields of an AccessControlList
+type AccessControlListObservation struct {
+	ID string `json:"id,omitempty"`
+}
+
+// An AccessControlListSpec defines the desired state of an AccessControlList
+type AccessControlListSpec struct {
+	xpv1.ResourceSpec `json:",inline"`
+	ForProvider       AccessControlListParameters `json:"forProvider"`
+}
+
+// A AccessControlListStatus represents the observed state of a AccessControlList.
+type AccessControlListStatus struct {
+	xpv1.ResourceStatus `json:",inline"`
+	AtProvider          AccessControlListObservation `json:"atProvider,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// A AccessControlList is an example API type.
+// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
+// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
+// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,kafka}
+type AccessControlList struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AccessControlListSpec   `json:"spec"`
+	Status AccessControlListStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// AccessControlListList contains a list of AccessControlList
+type AccessControlListList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AccessControlList `json:"items"`
+}
+
+// AccessControlList type metadata.
+var (
+	AccessControlListKind             = reflect.TypeOf(AccessControlList{}).Name()
+	AccessControlListGroupKind        = schema.GroupKind{Group: Group, Kind: AccessControlListKind}.String()
+	AccessControlListKindAPIVersion   = AccessControlListKind + "." + SchemeGroupVersion.String()
+	AccessControlListGroupVersionKind = SchemeGroupVersion.WithKind(AccessControlListKind)
+)
+
+func init() {
+	SchemeBuilder.Register(&AccessControlList{}, &AccessControlListList{})
+}

apis/acl/v1alpha1/doc.go

@@ -0,0 +1,17 @@
+/*
+Copyright 2020 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1

apis/acl/v1alpha1/groupversion_info.go

@@ -0,0 +1,40 @@
+/*
+Copyright 2020 The Crossplane Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains the v1alpha1 group Sample resources of the Template provider.
+// +kubebuilder:object:generate=true
+// +groupName=acl.kafka.crossplane.io
+// +versionName=v1alpha1
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+// Package type metadata.
+const (
+	Group   = "acl.kafka.crossplane.io"
+	Version = "v1alpha1"
+)
+
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+)