Filter rebalance list using permissions, use Kafka type enum

Signed-off-by: Michael Edgar <[email protected]>
streamshub · Nov 19, 2024 · 76e7fb6 · 76e7fb6
1 parent 7da83b5
commit 76e7fb6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java b/api/src/main/java/com/github/streamshub/console/api/security/PermissionService.java
@@ -4,29 +4,25 @@
 import java.util.Set;
 import java.util.function.Function;
 import java.util.function.Predicate;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import jakarta.enterprise.context.RequestScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.ForbiddenException;
 
-import com.github.streamshub.console.api.model.ConsumerGroup;
-import com.github.streamshub.console.api.model.KafkaRebalance;
-import com.github.streamshub.console.api.model.KafkaRecord;
-import com.github.streamshub.console.api.model.Topic;
 import com.github.streamshub.console.api.support.KafkaContext;
 import com.github.streamshub.console.config.security.Privilege;
+import com.github.streamshub.console.config.security.ResourceTypes;
 
 import io.quarkus.security.identity.SecurityIdentity;
 
 @RequestScoped
 public class PermissionService {
 
-    private static final Set<String> KAFKA_SUBRESOURCES = Set.of(
-            ConsumerGroup.API_TYPE,
-            KafkaRebalance.API_TYPE,
-            // Records are a sub-resource of topics
-            Topic.API_TYPE + '/' + KafkaRecord.API_TYPE,
-            Topic.API_TYPE);
+    private static final Set<String> KAFKA_SUBRESOURCES = Stream.of(ResourceTypes.Kafka.values())
+            .map(v -> v.value())
+            .collect(Collectors.toSet());
 
     @Inject
     SecurityIdentity securityIdentity;

diff --git a/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java b/api/src/main/java/com/github/streamshub/console/api/service/KafkaRebalanceService.java
@@ -18,9 +18,12 @@
 
 import com.github.streamshub.console.api.model.Condition;
 import com.github.streamshub.console.api.model.KafkaRebalance;
+import com.github.streamshub.console.api.security.PermissionService;
 import com.github.streamshub.console.api.support.KafkaContext;
 import com.github.streamshub.console.api.support.ListRequestContext;
 import com.github.streamshub.console.config.ConsoleConfig;
+import com.github.streamshub.console.config.security.Privilege;
+import com.github.streamshub.console.config.security.ResourceTypes;
 
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.informers.cache.Cache;
@@ -47,11 +50,18 @@ public class KafkaRebalanceService {
     @Inject
     KafkaContext kafkaContext;
 
+    @Inject
+    PermissionService permissionService;
+
     public List<KafkaRebalance> listRebalances(ListRequestContext<KafkaRebalance> listSupport) {
         final Map<String, Integer> statuses = new HashMap<>();
         listSupport.meta().put("summary", Map.of("statuses", statuses));
 
         return rebalanceResources()
+                .filter(permissionService.permitted(
+                        ResourceTypes.Kafka.REBALANCES.value(),
+                        Privilege.LIST,
+                        r -> r.getMetadata().getName()))
                 .map(this::toKafkaRebalance)
                 .map(rebalance -> tallyStatus(statuses, rebalance))
                 .filter(listSupport)