devshawn
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/MainCommand.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/com/devshawn/kafka/gitops/MainCommand.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/StateManager.java
Lines changed: 14 additions & 8 deletions b/‎src/main/java/com/devshawn/kafka/gitops/StateManager.java
Lines changed: 14 additions & 8 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/options/GetAclOptions.java
Lines changed: 16 additions & 0 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/options/GetAclOptions.java
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/AbstractService.java
Lines changed: 26 additions & 0 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/AbstractService.java
Lines changed: 26 additions & 0 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/ServiceDetails.java
Lines changed: 2 additions & 1 deletion b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/ServiceDetails.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/ApplicationService.java
Lines changed: 10 additions & 2 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/ApplicationService.java
Lines changed: 10 additions & 2 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaConnectService.java
Lines changed: 12 additions & 8 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaConnectService.java
Lines changed: 12 additions & 8 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaConnectorDetails.java
Lines changed: 9 additions & 1 deletion b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaConnectorDetails.java
Lines changed: 9 additions & 1 deletion
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaStreamsService.java
Lines changed: 10 additions & 2 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/service/KafkaStreamsService.java
Lines changed: 10 additions & 2 deletions
diff --git a/‎src/main/java/com/devshawn/kafka/gitops/domain/state/settings/Settings.java
Lines changed: 2 additions & 0 deletions b/‎src/main/java/com/devshawn/kafka/gitops/domain/state/settings/Settings.java
Lines changed: 2 additions & 0 deletions
@@ -12,7 +12,7 @@
 import java.util.concurrent.Callable;
 
 @Command(name = "kafka-gitops",
-        version = "0.2.8",
+        version = "0.2.9-SNAPSHOT",
         exitCodeOnInvalidInput = 0,
         subcommands = {
                 AccountCommand.class,
 
@@ -5,6 +5,7 @@
 import com.devshawn.kafka.gitops.config.KafkaGitopsConfigLoader;
 import com.devshawn.kafka.gitops.config.ManagerConfig;
 import com.devshawn.kafka.gitops.domain.confluent.ServiceAccount;
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.plan.DesiredPlan;
 import com.devshawn.kafka.gitops.domain.state.AclDetails;
 import com.devshawn.kafka.gitops.domain.state.CustomAclDetails;
@@ -53,6 +54,8 @@ public class StateManager {
     private PlanManager planManager;
     private ApplyManager applyManager;
 
+    private boolean describeAclEnabled = false;
+
     public StateManager(ManagerConfig managerConfig, ParserService parserService) {
         initializeLogger(managerConfig.isVerboseRequested());
         this.managerConfig = managerConfig;
@@ -69,6 +72,7 @@ public DesiredStateFile getAndValidateStateFile() {
         DesiredStateFile desiredStateFile = parserService.parseStateFile();
         validateTopics(desiredStateFile);
         validateCustomAcls(desiredStateFile);
+        this.describeAclEnabled = StateUtil.isDescribeTopicAclEnabled(desiredStateFile);
         return desiredStateFile;
     }
 
@@ -107,12 +111,11 @@ public void createServiceAccounts() {
         AtomicInteger count = new AtomicInteger();
         if (isConfluentCloudEnabled(desiredStateFile)) {
             desiredStateFile.getServices().forEach((name, service) -> {
-                createServiceAccount(name, serviceAccounts, count);
+                createServiceAccount(name, serviceAccounts, count, false);
             });
 
             desiredStateFile.getUsers().forEach((name, user) -> {
-                String serviceAccountName = String.format("user-%s", name);
-                createServiceAccount(serviceAccountName, serviceAccounts, count);
+                createServiceAccount(name, serviceAccounts, count, true);
             });
         } else {
             throw new ConfluentCloudException("Confluent Cloud must be enabled in the state file to use this command.");
@@ -123,9 +126,9 @@ public void createServiceAccounts() {
         }
     }
 
-    private void createServiceAccount(String name, List<ServiceAccount> serviceAccounts, AtomicInteger count) {
+    private void createServiceAccount(String name, List<ServiceAccount> serviceAccounts, AtomicInteger count, boolean isUser) {
         if (serviceAccounts.stream().noneMatch(it -> it.getName().equals(name))) {
-            confluentCloudService.createServiceAccount(name);
+            confluentCloudService.createServiceAccount(name, isUser);
             LogUtil.printSimpleSuccess(String.format("Successfully created service account: %s", name));
             count.getAndIncrement();
         }
@@ -169,7 +172,7 @@ private void generateConfluentCloudServiceAcls(DesiredState.Builder desiredState
             Optional<ServiceAccount> serviceAccount = serviceAccounts.stream().filter(it -> it.getName().equals(name)).findFirst();
             String serviceAccountId = serviceAccount.orElseThrow(() -> new ServiceAccountNotFoundException(name)).getId();
 
-            service.getAcls(name).forEach(aclDetails -> {
+            service.getAcls(buildGetAclOptions(name)).forEach(aclDetails -> {
                 aclDetails.setPrincipal(String.format("User:%s", serviceAccountId));
                 desiredState.putAcls(String.format("%s-%s", name, index.getAndSet(index.get() + 1)), aclDetails.build());
             });
@@ -213,7 +216,7 @@ private void generateConfluentCloudUserAcls(DesiredState.Builder desiredState, D
     private void generateServiceAcls(DesiredState.Builder desiredState, DesiredStateFile desiredStateFile) {
         desiredStateFile.getServices().forEach((name, service) -> {
             AtomicReference<Integer> index = new AtomicReference<>(0);
-            service.getAcls(name).forEach(aclDetails -> {
+            service.getAcls(buildGetAclOptions(name)).forEach(aclDetails -> {
                 desiredState.putAcls(String.format("%s-%s", name, index.getAndSet(index.get() + 1)), buildAclDetails(name, aclDetails));
             });
 
@@ -274,6 +277,10 @@ private List<String> getPrefixedTopicsToIgnore(DesiredStateFile desiredStateFile
         return topics;
     }
 
+    private GetAclOptions buildGetAclOptions(String serviceName) {
+        return new GetAclOptions.Builder().setServiceName(serviceName).setDescribeAclEnabled(describeAclEnabled).build();
+    }
+
     private void validateCustomAcls(DesiredStateFile desiredStateFile) {
         desiredStateFile.getCustomServiceAcls().forEach((service, details) -> {
             try {
@@ -307,7 +314,6 @@ private void validateTopics(DesiredStateFile desiredStateFile) {
                 throw new ValidationException("The default replication factor must be a positive integer.");
             }
         }
-
     }
 
     private boolean isConfluentCloudEnabled(DesiredStateFile desiredStateFile) {
 
@@ -0,0 +1,16 @@
+package com.devshawn.kafka.gitops.domain.options;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.inferred.freebuilder.FreeBuilder;
+
+@FreeBuilder
+@JsonDeserialize(builder = GetAclOptions.Builder.class)
+public interface GetAclOptions {
+
+    String getServiceName();
+
+    Boolean getDescribeAclEnabled();
+
+    class Builder extends GetAclOptions_Builder {
+    }
+}
@@ -30,6 +30,19 @@ public AclDetails.Builder generateWriteACL(String topic, Optional<String> princi
         return builder;
     }
 
+    public AclDetails.Builder generateDescribeAcl(String topic, Optional<String> principal) {
+        AclDetails.Builder builder = new AclDetails.Builder()
+                .setHost("*")
+                .setName(topic)
+                .setOperation("DESCRIBE")
+                .setPermission("ALLOW")
+                .setPattern("LITERAL")
+                .setType("TOPIC");
+
+        principal.ifPresent(builder::setPrincipal);
+        return builder;
+    }
+
     public AclDetails.Builder generatePrefixedTopicACL(String topic, Optional<String> principal, String operation) {
         AclDetails.Builder builder = new AclDetails.Builder()
                 .setHost("*")
@@ -55,4 +68,17 @@ public AclDetails.Builder generateConsumerGroupAcl(String consumerGroupId, Optio
         principal.ifPresent(builder::setPrincipal);
         return builder;
     }
+
+    public AclDetails.Builder generateClusterAcl(Optional<String> principal, String operation) {
+        AclDetails.Builder builder = new AclDetails.Builder()
+                .setHost("*")
+                .setName("kafka-cluster")
+                .setOperation(operation)
+                .setPermission("ALLOW")
+                .setPattern("LITERAL")
+                .setType("CLUSTER");
+
+        principal.ifPresent(builder::setPrincipal);
+        return builder;
+    }
 }
@@ -1,5 +1,6 @@
 package com.devshawn.kafka.gitops.domain.state;
 
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.state.service.ApplicationService;
 import com.devshawn.kafka.gitops.domain.state.service.KafkaConnectService;
 import com.devshawn.kafka.gitops.domain.state.service.KafkaStreamsService;
@@ -18,7 +19,7 @@ public abstract class ServiceDetails extends AbstractService {
 
     public String type;
 
-    public List<AclDetails.Builder> getAcls(String serviceName) {
+    public List<AclDetails.Builder> getAcls(GetAclOptions options) {
         throw new UnsupportedOperationException("Method getAcls is not implemented.");
     }
 }
@@ -1,7 +1,9 @@
 package com.devshawn.kafka.gitops.domain.state.service;
 
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.state.AclDetails;
 import com.devshawn.kafka.gitops.domain.state.ServiceDetails;
+import com.devshawn.kafka.gitops.util.HelperUtil;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.inferred.freebuilder.FreeBuilder;
@@ -24,12 +26,18 @@ public abstract class ApplicationService extends ServiceDetails {
     public abstract List<String> getConsumes();
 
     @Override
-    public List<AclDetails.Builder> getAcls(String serviceName) {
+    public List<AclDetails.Builder> getAcls(GetAclOptions options) {
         List<AclDetails.Builder> acls = new ArrayList<>();
         getProduces().forEach(topic -> acls.add(generateWriteACL(topic, getPrincipal())));
         getConsumes().forEach(topic -> acls.add(generateReadAcl(topic, getPrincipal())));
+
+        if (options.getDescribeAclEnabled()) {
+            List<String> allTopics = HelperUtil.uniqueCombine(getConsumes(), getProduces());
+            allTopics.forEach(topic -> acls.add(generateDescribeAcl(topic, getPrincipal())));
+        }
+
         if (!getConsumes().isEmpty()) {
-            String groupId = getGroupId().isPresent() ? getGroupId().get() : serviceName;
+            String groupId = getGroupId().isPresent() ? getGroupId().get() : options.getServiceName();
             acls.add(generateConsumerGroupAcl(groupId, getPrincipal(), "READ"));
         }
         return acls;
 
@@ -1,6 +1,7 @@
 package com.devshawn.kafka.gitops.domain.state.service;
 
 
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.state.AclDetails;
 import com.devshawn.kafka.gitops.domain.state.ServiceDetails;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -29,18 +30,21 @@ public abstract class KafkaConnectService extends ServiceDetails {
     public abstract Map<String, KafkaConnectorDetails> getConnectors();
 
     @Override
-    public List<AclDetails.Builder> getAcls(String serviceName) {
+    public List<AclDetails.Builder> getAcls(GetAclOptions options) {
         List<AclDetails.Builder> acls = new ArrayList<>();
         getProduces().forEach(topic -> acls.add(generateWriteACL(topic, getPrincipal())));
-        acls.addAll(getConnectWorkerAcls(serviceName));
+        if (options.getDescribeAclEnabled()) {
+            getProduces().forEach(topic -> acls.add(generateDescribeAcl(topic, getPrincipal())));
+        }
+        acls.addAll(getConnectWorkerAcls(options));
         return acls;
     }
 
-    private List<AclDetails.Builder> getConnectWorkerAcls(String serviceName) {
-        String groupId = getGroupId().isPresent() ? getGroupId().get() : serviceName;
-        String configTopic = getConfigTopic(serviceName);
-        String offsetTopic = getOffsetTopic(serviceName);
-        String statusTopic = getStatusTopic(serviceName);
+    private List<AclDetails.Builder> getConnectWorkerAcls(GetAclOptions options) {
+        String groupId = getGroupId().isPresent() ? getGroupId().get() : options.getServiceName();
+        String configTopic = getConfigTopic(options.getServiceName());
+        String offsetTopic = getOffsetTopic(options.getServiceName());
+        String statusTopic = getStatusTopic(options.getServiceName());
 
         List<AclDetails.Builder> acls = new ArrayList<>();
         acls.add(generateReadAcl(configTopic, getPrincipal()));
@@ -50,7 +54,7 @@ private List<AclDetails.Builder> getConnectWorkerAcls(String serviceName) {
         acls.add(generateWriteACL(offsetTopic, getPrincipal()));
         acls.add(generateWriteACL(statusTopic, getPrincipal()));
         acls.add(generateConsumerGroupAcl(groupId, getPrincipal(), "READ"));
-        getConnectors().forEach((connectorName, connector) -> acls.addAll(connector.getAcls(connectorName, getPrincipal())));
+        getConnectors().forEach((connectorName, connector) -> acls.addAll(connector.getAcls(connectorName, getPrincipal(), options)));
         return acls;
     }
 
 
@@ -1,7 +1,9 @@
 package com.devshawn.kafka.gitops.domain.state.service;
 
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.state.AbstractService;
 import com.devshawn.kafka.gitops.domain.state.AclDetails;
+import com.devshawn.kafka.gitops.util.HelperUtil;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.inferred.freebuilder.FreeBuilder;
 
@@ -17,10 +19,16 @@ public abstract class KafkaConnectorDetails extends AbstractService {
 
     public abstract List<String> getConsumes();
 
-    public List<AclDetails.Builder> getAcls(String connectorName, Optional<String> principal) {
+    public List<AclDetails.Builder> getAcls(String connectorName, Optional<String> principal, GetAclOptions options) {
         List<AclDetails.Builder> acls = new ArrayList<>();
         getProduces().forEach(topic -> acls.add(generateWriteACL(topic, principal)));
         getConsumes().forEach(topic -> acls.add(generateReadAcl(topic, principal)));
+
+        if (options.getDescribeAclEnabled()) {
+            List<String> allTopics = HelperUtil.uniqueCombine(getConsumes(), getProduces());
+            allTopics.forEach(topic -> acls.add(generateDescribeAcl(topic, principal)));
+        }
+
         if (!getConsumes().isEmpty()) {
             acls.add(generateConsumerGroupAcl(String.format("connect-%s", connectorName), principal, "READ"));
         }
 
@@ -1,7 +1,9 @@
 package com.devshawn.kafka.gitops.domain.state.service;
 
+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;
 import com.devshawn.kafka.gitops.domain.state.AclDetails;
 import com.devshawn.kafka.gitops.domain.state.ServiceDetails;
+import com.devshawn.kafka.gitops.util.HelperUtil;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import org.inferred.freebuilder.FreeBuilder;
@@ -24,11 +26,15 @@ public abstract class KafkaStreamsService extends ServiceDetails {
     public abstract List<String> getConsumes();
 
     @Override
-    public List<AclDetails.Builder> getAcls(String serviceName) {
+    public List<AclDetails.Builder> getAcls(GetAclOptions options) {
         List<AclDetails.Builder> acls = new ArrayList<>();
         getProduces().forEach(topic -> acls.add(generateWriteACL(topic, getPrincipal())));
         getConsumes().forEach(topic -> acls.add(generateReadAcl(topic, getPrincipal())));
-        acls.addAll(getInternalAcls(serviceName));
+        if (options.getDescribeAclEnabled()) {
+            List<String> allTopics = HelperUtil.uniqueCombine(getConsumes(), getProduces());
+            allTopics.forEach(topic -> acls.add(generateDescribeAcl(topic, getPrincipal())));
+        }
+        acls.addAll(getInternalAcls(options.getServiceName()));
         return acls;
     }
 
@@ -45,6 +51,8 @@ private List<AclDetails.Builder> getInternalAcls(String serviceName) {
         acls.add(generatePrefixedTopicACL(applicationId, getPrincipal(), "DESCRIBE_CONFIGS"));
         acls.add(generateConsumerGroupAcl(applicationId, getPrincipal(), "READ"));
         acls.add(generateConsumerGroupAcl(applicationId, getPrincipal(), "DESCRIBE"));
+        acls.add(generateConsumerGroupAcl(applicationId, getPrincipal(), "DELETE"));
+        acls.add(generateClusterAcl(getPrincipal(), "DESCRIBE_CONFIGS"));
         return acls;
     }
 
 
@@ -13,6 +13,8 @@ public interface Settings {
 
     Optional<SettingsTopics> getTopics();
 
+    Optional<SettingsServices> getServices();
+
     Optional<SettingsFiles> getFiles();
 
     class Builder extends Settings_Builder {
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`package com.devshawn.kafka.gitops.domain.state;`
`2`	`2`
	`3`	`+import com.devshawn.kafka.gitops.domain.options.GetAclOptions;`
`3`	`4`	`import com.devshawn.kafka.gitops.domain.state.service.ApplicationService;`
`4`	`5`	`import com.devshawn.kafka.gitops.domain.state.service.KafkaConnectService;`
`5`	`6`	`import com.devshawn.kafka.gitops.domain.state.service.KafkaStreamsService;`
`@@ -18,7 +19,7 @@ public abstract class ServiceDetails extends AbstractService {`
`18`	`19`
`19`	`20`	`public String type;`
`20`	`21`
`21`		`- public List<AclDetails.Builder> getAcls(String serviceName) {`
	`22`	`+ public List<AclDetails.Builder> getAcls(GetAclOptions options) {`
`22`	`23`	`throw new UnsupportedOperationException("Method getAcls is not implemented.");`
`23`	`24`	`}`
`24`	`25`	`}`