fix #103 (#107)

* fix #103

* changelog

Author: simplesteph

CHANGELOG.md

@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [0.11] - SNAPSHOT
 - Renamed packages to `io.conduktor`
 - Prepared release to sonatype and Maven
+- Renamed `ksm.extract` config to `ksm.extract.enable` (breaking change)
 
 ## [0.10.2] - 12/05/2021
 - Removed gRPC

README.md

@@ -152,7 +152,7 @@ Overall we use the [lightbend config](https://github.com/lightbend/config) libra
 The [default configurations](src/main/resources/application.conf) can be overwritten using the following environment variables:
 
 - `KSM_READONLY=false`: enables KSM to synchronize from an External ACL source. The default value is `true`, which prevents KSM from altering ACLs in Zookeeper
-- `KSM_EXTRACT=true`: enable extract mode (get all the ACLs from Kafka formatted as a CSV or YAML)
+- `KSM_EXTRACT_ENABLE=true`: enable extract mode (get all the ACLs from Kafka formatted as a CSV or YAML)
 - `KSM_EXTRACT_FORMAT=csv`: selects which format to extract the ACLs with (defaults to csv, supports also yaml)
 - `KSM_REFRESH_FREQUENCY_MS=10000`: how often to check for changes in ACLs in Kafka and in the Source. 10000 ms by default. If it's set to `0` or negative value, for example `-1`, then KMS executes ACL synchronization just once and exits
 - `KSM_NUM_FAILED_REFRESHES_BEFORE_NOTIFICATION=1`: how many times that the refresh of a Source needs to fail (e.g. HTTP timeouts) before a notification is sent. Any value less than or equal to `1` here will notify on every failure to refresh.
@@ -215,7 +215,7 @@ Alternatively, you can get the automatically built Docker images on [Docker Hub]
 Then apply to the docker run using for example (in EXTRACT mode):
 
 ```
-docker run -it -e AUTHORIZER_ZOOKEEPER_CONNECT="zookeeper-url:2181" -e KSM_EXTRACT=true \
+docker run -it -e AUTHORIZER_ZOOKEEPER_CONNECT="zookeeper-url:2181" -e KSM_EXTRACT_ENABLE=true \
             conduktor/kafka-security-manager:latest
 ```
 
@@ -234,7 +234,7 @@ For full usage of the docker-compose file see [kafka-security-manager](https://g
 
 ## Extracting ACLs
 
-You can initially extract all your existing ACL in Kafka by running the program with the config `extract=true` or `export KSM_EXTRACT=true`
+You can initially extract all your existing ACL in Kafka by running the program with the config `ksm.extract.enable=true` or `export KSM_EXTRACT_ENABLE=true`
 
 Output should look like:
 ```
@@ -254,7 +254,7 @@ You can then use place this CSV anywhere and use it as your source of truth.
 
 KSM Version | Kafka Version | Notes
 --- | --- | ---
-0.11.0 | 2.5.x | renamed packages to `io.conduktor` 
+0.11.0 | 2.5.x | renamed packages to `io.conduktor`. Breaking change on extract config name
 0.10.0 | 2.5.x | YAML support<br>Add configurable num failed refreshes before notification 
 0.9 | 2.5.x | Upgrade to Kafka 2.5.x
 0.8 | 2.3.1 | Add a "run once" mode

src/main/resources/application.conf

@@ -3,11 +3,12 @@ ksm {
   debug = false
   debug = ${?KSM_DEBUG}
 
-  extract = false
-  extract = ${?KSM_EXTRACT}
-
-  extract.format = csv
-  extract.format = ${?KSM_EXTRACT_FORMAT}
+  extract {
+    enable = false
+    enable = ${?KSM_EXTRACT_ENABLE}
+    format = csv
+    format = ${?KSM_EXTRACT_FORMAT}
+  }
 
   num.failed.refreshes.before.notification = 1
   num.failed.refreshes.before.notification = ${?KSM_NUM_FAILED_REFRESHES_BEFORE_NOTIFICATION}

src/main/scala/io/conduktor/ksm/AppConfig.scala

@@ -59,7 +59,7 @@ class AppConfig(config: Config) {
     private val ksmConfig = config.getConfig("ksm")
     val refreshFrequencyMs: Int = ksmConfig.getInt("refresh.frequency.ms")
     val numFailedRefreshesBeforeNotification: Int = ksmConfig.getInt("num.failed.refreshes.before.notification")
-    val extract: Boolean = ksmConfig.getBoolean("extract")
+    val extract: Boolean = ksmConfig.getBoolean("extract.enable")
     val extractFormat: String = ksmConfig.getString("extract.format")
     val readOnly: Boolean = ksmConfig.getBoolean("readonly")
   }

src/main/scala/io/conduktor/ksm/KafkaSecurityManager.scala

@@ -19,6 +19,13 @@ object KafkaSecurityManager extends App {
   val parserRegistry: AclParserRegistry = new AclParserRegistry(appConfig)
   val scheduler: ScheduledExecutorService = Executors.newScheduledThreadPool(1)
 
+  // For backward compatibility, see https://github.com/conduktor/kafka-security-manager/issues/103
+  val oldExtractConfig = sys.env.get("KSM_EXTRACT")
+  if (oldExtractConfig.isDefined) {
+    log.error("The KSM_EXTRACT environment variable has been renamed to KSM_EXTRACT_ENABLE. Please fix your scripts")
+    sys.exit(1)
+  }
+
   if (appConfig.KSM.extract) {
     val parser = parserRegistry.getParser(appConfig.KSM.extractFormat)
     new ExtractAcl(appConfig.Authorizer.authorizer, parser).extract()

src/main/scala/io/conduktor/ksm/parser/csv/CsvAclParser.scala

@@ -56,7 +56,7 @@ class CsvAclParser(delimiterInput: Char = ',') extends AclParser {
         log.warn(
           s"""Since you upgraded to Kafka 2.0, your CSV needs to include an extra column '$PATTERN_TYPE_COL', after $RESOURCE_TYPE_COL and before $RESOURCE_NAME_COL.
                     |The CSV header should be: KafkaPrincipal,ResourceType,PatternType,ResourceName,Operation,PermissionType,Host
-                    |For a quick fix, you can run the application with KSM_EXTRACT=true and replace your current CSV with the output of the command
+                    |For a quick fix, you can run the application with KSM_EXTRACT_ENABLE=true and replace your current CSV with the output of the command
                     |For backwards compatibility, the default value $PATTERN_TYPE_COL=LITERAL has been chosen""".stripMargin
         )
         // Default