feat: delete acl (#167)

* bump kafka-go to include acl apis

* add acl interfaces and aclinfo type stub

* pull latest kafka-go and use kafka-go aclresource type

* wip

* fix test

* fix typos

* get acls working

* getacls working

* upgrade cobra to latest

* finish separating get into separate subcommands

* remove unneeded variables

* wip

* pr feedback

* Revert "upgrade cobra to latest"

This reverts commit 7b8ee42.

* use getCliRunnerAndCtx in get acls

* more consistent variable names

* custom cobra type

* bring in new kafka-go

* support resource pattern type

* add support for acloperationtype and remove options for unknown

* improve descriptions

* support permissiontype and host filters

* add resource name filter and fix permission type formatting

* support principal filtering

* improve docs

* add examples

* remove comment

* remove TODOs that are complete

* remove TODOs that are complete

* update README

* fix test

* wip

* fix error handling

* error handling for zk

* more consistent error msg

* clean up createacl

* add TestBrokerClientCreateACLReadOnly

* improve zk tests

* run acl tests in ci

* enable acls for kafka 2.4.1 in ci

* fix zk tests

* skip TestBrokerClientCreateACLReadOnly on old versions of kafka

* try to debug

* handle nested errors from createacls

* operations -> operation

* operations -> operation

* remove setting log level in test

* clean up allowed types in help command

* fix merge conflict

* fix test

* add json annotations

* bump kafka-go to version on main

* wip

* basic tests

* start on getusers cmd

* add json annotations

* get users working

* wip

* add todos and fix type annotaitons

* improve test

* use CanTestBrokerAdminSecurity to feature flag test

* update README

* remove duplicate test from merge conflicts

* fix more merge conflicts

* create user working

* add uncommitted files

* start adding validation

* meta validation for users

* wip

* support dry run and skip confirm

* wip

* wip

* add more files

* resourcemta

* consistency checking for acls

* remove emacs backups

* remove user stuff

* remove diff from cluster.yaml file

* remove diff from topic file

* remove debug log

* smaller diff

* remove completed todos

* remove unused error helper

* add missing meta file

* skip ACL tests when ACLs cannot be used due to kafka version limitations

* fix loadacls test

* add more todos

* add validation and set defaults

* don't use ioutil

* move confirm to util package

* move confirm to util package

* add create to README

* use validation and setdefaults

* add example acl

* fix formatting in readme

* use released version of kafka-go

* fix spelling

* make invalid field more obvious

* fix dryrun and skip confirm

* stub out delete cli and implement admin

* integrate cli and add docs

* improve formatting

* add read only test

* improve documentation

* fix docstring and error message

* move things into new acl package and start on dry run

* finish dry run

* support deleting multiple acls

* add test for multiple deletes

* allow deleting multiple acls

* remove starting deletion log

* harden test

* remove unused highlighter

* rearrange plan for deletion

* fix grammar

* fix merge conflict

Author: petedannemann

README.md

@@ -164,6 +164,17 @@ The `create` command creates resources in the cluster from a configuration file.
 Currently, only ACLs are supported. The create command is separate from the apply
 command as it is intended for usage with immutable resources managed by topicctl.
 
+#### delete
+```
+topicctl delete [flags] [operation]
+```
+
+The `delete` subcommand deletes a particular resource type in the cluster.
+Currently, the following operations are supported:
+| Subcommand      | Description |
+| --------- | ----------- |
+| `delete acl [flags]` | Deletes a single ACL in the cluster matching the provided flags |
+
 #### get
 
 ```

cmd/topicctl/subcmd/create.go

@@ -8,10 +8,10 @@ import (
 	"path/filepath"
 	"syscall"
 
+	"github.com/segmentio/topicctl/pkg/acl"
 	"github.com/segmentio/topicctl/pkg/admin"
 	"github.com/segmentio/topicctl/pkg/cli"
 	"github.com/segmentio/topicctl/pkg/config"
-	"github.com/segmentio/topicctl/pkg/create"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -171,14 +171,14 @@ func createACL(
 			clusterConfigPath,
 		)
 
-		creatorConfig := create.ACLCreatorConfig{
+		aclAdminConfig := acl.ACLAdminConfig{
 			DryRun:        createConfig.dryRun,
 			SkipConfirm:   createConfig.skipConfirm,
 			ACLConfig:     aclConfig,
 			ClusterConfig: clusterConfig,
 		}
 
-		if err := cliRunner.CreateACL(ctx, creatorConfig); err != nil {
+		if err := cliRunner.CreateACL(ctx, aclAdminConfig); err != nil {
 			return err
 		}
 	}

cmd/topicctl/subcmd/delete.go

@@ -0,0 +1,147 @@
+package subcmd
+
+import (
+	"context"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/segmentio/kafka-go"
+	"github.com/segmentio/topicctl/pkg/acl"
+	"github.com/segmentio/topicctl/pkg/cli"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+var deleteCmd = &cobra.Command{
+	Use:   "delete [resource type]",
+	Short: "delete instances of a particular type",
+	Long: strings.Join(
+		[]string{
+			"Deletes instances of a particular type.",
+		},
+		"\n",
+	),
+	PersistentPreRunE: deletePreRun,
+}
+
+type deleteCmdConfig struct {
+	dryRun bool
+
+	shared sharedOptions
+}
+
+var deleteConfig deleteCmdConfig
+
+func init() {
+	deleteCmd.PersistentFlags().BoolVar(
+		&deleteConfig.dryRun,
+		"dry-run",
+		false,
+		"Do a dry-run",
+	)
+
+	addSharedFlags(deleteCmd, &deleteConfig.shared)
+	deleteCmd.AddCommand(
+		deleteACLCmd(),
+	)
+	RootCmd.AddCommand(deleteCmd)
+}
+
+func deletePreRun(cmd *cobra.Command, args []string) error {
+	return deleteConfig.shared.validate()
+}
+
+var deleteACLsConfig = aclsCmdConfig{}
+
+func deleteACLCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "acls [flags]",
+		Short: "Delete ACLs. Requires providing flags to target ACLs for deletion.",
+		Args:  cobra.NoArgs,
+		Example: `Delete read acls for topic my-topic, user 'User:default', and host '*'
+$ topicctl delete acls --resource-type topic --resource-pattern-type literal --resource-name my-topic --principal 'User:default' --host '*' --operation read --permission-type allow
+`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx := context.Background()
+			sess := session.Must(session.NewSession())
+
+			adminClient, err := deleteConfig.shared.getAdminClient(ctx, sess, deleteConfig.dryRun)
+			if err != nil {
+				return err
+			}
+			defer adminClient.Close()
+
+			cliRunner := cli.NewCLIRunner(adminClient, log.Infof, !noSpinner)
+
+			filter := kafka.DeleteACLsFilter{
+				ResourceTypeFilter:        kafka.ResourceType(deleteACLsConfig.resourceType),
+				ResourceNameFilter:        deleteACLsConfig.resourceNameFilter,
+				ResourcePatternTypeFilter: kafka.PatternType(deleteACLsConfig.resourcePatternType),
+				PrincipalFilter:           deleteACLsConfig.principalFilter,
+				HostFilter:                deleteACLsConfig.hostFilter,
+				Operation:                 kafka.ACLOperationType(deleteACLsConfig.operationType),
+				PermissionType:            kafka.ACLPermissionType(deleteACLsConfig.permissionType),
+			}
+
+			aclAdminConfig := acl.ACLAdminConfig{
+				// Omit fields we don't need for deletes
+				DryRun: deleteConfig.dryRun,
+				// Deletes cannot be skipped
+				SkipConfirm: false,
+			}
+
+			return cliRunner.DeleteACL(ctx, aclAdminConfig, filter)
+		},
+	}
+	cmd.Flags().StringVar(
+		&deleteACLsConfig.hostFilter,
+		"host",
+		"",
+		`The host to filter on. (e.g. 198.51.100.0) (Required)`,
+	)
+	cmd.MarkFlagRequired("host")
+
+	cmd.Flags().Var(
+		&deleteACLsConfig.operationType,
+		"operation",
+		`The operation that is being allowed or denied to filter on. allowed: [any, all, read, write, create, delete, alter, describe, clusteraction, describeconfigs, alterconfigs, idempotentwrite] (Required)`,
+	)
+	cmd.MarkFlagRequired("operation")
+
+	cmd.Flags().Var(
+		&deleteACLsConfig.permissionType,
+		"permission-type",
+		`The permission type to filter on. allowed: [any, allow, deny] (Required)`,
+	)
+	cmd.MarkFlagRequired("permission-type")
+
+	cmd.Flags().StringVar(
+		&deleteACLsConfig.principalFilter,
+		"principal",
+		"",
+		`The principal to filter on in principalType:name format (e.g. User:alice). (Required)`,
+	)
+	cmd.MarkFlagRequired("principal")
+
+	cmd.Flags().StringVar(
+		&deleteACLsConfig.resourceNameFilter,
+		"resource-name",
+		"",
+		`The resource name to filter on. (e.g. my-topic) (Required)`,
+	)
+	cmd.MarkFlagRequired("resource-name")
+
+	cmd.Flags().Var(
+		&deleteACLsConfig.resourcePatternType,
+		"resource-pattern-type",
+		`The type of the resource pattern or filter. allowed: [any, match, literal, prefixed]. "any" will match any pattern type (literal or prefixed), but will match the resource name exactly, where as "match" will perform pattern matching to list all acls that affect the supplied resource(s).`,
+	)
+
+	cmd.Flags().Var(
+		&deleteACLsConfig.resourceType,
+		"resource-type",
+		`The type of resource to filter on. allowed: [any, topic, group, cluster, transactionalid, delegationtoken] (Required)`,
+	)
+	cmd.MarkFlagRequired("resource-type")
+	return cmd
+}