[GitHub] [rocketmq] xxd763795151 opened a new issue #2506: How to clear all topic permission list or group permission list of a acl account through the API

[GitBox]

xxd763795151 opened a new issue #2506:
URL: https://github.com/apache/rocketmq/issues/2506


   
   **FEATURE REQUEST**
   It`s terrible that using manual or command to configure a large number of 
acl accounts on different brokers in the cluster.Therefore,  I want to develop 
a web to complete these actions through the API that the rocketmq provided.
   
   Add or update the topic/group permission list, which I can do by 
overwriting. Such as:
   `            for (String addr : getBrokerAddrs()) {
                   AclConfig aclConfig = 
mqAdminExt.examineBrokerClusterAclConfig(addr);
                   PlainAccessConfig remoteConfig = null;
                   if (aclConfig.getPlainAccessConfigs() != null) {
                       for (PlainAccessConfig config : 
aclConfig.getPlainAccessConfigs()) {
                           if 
(config.getAccessKey().equals(addConfig.getAccessKey())) {
                               remoteConfig = config;
                               break;
                           }
                       }
                   }
                   if (remoteConfig == null) {
                       // May be the broker no acl config of the access key, 
therefore add it;
                       mqAdminExt.createAndUpdatePlainAccessConfig(addr, 
addConfig);
                   } else {
                       if (remoteConfig.getGroupPerms() == null) {
                           remoteConfig.setGroupPerms(new ArrayList<>());
                       }
                       removeExist(remoteConfig.getGroupPerms(), 
request.getGroupPerm().split("=")[0]);
                       remoteConfig.getGroupPerms().add(request.getGroupPerm());
                       mqAdminExt.createAndUpdatePlainAccessConfig(addr, 
remoteConfig);
                   }
               }`
   
   But, I have a problem when I want to remove the last element of topic 
permission list.
   I fount than I passed an empty topic list that could not overwrite it.The 
acl logic code of broke as follow（ 
org.apache.rocketmq.acl.plain.PlainPermissionManager#createAclAccessConfigMap）:
   `        // newAccountsMap 指向已存在的账户数据，如果新的权限列表为空了，就无法覆盖老的数据
           if (plainAccessConfig.getTopicPerms() != null && 
!plainAccessConfig.getTopicPerms().isEmpty()) {
               newAccountsMap.put(AclConstants.CONFIG_TOPIC_PERMS, 
plainAccessConfig.getTopicPerms());
           }
           if (plainAccessConfig.getGroupPerms() != null && 
!plainAccessConfig.getGroupPerms().isEmpty()) {
               newAccountsMap.put(AclConstants.CONFIG_GROUP_PERMS, 
plainAccessConfig.getGroupPerms());
           }
   
           return newAccountsMap;`
   
   I think the results are the same by the command.
   Therefore, I hope to provide some property that indicate which topic/group 
of the permission list that I want to remove.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org