Created
October 26, 2022 18:06
-
-
Save ram-pi/ee2d91f7b7c0c72d82eb2561861b74d5 to your computer and use it in GitHub Desktop.
Confluent RBAC - MDS APIs based role-bindings counter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
MDS_EP=http://localhost:8091 | |
MDS_BA=c3VwZXJVc2VyOnN1cGVyVXNlcg== | |
KAFKA_CLUSTER_ID=h0r1CE3LQYidma5HR0VhWg | |
CONNECT=connect-cluster | |
SR=schema-registry | |
KSQLDB=ksql-cluster | |
C3=c3-cluste | |
ROLES=$(curl --request GET --url $MDS_EP/security/1.0/roleNames --header "Authorization: Basic ${MDS_BA}" 2> /dev/null | sed 's/[][]//g') | |
IFS=, | |
PRINCPALS= | |
for r in $ROLES; | |
do | |
# STRIP QUOTES | |
r="${r//\"/}" | |
# GET PRINCIPALS FOR EACH ROLE | |
ROLE_PRINCIPALS= | |
ROLE_PRINCIPALS=$(curl --request POST --url $MDS_EP/security/1.0/lookup/role/${r} --header "Authorization: Basic ${MDS_BA}" --header 'Content-Type: application/json' \ | |
--data '{ | |
"clusters": { | |
"kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'" | |
} | |
}' 2> /dev/null | sed 's/[][]//g') | |
PRINCPALS+=$ROLE_PRINCIPALS, | |
done | |
# CSV-Like HEADER OUTPUT | |
echo "principal,cluster,role,bindings" | |
bindings=0 | |
for p in $PRINCPALS; | |
do | |
for r in $ROLES; | |
do | |
if [ -z "$p" ] || [ -z "$r" ] | |
then | |
break | |
fi | |
# strip quotes | |
p_strips_quotes="${p//\"/}" | |
r="${r//\"/}" | |
# get bindings per principal per role on kafka-cluster | |
tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{ | |
"clusters": { | |
"kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'" | |
} | |
} | |
' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length') | |
echo $p_strips_quotes,kafka_cluster,$r,$tmp | |
bindings=`expr $bindings + $tmp` | |
# get bindings per principal per role on schema-registry | |
tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{ | |
"clusters": { | |
"kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'", | |
"schema-registry-cluster": "'"${SR}"'" | |
} | |
} | |
' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length') | |
echo $p_strips_quotes,schema-registry,$r,$tmp | |
bindings=`expr $bindings + $tmp` | |
# get bindings per principal per role on connect | |
tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{ | |
"clusters": { | |
"kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'", | |
"connect-cluster": "'"${CONNECT}"'" | |
} | |
} | |
' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length') | |
echo $p_strips_quotes,connect,$r,$tmp | |
bindings=`expr $bindings + $tmp` | |
# get bindings per principal per role on ksql | |
tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{ | |
"clusters": { | |
"kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'", | |
"ksql-cluster": "'"${KSQL}"'" | |
} | |
} | |
' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length') | |
echo $p_strips_quotes,ksql,$r,$tmp | |
bindings=`expr $bindings + $tmp` | |
done | |
done | |
echo all,all,all,$bindings |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment