Confluent RBAC - MDS APIs based role-bindings counter

script.sh

#!/bin/bash

MDS_EP=http://localhost:8091
MDS_BA=c3VwZXJVc2VyOnN1cGVyVXNlcg==

KAFKA_CLUSTER_ID=h0r1CE3LQYidma5HR0VhWg
CONNECT=connect-cluster
SR=schema-registry
KSQLDB=ksql-cluster
C3=c3-cluste

ROLES=$(curl --request GET --url $MDS_EP/security/1.0/roleNames --header "Authorization: Basic ${MDS_BA}" 2> /dev/null | sed 's/[][]//g')

IFS=,
PRINCPALS=
for r in $ROLES;
do
  # STRIP QUOTES
  r="${r//\"/}"

  # GET PRINCIPALS FOR EACH ROLE
  ROLE_PRINCIPALS=
  ROLE_PRINCIPALS=$(curl --request POST --url $MDS_EP/security/1.0/lookup/role/${r} --header "Authorization: Basic ${MDS_BA}" --header 'Content-Type: application/json' \
  --data '{
    "clusters": {
        "kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'"
      }
    }' 2> /dev/null | sed 's/[][]//g')
  PRINCPALS+=$ROLE_PRINCIPALS,
done

# CSV-Like HEADER OUTPUT
echo "principal,cluster,role,bindings"
bindings=0

for p in $PRINCPALS;
do
  for r in $ROLES;
  do
    if [ -z "$p" ] || [ -z "$r" ]
    then
        break
    fi

    # strip quotes
    p_strips_quotes="${p//\"/}"
    r="${r//\"/}"

    # get bindings per principal per role on kafka-cluster
    tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{
        "clusters": {
            "kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'"
        }
    }
    ' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length')

    echo $p_strips_quotes,kafka_cluster,$r,$tmp
    bindings=`expr $bindings + $tmp`

    # get bindings per principal per role on schema-registry
    tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{
        "clusters": {
            "kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'",
            "schema-registry-cluster": "'"${SR}"'"
        }
    }
    ' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length')

    echo $p_strips_quotes,schema-registry,$r,$tmp
    bindings=`expr $bindings + $tmp`

    # get bindings per principal per role on connect
    tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{
        "clusters": {
            "kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'",
            "connect-cluster": "'"${CONNECT}"'"
        }
    }
    ' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length')

    echo $p_strips_quotes,connect,$r,$tmp
    bindings=`expr $bindings + $tmp`

    # get bindings per principal per role on ksql
    tmp=$(curl --request POST --url $MDS_EP/security/1.0/lookup/rolebindings/principal/$p_strips_quotes --header 'Authorization: Basic '"${MDS_BA}"'' --header 'Content-Type: application/json' --data '{
        "clusters": {
            "kafka-cluster": "'"${KAFKA_CLUSTER_ID}"'",
            "ksql-cluster": "'"${KSQL}"'"
        }
    }
    ' 2> /dev/null | jq '.rolebindings.'"${p}"'.'"${r}"' | length')

    echo $p_strips_quotes,ksql,$r,$tmp
    bindings=`expr $bindings + $tmp`
  done
done

echo all,all,all,$bindings