expose acl configuration as configMap

apache · May 15, 2024 · e22b504 · e22b504
1 parent 9752d8c
commit e22b504
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 14 deletions.
diff --git a/example/rocketmq_v1alpha1_broker_cr.yaml b/example/rocketmq_v1alpha1_broker_cr.yaml
@@ -28,6 +28,39 @@ data:
     brokerRole=ASYNC_MASTER
 
 ---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: broker-acl-config
+data:
+  plain_acl.yml: |
+    globalWhiteRemoteAddresses:
+      - 10.10.103.*
+      - 192.168.0.*
+
+    accounts:
+      - accessKey: RocketMQ
+        secretKey: 123456789 # |||
+        whiteRemoteAddress:
+        admin: false
+        defaultTopicPerm: DENY
+        defaultGroupPerm: SUB
+        topicPerms:
+          - topicA=DENY
+          - topicB=PUB|SUB
+          - topicC=SUB
+        groupPerms:
+          # the group should convert to retry topic
+          - groupA=DENY
+          - groupB=PUB|SUB
+          - groupC=SUB
+    
+      - accessKey: rocketmq2
+        secretKey: 123456789 # |||
+        whiteRemoteAddress: 192.168.1.*
+        # if it is admin, it could access all resources 
+        admin: true
+---
 apiVersion: rocketmq.apache.org/v1alpha1
 kind: Broker
 metadata:
@@ -75,6 +108,12 @@ spec:
         items:
           - key: broker-common.conf
             path: broker-common.conf
+    - name: broker-acl-config
+      configMap:
+        name: broker-acl-config
+        items:
+          - key: plain_acl.yml
+            path: plain_acl.yml
   # volumeClaimTemplates defines the storageClass
   volumeClaimTemplates:
     - metadata:

diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -46,9 +46,12 @@ const (
 	// SubscriptionGroupJsonDir is the directory of subscriptionGroup.json
 	SubscriptionGroupJsonDir = StoreConfigDir + "/subscriptionGroup.json"
 
-	// BrokerConfigDir is the directory of the mounted config file
+	// BrokerConfigPath is the directory of the mounted config file
 	BrokerConfigPath = DataPath + "/rocketmq/broker/conf"
 
+	// BrokerPlainAclConfigName is the name of mounted acl config file
+	BrokerPlainAclConfigName = "plain_acl.yml"
+
 	// BrokerConfigName is the name of mounted configuration file
 	BrokerConfigName = "broker-common.conf"
 

diff --git a/pkg/controller/broker/broker_controller.go b/pkg/controller/broker/broker_controller.go
@@ -484,19 +484,7 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker,
 							ContainerPort: cons.BrokerHighAvailabilityContainerPort,
 							Name:          cons.BrokerHighAvailabilityContainerPortName,
 						}},
-						VolumeMounts: []corev1.VolumeMount{{
-							MountPath: cons.LogMountPath,
-							Name:      broker.Spec.VolumeClaimTemplates[0].Name,
-							SubPath:   cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
-						}, {
-							MountPath: cons.StoreMountPath,
-							Name:      broker.Spec.VolumeClaimTemplates[0].Name,
-							SubPath:   cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
-						}, {
-							MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName,
-							Name:      broker.Spec.Volumes[0].Name,
-							SubPath:   cons.BrokerConfigName,
-						}},
+						VolumeMounts: getVolumeMounts(broker, brokerGroupIndex, replicaIndex),
 					}},
 					Volumes:         getVolumes(broker),
 					SecurityContext: getPodSecurityContext(broker),
@@ -512,6 +500,39 @@ func (r *ReconcileBroker) getBrokerStatefulSet(broker *rocketmqv1alpha1.Broker,
 
 }
 
+func getVolumeMounts(broker *rocketmqv1alpha1.Broker, brokerGroupIndex int, replicaIndex int) []corev1.VolumeMount {
+	mounts := make([]corev1.VolumeMount, 0)
+
+	if len(broker.Spec.VolumeClaimTemplates) >= 1 {
+		mounts = append(mounts, corev1.VolumeMount{
+			MountPath: cons.LogMountPath,
+			Name:      broker.Spec.VolumeClaimTemplates[0].Name,
+			SubPath:   cons.LogSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
+		})
+		mounts = append(mounts, corev1.VolumeMount{
+			MountPath: cons.StoreMountPath,
+			Name:      broker.Spec.VolumeClaimTemplates[0].Name,
+			SubPath:   cons.StoreSubPathName + getPathSuffix(broker, brokerGroupIndex, replicaIndex),
+		})
+	}
+	if len(broker.Spec.Volumes) >= 1 {
+		mounts = append(mounts, corev1.VolumeMount{
+			MountPath: cons.BrokerConfigPath + "/" + cons.BrokerConfigName,
+			Name:      broker.Spec.Volumes[0].Name,
+			SubPath:   cons.BrokerConfigName,
+		})
+	}
+
+	if len(broker.Spec.Volumes) > 1 {
+		mounts = append(mounts, corev1.VolumeMount{
+			MountPath: cons.BrokerConfigPath + "/" + cons.BrokerPlainAclConfigName,
+			Name:      broker.Spec.Volumes[1].Name,
+			SubPath:   cons.BrokerPlainAclConfigName,
+		})
+	}
+	return mounts
+}
+
 func getENV(broker *rocketmqv1alpha1.Broker, replicaIndex int, brokerGroupIndex int) []corev1.EnvVar {
 	envs := []corev1.EnvVar{{
 		Name:  cons.EnvNameServiceAddress,