redpanda-data · dotnwat · Aug 6, 2022 · Aug 4, 2022 · Aug 4, 2022 · Aug 5, 2022
diff --git a/src/v/cluster/types.h b/src/v/cluster/types.h
@@ -1703,6 +1703,12 @@ struct create_acls_cmd_data
     operator==(const create_acls_cmd_data&, const create_acls_cmd_data&)
       = default;
 
+    friend std::ostream&
+    operator<<(std::ostream& o, const create_acls_cmd_data& r) {
+        fmt::print(o, "{{ bindings: {} }}", r.bindings);
+        return o;
+    }
+
     auto serde_fields() { return std::tie(bindings); }
 };
 
@@ -1721,6 +1727,12 @@ struct create_acls_request
     operator==(const create_acls_request&, const create_acls_request&)
       = default;
 
+    friend std::ostream&
+    operator<<(std::ostream& o, const create_acls_request& r) {
+        fmt::print(o, "{{ data: {}, timeout: {} }}", r.data, r.timeout.count());
+        return o;
+    }
+
     void serde_read(iobuf_parser& in, const serde::header& h) {
         using serde::read_nested;
         data = read_nested<create_acls_cmd_data>(in, h._bytes_left_limit);

diff --git a/src/v/compat/acls_compat.h b/src/v/compat/acls_compat.h
@@ -17,6 +17,17 @@
 
 namespace compat {
 
+GEN_COMPAT_CHECK(
+  cluster::create_acls_request,
+  {
+      json_write(data);
+      json_write(timeout);
+  },
+  {
+      json_read(data);
+      json_read(timeout);
+  });
+
 GEN_COMPAT_CHECK(
   cluster::create_acls_reply,
   { json_write(results); },

diff --git a/src/v/compat/acls_generator.h b/src/v/compat/acls_generator.h
@@ -17,6 +17,20 @@
 
 namespace compat {
 
+template<>
+struct instance_generator<cluster::create_acls_request> {
+    static cluster::create_acls_request random() {
+        cluster::create_acls_cmd_data data;
+        auto rand_bindings = tests::random_vector(
+          [] { return tests::random_acl_binding(); });
+        data.bindings.insert(
+          data.bindings.end(), rand_bindings.begin(), rand_bindings.end());
+        return {data, tests::random_duration<model::timeout_clock::duration>()};
+    }
+
+    static std::vector<cluster::create_acls_request> limits() { return {{}}; }
+};
+
 template<>
 struct instance_generator<cluster::create_acls_reply> {
     static cluster::create_acls_reply random() {

diff --git a/src/v/compat/json.h b/src/v/compat/json.h
@@ -11,12 +11,16 @@
 #pragma once
 
 #include "cluster/partition_balancer_types.h"
+#include "cluster/types.h"
 #include "json/document.h"
 #include "json/json.h"
 #include "model/fundamental.h"
 #include "net/unresolved_address.h"
+#include "security/acl.h"
 #include "utils/base64.h"
 
+#include <seastar/net/inet_address.hh>
+
 namespace json {
 
 inline char const* to_str(rapidjson::Type const t) {
@@ -358,6 +362,132 @@ inline void read_value(
     read_member(rd, "full_nodes", violations.full_nodes);
 }
 
+inline void read_value(json::Value const& rd, security::acl_host& host) {
+    ss::sstring address;
+    read_member(rd, "address", address);
+    host.set_address(ss::net::inet_address(address));
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w, const security::acl_host& host) {
+    w.StartObject();
+    std::stringstream ss;
+    vassert(host.address(), "Unset optional address unexpected.");
+    ss << host.address().value();
+    w.Key("address");
+    rjson_serialize(w, ss.str());
+    w.EndObject();
+}
+
+inline void
+read_value(json::Value const& rd, security::acl_principal& principal) {
+    auto type = security::principal_type(
+      read_member_enum(rd, "type", security::principal_type{}));
+    ss::sstring name;
+    read_member(rd, "name", name);
+    principal.set_name(std::move(name));
+    principal.set_type(type);
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w,
+  const security::acl_principal& principal) {
+    w.StartObject();
+    w.Key("type");
+    rjson_serialize(w, principal.type());
+    w.Key("name");
+    rjson_serialize(w, principal.name());
+    w.EndObject();
+}
+
+inline void read_value(json::Value const& rd, security::acl_entry& entry) {
+    security::acl_principal principal;
+    security::acl_host host;
+    read_member(rd, "principal", principal);
+    read_member(rd, "host", host);
+    auto operation = security::acl_operation(
+      read_member_enum(rd, "operation", security::acl_operation{}));
+    auto permission = security::acl_permission(
+      read_member_enum(rd, "permission", security::acl_permission{}));
+    entry.set_principal(std::move(principal));
+    entry.set_host(std::move(host));
+    entry.set_operation(operation);
+    entry.set_permission(permission);
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w, const security::acl_entry& entry) {
+    w.StartObject();
+    w.Key("principal");
+    rjson_serialize(w, entry.principal());
+    w.Key("host");
+    rjson_serialize(w, entry.host());
+    w.Key("operation");
+    rjson_serialize(w, entry.operation());
+    w.Key("permission");
+    rjson_serialize(w, entry.permission());
+    w.EndObject();
+}
+
+inline void
+read_value(json::Value const& rd, security::resource_pattern& pattern) {
+    ss::sstring name;
+    auto resource = security::resource_type(
+      read_member_enum(rd, "resource", security::resource_type{}));
+    read_member(rd, "name", name);
+    auto pattern_type = security::pattern_type(
+      read_member_enum(rd, "pattern", security::pattern_type{}));
+    pattern.set_resource(resource);
+    pattern.set_name(std::move(name));
+    pattern.set_pattern(pattern_type);
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w,
+  const security::resource_pattern& pattern) {
+    w.StartObject();
+    w.Key("resource");
+    rjson_serialize(w, pattern.resource());
+    w.Key("name");
+    rjson_serialize(w, pattern.name());
+    w.Key("pattern");
+    rjson_serialize(w, pattern.pattern());
+    w.EndObject();
+}
+
+inline void read_value(json::Value const& rd, security::acl_binding& binding) {
+    security::resource_pattern pattern;
+    security::acl_entry entry;
+    read_member(rd, "pattern", pattern);
+    read_member(rd, "entry", entry);
+    binding.set_resource_pattern(std::move(pattern));
+    binding.set_acl_entry(std::move(entry));
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w, const security::acl_binding& data) {
+    w.StartObject();
+    w.Key("pattern");
+    rjson_serialize(w, data.pattern());
+    w.Key("entry");
+    rjson_serialize(w, data.entry());
+    w.EndObject();
+}
+
+inline void
+read_value(json::Value const& rd, cluster::create_acls_cmd_data& data) {
+    read_member(rd, "bindings", data.bindings);
+}
+
+inline void rjson_serialize(
+  json::Writer<json::StringBuffer>& w,
+  const cluster::create_acls_cmd_data& data) {
+    w.StartObject();
+    w.Key("bindings");
+    rjson_serialize(w, data.bindings);
+    w.EndObject();
+}
+
 #define json_write(_fname) json::write_member(wr, #_fname, obj._fname)
 #define json_read(_fname) json::read_member(rd, #_fname, obj._fname)
 

diff --git a/src/v/compat/run.cc b/src/v/compat/run.cc
@@ -108,6 +108,7 @@ using compat_checks = type_list<
   cluster::prepare_group_tx_reply,
   cluster::commit_tx_request,
   cluster::commit_tx_reply,
+  cluster::create_acls_request,
   cluster::create_acls_reply,
   cluster::reconciliation_state_request,
   cluster::partition_balancer_overview_request,

diff --git a/src/v/security/acl.h b/src/v/security/acl.h
@@ -239,6 +239,10 @@ class acl_principal : public serde::envelope<acl_principal, serde::version<0>> {
     principal_type type() const { return _type; }
     bool wildcard() const { return _name == "*"; }
 
+    void set_name(ss::sstring&& name) { _name = name; }
+
+    void set_type(principal_type type) { _type = type; }
+
     auto serde_fields() { return std::tie(_type, _name); }
 
 private:
@@ -285,6 +289,12 @@ class resource_pattern
     const ss::sstring& name() const { return _name; }
     pattern_type pattern() const { return _pattern; }
 
+    void set_resource(resource_type resource) { _resource = resource; }
+
+    void set_name(ss::sstring&& name) { _name = name; }
+
+    void set_pattern(pattern_type pattern) { _pattern = pattern; }
+
     auto serde_fields() { return std::tie(_resource, _name, _pattern); }
 
 private:
@@ -309,6 +319,10 @@ class acl_host : public serde::envelope<acl_host, serde::version<0>> {
 
     friend bool operator==(const acl_host&, const acl_host&) = default;
 
+    void set_address(std::optional<ss::net::inet_address>&& addr) {
+        _addr = addr;
+    }
+
     template<typename H>
     friend H AbslHashValue(H h, const acl_host& host) {
         if (host._addr) {
@@ -381,6 +395,14 @@ class acl_entry : public serde::envelope<acl_entry, serde::version<0>> {
     acl_operation operation() const { return _operation; }
     acl_permission permission() const { return _permission; }
 
+    void set_principal(acl_principal&& principal) { _principal = principal; }
+
+    void set_host(acl_host&& host) { _host = host; }
+
+    void set_operation(acl_operation op) { _operation = op; }
+
+    void set_permission(acl_permission permission) { _permission = permission; }
+
     auto serde_fields() {
         return std::tie(_principal, _host, _operation, _permission);
     }
@@ -403,6 +425,12 @@ class acl_binding : public serde::envelope<acl_binding, serde::version<0>> {
       : _pattern(std::move(pattern))
       , _entry(std::move(entry)) {}
 
+    void set_resource_pattern(resource_pattern&& pattern) {
+        _pattern = pattern;
+    }
+
+    void set_acl_entry(acl_entry&& acl_entry) { _entry = acl_entry; }
+
     friend bool operator==(const acl_binding&, const acl_binding&) = default;
 
     template<typename H>