Improve JWT format with namespaces grouping (#175)

michelin · Jan 14, 2025 · fa2f8b6 · fa2f8b6
1 parent 0d41212
commit fa2f8b6
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -213,7 +213,6 @@ Description: Get the JWT token information.
 Options:
   -h, --help              Show this help message and exit.
   -o, --output=<output>   Output format. One of: yaml|table
-
 ```
 
 Example(s):

diff --git a/src/main/java/com/michelin/kafkactl/command/auth/AuthInfo.java b/src/main/java/com/michelin/kafkactl/command/auth/AuthInfo.java
@@ -11,6 +11,7 @@
 import jakarta.inject.Inject;
 import java.io.IOException;
 import java.util.Calendar;
+import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
@@ -54,14 +55,12 @@ public Integer call() throws IOException {
         } else {
             JwtContent jwtContent = loginService.readJwtFile();
 
-            StringBuilder stringBuilder = new StringBuilder();
-            if (!jwtContent.getRoles().isEmpty() && jwtContent.getRoles().contains("isAdmin()")) {
-                stringBuilder.append("Admin ");
-            } else {
-                stringBuilder.append("User ");
-            }
-            stringBuilder.append(jwtContent.getSub()).append(" authenticated.");
-            commandSpec.commandLine().getOut().println(stringBuilder);
+            boolean isAdmin = !jwtContent.getRoles().isEmpty() && jwtContent.getRoles().contains("isAdmin()");
+            commandSpec.commandLine().getOut().println(
+                (isAdmin ? "Admin " : "User ")
+                + jwtContent.getSub()
+                + " authenticated."
+            );
 
             Calendar calendar = Calendar.getInstance();
             calendar.setTimeInMillis(jwtContent.getExp() * 1000);
@@ -70,13 +69,21 @@ public Integer call() throws IOException {
             if (!jwtContent.getRoleBindings().isEmpty()) {
                 List<Resource> roleBindings = jwtContent.getRoleBindings()
                     .stream()
-                    .map(roleBinding -> Resource.builder()
-                        .spec(Map.of(
-                            "namespace", roleBinding.getNamespace(),
-                            "verbs", roleBinding.getVerbs(),
-                            "resources", roleBinding.getResourceTypes()
-                        ))
-                        .build())
+                    .flatMap(roleBinding -> roleBinding.getNamespaces()
+                        .stream()
+                        .map(namespace -> Resource.builder()
+                            .spec(Map.of(
+                                "namespace", namespace,
+                                "verbs", roleBinding.getVerbs(),
+                                "resources", roleBinding.getResourceTypes()
+                            ))
+                            .build()
+                        )
+                    )
+                    .sorted(Comparator.comparing(
+                        roleBinding -> (String) roleBinding.getSpec().get("namespace"),
+                        Comparator.naturalOrder())
+                    )
                     .toList();
 
                 formatService.displayList(AUTH_INFO, roleBindings, output, commandSpec);

diff --git a/src/main/java/com/michelin/kafkactl/model/JwtContent.java b/src/main/java/com/michelin/kafkactl/model/JwtContent.java
@@ -33,7 +33,7 @@ public class JwtContent {
     @NoArgsConstructor
     @AllArgsConstructor
     public static class RoleBinding {
-        private String namespace;
+        private List<String> namespaces;
         private List<Verb> verbs;
         private List<String> resourceTypes;
 

diff --git a/src/test/java/com/michelin/kafkactl/command/auth/AuthInfoTest.java b/src/test/java/com/michelin/kafkactl/command/auth/AuthInfoTest.java
@@ -108,7 +108,7 @@ void shouldDisplayInfoFromJwtUserAndRoleBindings() throws IOException {
             .sub("user")
             .exp(1711241399L)
             .roleBindings(List.of(JwtContent.RoleBinding.builder()
-                .namespace("namespace")
+                .namespaces(List.of("namespace"))
                 .verbs(List.of(GET))
                 .resourceTypes(List.of("resource"))
                 .build()))

diff --git a/src/test/java/com/michelin/kafkactl/service/LoginServiceTest.java b/src/test/java/com/michelin/kafkactl/service/LoginServiceTest.java
@@ -309,11 +309,11 @@ void shouldReadJwtFile() throws IOException {
 
         assertIterableEquals(List.of("isAdmin()"), actual.getRoles());
 
-        assertEquals("anotherNamespace", actual.getRoleBindings().getFirst().getNamespace());
-        assertIterableEquals(List.of(GET), actual.getRoleBindings().get(0).getVerbs());
-        assertIterableEquals(List.of("quota"), actual.getRoleBindings().get(0).getResourceTypes());
+        assertIterableEquals(List.of("anotherNamespace"), actual.getRoleBindings().getFirst().getNamespaces());
+        assertIterableEquals(List.of(GET), actual.getRoleBindings().getFirst().getVerbs());
+        assertIterableEquals(List.of("quota"), actual.getRoleBindings().getFirst().getResourceTypes());
 
-        assertEquals("anotherNamespace", actual.getRoleBindings().get(1).getNamespace());
+        assertIterableEquals(List.of("anotherNamespace"), actual.getRoleBindings().get(1).getNamespaces());
         assertIterableEquals(List.of(GET, POST, PUT, DELETE), actual.getRoleBindings().get(1).getVerbs());
         assertIterableEquals(List.of("schemas", "schemas/config", "topics", "topics/import", "topics/delete-records",
             "connectors", "connectors/import", "connectors/change-state", "connect-clusters", "connect-clusters/vaults",

diff --git a/src/test/resources/fake_login/jwt b/src/test/resources/fake_login/jwt
@@ -3,7 +3,7 @@
   "roles": [
     "isAdmin()"
   ],
-  "access_token": "eyJhbGciOiJIUzI1NiJ9.eyJyb2xlQmluZGluZ3MiOlt7Im5hbWVzcGFjZSI6ImFub3RoZXJOYW1lc3BhY2UiLCJ2ZXJicyI6WyJHRVQiXSwicmVzb3VyY2VUeXBlcyI6WyJxdW90YSJdfSx7Im5hbWVzcGFjZSI6ImFub3RoZXJOYW1lc3BhY2UiLCJ2ZXJicyI6WyJHRVQiLCJQT1NUIiwiUFVUIiwiREVMRVRFIl0sInJlc291cmNlVHlwZXMiOlsic2NoZW1hcyIsInNjaGVtYXMvY29uZmlnIiwidG9waWNzIiwidG9waWNzL2ltcG9ydCIsInRvcGljcy9kZWxldGUtcmVjb3JkcyIsImNvbm5lY3RvcnMiLCJjb25uZWN0b3JzL2ltcG9ydCIsImNvbm5lY3RvcnMvY2hhbmdlLXN0YXRlIiwiY29ubmVjdC1jbHVzdGVycyIsImNvbm5lY3QtY2x1c3RlcnMvdmF1bHRzIiwiYWNscyIsImNvbnN1bWVyLWdyb3Vwcy9yZXNldCIsInN0cmVhbXMiXX1dLCJzdWIiOiJhZG1pbiIsIm5iZiI6MTcxMTMxMDA5MSwicm9sZXMiOlsiaXNBZG1pbigpIl0sImlzcyI6Im5zNGthZmthIiwiZXhwIjoxNzExMzEzNjkxLCJpYXQiOjE3MTEzMTAwOTF9.PtQthWXGjaL_cMkV0uqfifkqevU8E6vzRA9v43pw_Gc",
+  "access_token": "eyJhbGciOiJIUzI1NiJ9.eyJyb2xlQmluZGluZ3MiOlt7Im5hbWVzcGFjZXMiOlsiYW5vdGhlck5hbWVzcGFjZSJdLCJ2ZXJicyI6WyJHRVQiXSwicmVzb3VyY2VUeXBlcyI6WyJxdW90YSJdfSx7Im5hbWVzcGFjZXMiOlsiYW5vdGhlck5hbWVzcGFjZSJdLCJ2ZXJicyI6WyJHRVQiLCJQT1NUIiwiUFVUIiwiREVMRVRFIl0sInJlc291cmNlVHlwZXMiOlsic2NoZW1hcyIsInNjaGVtYXMvY29uZmlnIiwidG9waWNzIiwidG9waWNzL2ltcG9ydCIsInRvcGljcy9kZWxldGUtcmVjb3JkcyIsImNvbm5lY3RvcnMiLCJjb25uZWN0b3JzL2ltcG9ydCIsImNvbm5lY3RvcnMvY2hhbmdlLXN0YXRlIiwiY29ubmVjdC1jbHVzdGVycyIsImNvbm5lY3QtY2x1c3RlcnMvdmF1bHRzIiwiYWNscyIsImNvbnN1bWVyLWdyb3Vwcy9yZXNldCIsInN0cmVhbXMiXX1dLCJzdWIiOiJhZG1pbiIsIm5iZiI6MTcxMTMxMDA5MSwicm9sZXMiOlsiaXNBZG1pbigpIl0sImlzcyI6Im5zNGthZmthIiwiZXhwIjoxNzExMzEzNjkxLCJpYXQiOjE3MTEzMTAwOTF9.EbMakF9L3au7qDSKTzfU-LGhR1k8aKZtLbY8wcxnXHA",
   "token_type": "Bearer",
   "expires_in": 3600
 }