Fix acl update on single element list #132
Conversation
|
Thank you, would you feel comfortable with adding a test for this specific case? |
|
The tests using the |
| @@ -32,7 +32,7 @@ def process_module_acl(module): | |||
| 'acl_resource_type': params['acl_resource_type'], | |||
| 'state': params['state'] | |||
| }] | |||
|
|
|||
| params['mark_others_as_absent'] = False | |||
There was a problem hiding this comment.
mark_others_as_absent will always be False when calling from kafka_acl module (see line 43)
module_utils/kafka_lib_acl.py
Outdated
| @@ -62,40 +62,16 @@ def process_module_acls(module, params=None): | |||
| 'instead' | |||
| ) | |||
|
|
|||
| if len(acls) > 1: | |||
| acl_resource = ACLResource( | |||
| acl_resources_found = manager.describe_acls( | |||
There was a problem hiding this comment.
I'm not sure we need to get all ACLs when kafka_acl module is called. When you have many ACLs it might be very slow to retrieve them.
Maybe a more elegant solution might be to extract the if directly inside callers to pass it to process_module_acls? What do you think of it? @steppi91 @StephenSorriaux ?
Tests will work on Linux Only due to docker network usage. $ cd ansible-kafka-admin
$ virtualenv ./venv
$ source ./venv/bin/activate
$ pip install -r requirements.txt -r test-requirements.txt
$ export ANSIBLE_MODULE_UTILS=$PWD/module_utils
$ molecule create && molecule converge
# If your need to run it again you can directly use molecule verify to run only the tests
$ molecule verify
# If you want to test another version of Python (default in local is 2.7) you only need to define PYTHON_VERSION env var like that
$ export PYTHON_VERSION=3.9-slimWhen editing code, flake8 can be a pain in the ass, don't forget to pass it on library, module_utils & tests otherwise CI build wont pass... (but it's seem that you don't have this problem :) ) $ flake8 ./library
$ flake8 ./module_utils
$ flake8 ./molecule |
I ran the tests like this before, maybe the problem is me using docker for mac.
That is a good point, I will change the code. My usecase actually is to only update the ACLs of a specific topic, which I think is not such an uncommon usecase. Here I also don't need to retrieve all the ACLs of all topics, not sure how to nicely capture that case though with the current interfaces without getting messy. |
|
Sorry for the long delay. I modded the logic so the single ACL case is handled without requesting all ACLs. And I also added a testcase and commented it out. It is basically the other commented test case with just one ACL in the test_acl_configuration, since the rest of the test logic is the same |
|
Is this still a thing since #136 ? |
|
Is there any updates about this ? |
Fixes inconsistent behaviour in updating single element ACL list:
When using the
mark_others_as_absentflag inkafka_acls.aclsthere is a bug when using just a single ACL in the list.This is because of the implementation that implements the single ACL
kafka_acl.aclcase with transforming it to a single element ACL list, and then treating single-element lists as an edge case.The logic is in my opinion only necessary to prevent deleting other ACLs in presence of the
mark_others_as_absentwhen trying to update a single ACL. But this behaviour is wrong when using actual single-element ACL lists.Proposed Changes
The least invasive change I could think of was to remove the edge case and just setting the
mark_others_as_absentflag toFalsein case of updating a single ACL.