From c20051d59d1a1fd5176591eaa4e526bf8652002a Mon Sep 17 00:00:00 2001
From: Pierangelo Di Pilato <pierdipi@redhat.com>
Date: Tue, 26 Mar 2024 10:58:48 +0100
Subject: [PATCH] Add strimzi SASL restricted user for
 TestRestrictedBrokerAuthSslSaslScram512

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
---
 hack/lib/strimzi.bash | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/hack/lib/strimzi.bash b/hack/lib/strimzi.bash
index 841a1e4474..2a8b2f4ef6 100644
--- a/hack/lib/strimzi.bash
+++ b/hack/lib/strimzi.bash
@@ -227,6 +227,43 @@ spec:
         host: "*"
 EOF
 
+  logger.info "Applying Strimzi SASL Restricted User"
+  cat <<-EOF | oc apply -f -
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: my-restricted-sasl-user
+  namespace: kafka
+  labels:
+    strimzi.io/cluster: my-cluster
+spec:
+  authentication:
+    type: scram-sha-512
+  authorization:
+    type: simple
+    acls:
+      # Example ACL rules for Broker with names following knative default brokers.topic.template
+      - resource:
+          type: topic
+          name: knative-broker-
+          patternType: prefix
+        operations:
+          - Create
+          - Describe
+          - Read
+          - Write
+          - Delete
+        host: "*"
+      # Example ACL rules for Consumer Group ID following knative default triggers.consumergroup.template
+      - resource:
+          type: group
+          name: knative-trigger-
+          patternType: prefix
+        operations:
+          - Read
+        host: "*"
+EOF
+
   logger.info "Waiting for Strimzi admin users to become ready"
   oc wait kafkauser --all --timeout=-1s --for=condition=Ready -n kafka