BE: ACL: Consumers preset now include DESCRIBE permission for CG (#593)

Co-authored-by: Poleg Kashti <poleg@DESKTOP-BSN03E3>
Co-authored-by: Roman Zabaluev <gpg@haarolean.dev>

api/src/main/java/io/kafbat/ui/service/acl/AclsService.java

@@ -158,7 +158,7 @@ public Mono<Void> createConsumerAcl(KafkaCluster cluster, CreateConsumerAclDTO r
         .then();
   }
 
-  //Read, Describe on topics, Read on consumerGroups
+  //Read, Describe on topics and consumerGroups
   private List<AclBinding> createConsumerBindings(CreateConsumerAclDTO request) {
     List<AclBinding> bindings = new ArrayList<>();
     bindings.addAll(
@@ -172,7 +172,7 @@ private List<AclBinding> createConsumerBindings(CreateConsumerAclDTO request) {
     bindings.addAll(
         createAllowBindings(
             GROUP,
-            List.of(READ),
+            List.of(READ, DESCRIBE),
             request.getPrincipal(),
             request.getHost(),
             request.getConsumerGroupsPrefix(),

api/src/test/java/io/kafbat/ui/service/acl/AclsServiceTest.java

@@ -103,10 +103,10 @@ void createsConsumerDependantAcls() {
             .topics(List.of("t1", "t2"))
     ).block();
 
-    //Read, Describe on topics, Read on consumerGroups
+    //Read, Describe on topics and consumerGroups
     Collection<AclBinding> createdBindings = createdCaptor.getValue();
     assertThat(createdBindings)
-        .hasSize(6)
+        .hasSize(8)
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.TOPIC, "t1", PatternType.LITERAL),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
@@ -122,9 +122,15 @@ void createsConsumerDependantAcls() {
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cg1", PatternType.LITERAL),
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL),
+            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cg2", PatternType.LITERAL),
-            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)));
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)));
   }
 
   @Test
@@ -145,10 +151,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() {
             .topicsPrefix("topicPref")
     ).block();
 
-    //Read, Describe on topics, Read on consumerGroups
+    //Read, Describe on topics and consumerGroups
     Collection<AclBinding> createdBindings = createdCaptor.getValue();
     assertThat(createdBindings)
-        .hasSize(3)
+        .hasSize(4)
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.TOPIC, "topicPref", PatternType.PREFIXED),
             new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
@@ -157,7 +163,10 @@ void createsConsumerDependantAclsWhenTopicsAndGroupsSpecifiedByPrefix() {
             new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)))
         .contains(new AclBinding(
             new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED),
-            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)));
+            new AccessControlEntry(principal, host, AclOperation.READ, AclPermissionType.ALLOW)))
+        .contains(new AclBinding(
+            new ResourcePattern(ResourceType.GROUP, "cgPref", PatternType.PREFIXED),
+            new AccessControlEntry(principal, host, AclOperation.DESCRIBE, AclPermissionType.ALLOW)));
   }
 
   @Test