dt/rpk: Add sasl_deny_principal

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com> (cherry picked from commit 9dc1faf)
redpanda-data · Jun 11, 2024 · 7838cfd · 7838cfd
1 parent 79866e5
commit 7838cfd
Showing 1 changed file with 18 additions and 9 deletions.
diff --git a/tests/rptest/clients/rpk.py b/tests/rptest/clients/rpk.py
@@ -355,14 +355,15 @@ def _check_stdout_success(self, output):
         if not status_line.endswith("OK"):
             raise RpkException(f"Bad status: '{status_line}'")
 
-    def sasl_allow_principal(self,
-                             principal,
-                             operations,
-                             resource,
-                             resource_name,
-                             username: Optional[str] = None,
-                             password: Optional[str] = None,
-                             mechanism: Optional[str] = None):
+    def _sasl_set_principal_access(self,
+                                   principal,
+                                   operations,
+                                   resource,
+                                   resource_name,
+                                   username: Optional[str] = None,
+                                   password: Optional[str] = None,
+                                   mechanism: Optional[str] = None,
+                                   deny=False):
 
         username = username if username is not None else self._username
         password = password if password is not None else self._password
@@ -377,14 +378,22 @@ def sasl_allow_principal(self,
         else:
             raise Exception(f"unknown resource: {resource}")
 
+        perm = '--allow-principal' if not deny else '--deny-principal'
+
         cmd = [
-            "acl", "create", "--allow-principal", principal, "--operation",
+            "acl", "create", perm, principal, "--operation",
             ",".join(operations), resource, resource_name, "--brokers",
             self._redpanda.brokers(), "--user", username, "--password",
             password, "--sasl-mechanism", mechanism
         ] + self._tls_settings()
         return self._run(cmd)
 
+    def sasl_allow_principal(self, *args, **kwargs):
+        self._sasl_set_principal_access(*args, **kwargs, deny=False)
+
+    def sasl_deny_principal(self, *args, **kwargs):
+        self._sasl_set_principal_access(*args, **kwargs, deny=True)
+
     def allow_principal(self, principal, operations, resource, resource_name):
         if resource == "topic":
             resource = "--topic"