karafka 2.2.13 → 2.3.0.alpha1

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    karafka (2.2.13)
-      karafka-core (>= 2.2.7, < 2.3.0)
-      waterdrop (>= 2.6.11, < 3.0.0)
+    karafka (2.3.0.alpha1)
+      karafka-core (>= 2.3.0.alpha1, < 2.4.0)
+      waterdrop (>= 2.6.12, < 3.0.0)
       zeitwerk (~> 2.3)
 
 GEM
@@ -23,7 +23,7 @@ GEM
       mutex_m
       tzinfo (~> 2.0)
     base64 (0.2.0)
-    bigdecimal (3.1.4)
+    bigdecimal (3.1.5)
     byebug (11.1.3)
     concurrent-ruby (1.2.2)
     connection_pool (2.4.1)
@@ -32,17 +32,16 @@ GEM
     drb (2.2.0)
       ruby2_keywords
     erubi (1.12.0)
-    factory_bot (6.3.0)
+    factory_bot (6.4.5)
       activesupport (>= 5.0.0)
     ffi (1.16.3)
     globalid (1.2.1)
       activesupport (>= 6.1)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    karafka-core (2.2.7)
-      concurrent-ruby (>= 1.1)
-      karafka-rdkafka (>= 0.13.9, < 0.15.0)
-    karafka-rdkafka (0.14.0)
+    karafka-core (2.3.0.alpha1)
+      karafka-rdkafka (>= 0.14.7, < 0.15.0)
+    karafka-rdkafka (0.14.7)
       ffi (~> 1.15)
       mini_portile2 (~> 2.6)
       rake (> 12)
@@ -57,7 +56,7 @@ GEM
     mutex_m (0.2.0)
     rack (3.0.8)
     rake (13.1.0)
-    roda (3.74.0)
+    roda (3.75.0)
       rack
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
@@ -82,12 +81,13 @@ GEM
     tilt (2.3.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    waterdrop (2.6.11)
+    waterdrop (2.6.12)
       karafka-core (>= 2.2.3, < 3.0.0)
       zeitwerk (~> 2.3)
     zeitwerk (2.6.12)
 
 PLATFORMS
+  ruby
   x86_64-linux
 
 DEPENDENCIES
@@ -100,4 +100,4 @@ DEPENDENCIES
   simplecov
 
 BUNDLED WITH
-   2.4.19
+   2.5.3

data/README.md

@@ -4,8 +4,6 @@
 [![Gem Version](https://badge.fury.io/rb/karafka.svg)](http://badge.fury.io/rb/karafka)
 [![Join the chat at https://slack.karafka.io](https://raw.githubusercontent.com/karafka/misc/master/slack.svg)](https://slack.karafka.io)
 
-**Note**: Upgrade instructions for migration from Karafka `1.4` to Karafka `2.0` can be found [here](https://karafka.io/docs/Upgrades-2.0/).
-
 ## About Karafka
 
 Karafka is a Ruby and Rails multi-threaded efficient Kafka processing framework that:

data/SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+Please refer to the Karafka [EOL documentation](https://karafka.io/docs/Versions-Lifecycle-and-EOL/) page for detailed information on which versions are actively supported with security updates.
+
+## Reporting a Vulnerability
+
+If you have identified a potential security vulnerability in our projects, we encourage you to report it immediately. We take all reports of security issues seriously and will work diligently to address them.
+
+To report a vulnerability, please send an email directly to contact@karafka.io.
+
+We understand the importance of addressing security vulnerabilities promptly. You can expect a reply from us within 2 working days of your report. This initial response will confirm receipt of your report.
+
+After acknowledging your report, we will:
+
+- Evaluate the reported vulnerability in the context of our project.
+- Provide you with regular updates on our progress.
+- Upon completing our assessment, we will inform you of the outcome. This includes whether the vulnerability will be accepted or declined for further action.
+
+Your report will be kept confidential and not disclosed to third parties without your consent, except as required by law.
+
+We appreciate your assistance in keeping our projects and their users safe by responsibly reporting vulnerabilities. Together, we can maintain a high standard of security for our community.

data/config/locales/errors.yml

@@ -30,12 +30,17 @@ en:
       internal.tick_interval_format: needs to be an integer bigger or equal to 1000
       internal.routing.builder_format: needs to be present
       internal.routing.subscription_groups_builder_format: needs to be present
+      internal.connection.manager_format: needs to be present
+      internal.connection.conductor_format: needs to be present
       internal.connection.proxy.query_watermark_offsets.timeout_format: needs to be an integer bigger than 0
       internal.connection.proxy.query_watermark_offsets.max_attempts_format: needs to be an integer bigger than 0
       internal.connection.proxy.query_watermark_offsets.wait_time_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.timeout_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.max_attempts_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.wait_time_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.timeout_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.max_attempts_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.wait_time_format: needs to be an integer bigger than 0
       key_must_be_a_symbol: All keys under the kafka settings scope need to be symbols
       max_timeout_vs_pause_max_timeout: pause_timeout must be less or equal to pause_max_timeout
       shutdown_timeout_vs_max_wait_time: shutdown_timeout must be more than max_wait_time
@@ -61,7 +66,7 @@ en:
       consumer_format: needs to be present
       id_format: 'needs to be a string with a Kafka accepted format'
       initial_offset_format: needs to be either earliest or latest
-      subscription_group_name_format: must be a non-empty string
+      subscription_group_details.name_format: must be a non-empty string
       manual_offset_management.active_format: needs to be either true or false
       manual_offset_management_must_be_enabled: cannot be disabled for ActiveJob topics
       inline_insights.active_format: needs to be either true or false
@@ -69,6 +74,7 @@ en:
       dead_letter_queue.max_retries_format: needs to be equal or bigger than 0
       dead_letter_queue.topic_format: 'needs to be a string with a Kafka accepted format'
       dead_letter_queue.active_format: needs to be either true or false
+      dead_letter_queue.independent_format: needs to be either true or false
       active_format: needs to be either true or false
       declaratives.partitions_format: needs to be more or equal to 1
       declaratives.active_format: needs to be true

data/config/locales/pro_errors.yml

@@ -3,6 +3,7 @@ en:
     topic:
       virtual_partitions.partitioner_respond_to_call: needs to be defined and needs to respond to `#call`
       virtual_partitions.max_partitions_format: needs to be equal or more than 1
+      virtual_partitions.offset_metadata_strategy_format: needs to be either :exact or :current
 
       long_running_job.active_format: needs to be either true or false
 
@@ -31,9 +32,30 @@ en:
       patterns.active_format: 'needs to be boolean'
       patterns.type_format: 'needs to be :matcher, :discovered or :regular'
 
+      periodic_job.active_missing: needs to be present
+      periodic_job.active_format: 'needs to be boolean'
+      periodic_job.interval_missing: 'needs to be present'
+      periodic_job.interval_format: 'needs to be an integer equal or more than 100'
+      periodic_job.during_pause_format: 'needs to be boolean'
+      periodic_job.during_retry_format: 'needs to be boolean'
+      periodic_job.materialized_format: 'needs to be boolean'
+      periodic_job.materialized_missing: 'needs to be present'
+
       inline_insights.active_format: 'needs to be boolean'
       inline_insights.required_format: 'needs to be boolean'
 
+      offset_metadata.active_format: 'needs to be boolean'
+      offset_metadata.cache_format: 'needs to be boolean'
+      offset_metadata.deserializer_missing: needs to be present
+      offset_metadata.deserializer_format: 'needs to respond to #call'
+
+      subscription_group_details.multiplexing_min_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details.multiplexing_max_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details_multiplexing_min_max_mismatch: 'min needs to be equal or less than max'
+      subscription_group_details_multiplexing_boot_mismatch: 'boot needs to be between min and max'
+      subscription_group_details.multiplexing_boot_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details.multiplexing_boot_not_dynamic: 'needs to be equal to max when not in dynamic mode'
+
     consumer_group:
       patterns_format: must be an array with hashes
       patterns_missing: needs to be present

data/docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 services:
   kafka:
     container_name: kafka
-    image: confluentinc/cp-kafka:7.5.2
+    image: confluentinc/cp-kafka:7.5.3
 
     ports:
       - 9092:9092
@@ -23,3 +23,5 @@ services:
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
       KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
       KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
+      KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
+      KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer

data/karafka.gemspec

@@ -21,8 +21,8 @@ Gem::Specification.new do |spec|
     without having to focus on things that are not your business domain.
   DESC
 
-  spec.add_dependency 'karafka-core', '>= 2.2.7', '< 2.3.0'
-  spec.add_dependency 'waterdrop', '>= 2.6.11', '< 3.0.0'
+  spec.add_dependency 'karafka-core', '>= 2.3.0.alpha1', '< 2.4.0'
+  spec.add_dependency 'waterdrop', '>= 2.6.12', '< 3.0.0'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
   if $PROGRAM_NAME.end_with?('gem')

data/lib/karafka/admin/acl.rb

@@ -0,0 +1,287 @@
+# frozen_string_literal: true
+
+module Karafka
+  module Admin
+    # Struct and set of operations for ACLs management that simplifies their usage.
+    # It allows to use Ruby symbol based definitions instead of usage of librdkafka types
+    # (it allows to use rdkafka numerical types as well out of the box)
+    #
+    # We map the numerical values because they are less descriptive and harder to follow.
+    #
+    # This API works based on ability to create a `Karafka:Admin::Acl` object that can be then used
+    # using `#create`, `#delete` and `#describe` class API.
+    class Acl
+      # Types of resources for which we can assign permissions.
+      #
+      # Resource refers to any entity within the Kafka ecosystem for which access control can be
+      # managed using ACLs (Access Control Lists).
+      # These resources represent different components of Kafka, such as topics, consumer groups,
+      # and the Kafka cluster itself. ACLs can be applied to these resources to control and
+      # restrict reading, writing, and administrative operations, ensuring secure and authorized
+      # access to Kafka's functionalities.
+      RESOURCE_TYPES_MAP = {
+        # `:any` is only used for lookups and cannot be used for permission assignments
+        any: Rdkafka::Bindings::RD_KAFKA_RESOURCE_ANY,
+        # use when you want to assign acl to a given topic
+        topic: Rdkafka::Bindings::RD_KAFKA_RESOURCE_TOPIC,
+        # use when you want to assign acl to a given consumer group
+        consumer_group: Rdkafka::Bindings::RD_KAFKA_RESOURCE_GROUP,
+        # use when you want to assign acl to a given broker
+        broker: Rdkafka::Bindings::RD_KAFKA_RESOURCE_BROKER
+      }.freeze
+
+      # Resource pattern types define how ACLs (Access Control Lists) are applied to resources,
+      # specifying the scope and applicability of access rules.
+      # They determine whether an ACL should apply to a specific named resource, a prefixed group
+      # of resources, or all resources of a particular type.
+      RESOURCE_PATTERNS_TYPE_MAP = {
+        # `:any` is only used for lookups and cannot be used for permission assignments
+        any: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_ANY,
+        # Targets resources with a pattern matching for broader control with a single rule.
+        match: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_MATCH,
+        # Targets a specific named resource, applying ACLs directly to that resource.
+        literal: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_LITERAL,
+        # Applies ACLs to all resources with a common name prefix, enabling broader control with a
+        # single rule.
+        prefixed: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_PREFIXED
+      }.freeze
+
+      # ACL operations define the actions that can be performed on Kafka resources. Each operation
+      # represents a specific type of access or action that can be allowed or denied.
+      OPERATIONS_MAP = {
+        # `:any` is only used for lookups
+        any: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ANY,
+        # Grants complete access to a resource, encompassing all possible operations,
+        # typically used for unrestricted control.
+        all: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALL,
+        # Grants the ability to read data from a topic or a consumer group.
+        read: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_READ,
+        # Allows for writing data on a topic.
+        write: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_WRITE,
+        # Permits the creation of topics or consumer groups.
+        create: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_CREATE,
+        #  Enables the deletion of topics.
+        delete: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DELETE,
+        # Allows modification of topics or consumer groups.
+        alter: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALTER,
+        # Grants the ability to view metadata and configurations of topics or consumer groups.
+        describe: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DESCRIBE,
+        # Permits actions that apply to the Kafka cluster, like broker management.
+        cluster_action: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_CLUSTER_ACTION,
+        # Allows viewing configurations for resources like topics and brokers.
+        describe_configs: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DESCRIBE_CONFIGS,
+        # Enables modification of configurations for resources.
+        alter_configs: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALTER_CONFIGS,
+        # Grants the ability to perform idempotent writes, ensuring exactly-once semantics in
+        # message production.
+        idempotent_write: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_IDEMPOTENT_WRITE
+      }.freeze
+
+      # ACL permission types specify the nature of the access control applied to Kafka resources.
+      # These types are used to either grant or deny specified operations.
+      PERMISSION_TYPES_MAP = {
+        # Used for lookups, indicating no specific permission type.
+        any: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_ANY,
+        # Grants the specified operations, enabling the associated actions on the resource.
+        allow: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_ALLOW,
+        # Blocks the specified operations, preventing the associated actions on the resource.
+        deny: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_DENY
+      }.freeze
+
+      # Array with all maps used for the Acls support
+      ALL_MAPS = [
+        RESOURCE_TYPES_MAP,
+        RESOURCE_PATTERNS_TYPE_MAP,
+        OPERATIONS_MAP,
+        PERMISSION_TYPES_MAP
+      ].freeze
+
+      private_constant :RESOURCE_TYPES_MAP, :RESOURCE_PATTERNS_TYPE_MAP, :OPERATIONS_MAP,
+                       :PERMISSION_TYPES_MAP, :ALL_MAPS
+
+      # Class level APIs that operate on Acl instances and/or return Acl instances.
+      # @note For the sake of consistency all methods from this API return array of Acls
+      class << self
+        # Creates (unless already present) a given ACL rule in Kafka
+        # @param acl [Acl]
+        # @return [Array<Acl>] created acls
+        def create(acl)
+          with_admin_wait do |admin|
+            admin.create_acl(**acl.to_native_hash)
+          end
+
+          [acl]
+        end
+
+        # Removes acls matching provide acl pattern.
+        # @param acl [Acl]
+        # @return [Array<Acl>] deleted acls
+        # @note More than one Acl may be removed if rules match that way
+        def delete(acl)
+          result = with_admin_wait do |admin|
+            admin.delete_acl(**acl.to_native_hash)
+          end
+
+          result.deleted_acls.map do |result_acl|
+            from_rdkafka(result_acl)
+          end
+        end
+
+        # Takes an Acl definition and describes all existing Acls matching its criteria
+        # @param acl [Acl]
+        # @return [Array<Acl>] described acls
+        def describe(acl)
+          result = with_admin_wait do |admin|
+            admin.describe_acl(**acl.to_native_hash)
+          end
+
+          result.acls.map do |result_acl|
+            from_rdkafka(result_acl)
+          end
+        end
+
+        # Returns all acls on a cluster level
+        # @return [Array<Acl>] all acls
+        def all
+          describe(
+            new(
+              resource_type: :any,
+              resource_name: nil,
+              resource_pattern_type: :any,
+              principal: nil,
+              operation: :any,
+              permission_type: :any,
+              host: '*'
+            )
+          )
+        end
+
+        private
+
+        # Yields admin instance, allows to run Acl operations and awaits on the final result
+        # Makes sure that admin is closed afterwards.
+        def with_admin_wait
+          Admin.with_admin do |admin|
+            yield(admin).wait(max_wait_timeout: Karafka::App.config.admin.max_wait_time)
+          end
+        end
+
+        # Takes a rdkafka Acl result and converts it into our local Acl representation. Since the
+        # rdkafka Acl object is an integer based on on types, etc we remap it into our "more" Ruby
+        # form.
+        #
+        # @param rdkafka_acl [Rdkafka::Admin::AclBindingResult]
+        # return [Acl] mapped acl
+        def from_rdkafka(rdkafka_acl)
+          new(
+            resource_type: rdkafka_acl.matching_acl_resource_type,
+            resource_name: rdkafka_acl.matching_acl_resource_name,
+            resource_pattern_type: rdkafka_acl.matching_acl_pattern_type,
+            principal: rdkafka_acl.matching_acl_principal,
+            host: rdkafka_acl.matching_acl_host,
+            operation: rdkafka_acl.matching_acl_operation,
+            permission_type: rdkafka_acl.matching_acl_permission_type
+          )
+        end
+      end
+
+      attr_reader :resource_type, :resource_name, :resource_pattern_type, :principal, :host,
+                  :operation, :permission_type
+
+      # Initializes a new Acl instance with specified attributes.
+      #
+      # @param resource_type [Symbol, Integer] Specifies the type of Kafka resource
+      #   (like :topic, :consumer_group).
+      #   Accepts either a symbol from RESOURCE_TYPES_MAP or a direct rdkafka numerical type.
+      # @param resource_name [String, nil] The name of the Kafka resource
+      #   (like a specific topic name). Can be nil for certain types of resource pattern types.
+      # @param resource_pattern_type [Symbol, Integer] Determines how the ACL is applied to the
+      #   resource. Uses a symbol from RESOURCE_PATTERNS_TYPE_MAP or a direct rdkafka numerical
+      #   type.
+      # @param principal [String, nil] Specifies the principal (user or client) for which the ACL
+      #   is being defined. Can be nil if not applicable.
+      # @param host [String] (default: '*') Defines the host from which the principal can access
+      #   the resource. Defaults to '*' for all hosts.
+      # @param operation [Symbol, Integer] Indicates the operation type allowed or denied by the
+      #   ACL. Uses a symbol from OPERATIONS_MAP or a direct rdkafka numerical type.
+      # @param permission_type [Symbol, Integer] Specifies whether to allow or deny the specified
+      #   operation. Uses a symbol from PERMISSION_TYPES_MAP or a direct rdkafka numerical type.
+      #
+      # Each parameter is mapped to its corresponding value in the respective *_MAP constant,
+      # allowing usage of more descriptive Ruby symbols instead of numerical types.
+      def initialize(
+        resource_type:,
+        resource_name:,
+        resource_pattern_type:,
+        principal:,
+        host: '*',
+        operation:,
+        permission_type:
+      )
+        @resource_type = map(resource_type, RESOURCE_TYPES_MAP)
+        @resource_name = resource_name
+        @resource_pattern_type = map(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP)
+        @principal = principal
+        @host = host
+        @operation = map(operation, OPERATIONS_MAP)
+        @permission_type = map(permission_type, PERMISSION_TYPES_MAP)
+        freeze
+      end
+
+      # Converts the Acl into a hash with native rdkafka types
+      # @return [Hash] hash with attributes matching rdkafka numerical types
+      def to_native_hash
+        {
+          resource_type: remap(resource_type, RESOURCE_TYPES_MAP),
+          resource_name: resource_name,
+          resource_pattern_type: remap(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP),
+          principal: principal,
+          host: host,
+          operation: remap(operation, OPERATIONS_MAP),
+          permission_type: remap(permission_type, PERMISSION_TYPES_MAP)
+        }.freeze
+      end
+
+      private
+
+      # Maps the provided attribute based on the mapping hash and if not found returns the
+      # attribute itself. Useful when converting from Acl symbol based representation to the
+      # rdkafka one.
+      #
+      # @param value [Symbol, Integer] The value to be mapped.
+      # @param mappings [Hash] The hash containing the mapping data.
+      # @return [Integer, Symbol] The mapped value or the original value if not found in mappings.
+      def map(value, mappings)
+        validate_attribute!(value)
+
+        mappings.invert.fetch(value, value)
+      end
+
+      # Remaps the provided attribute based on the mapping hash and if not found returns the
+      # attribute itself. Useful when converting from Acl symbol based representation to the
+      # rdkafka one.
+      #
+      # @param value [Symbol, Integer] The value to be mapped.
+      # @param mappings [Hash] The hash containing the mapping data.
+      # @return [Integer, Symbol] The mapped value or the original value if not found in mappings.
+      def remap(value, mappings)
+        validate_attribute!(value)
+
+        mappings.fetch(value, value)
+      end
+
+      # Validates that the attribute exists in any of the ACL mappings.
+      # Raises an error if the attribute is not supported.
+      # @param attribute [Symbol, Integer] The attribute to be validated.
+      # @raise [Karafka::Errors::UnsupportedCaseError] raised if attribute not found
+      def validate_attribute!(attribute)
+        ALL_MAPS.each do |mappings|
+          return if mappings.keys.any?(attribute)
+          return if mappings.values.any?(attribute)
+        end
+
+        raise Karafka::Errors::UnsupportedCaseError, attribute
+      end
+    end
+  end
+end

data/lib/karafka/admin.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Karafka
-  # Simple admin actions that we can perform via Karafka on our Kafka cluster
+  # Admin actions that we can perform via Karafka on our Kafka cluster
   #
   # @note It always initializes a new admin instance as we want to ensure it is always closed
   #   Since admin actions are not performed that often, that should be ok.
@@ -137,6 +137,109 @@ module Karafka
         end
       end
 
+      # Moves the offset on a given consumer group and provided topic to the requested location
+      #
+      # @param consumer_group_id [String] id of the consumer group for which we want to move the
+      #   existing offset
+      # @param topics_with_partitions_and_offsets [Hash] Hash with list of topics and settings to
+      #   where to move given consumer. It allows us to move particular partitions or whole topics
+      #   if we want to reset all partitions to for example a point in time.
+      #
+      # @note This method should **not** be executed on a running consumer group as it creates a
+      #   "fake" consumer and uses it to move offsets.
+      #
+      # @example Move a single topic partition nr 1 offset to 100
+      #   Karafka::Admin.seek_consumer_group('group-id', { 'topic' => { 1 => 100 } })
+      #
+      # @example Move offsets on all partitions of a topic to 100
+      #   Karafka::Admin.seek_consumer_group('group-id', { 'topic' => 100 })
+      #
+      # @example Move offset to 5 seconds ago on partition 2
+      #   Karafka::Admin.seek_consumer_group('group-id', { 'topic' => { 2 => 5.seconds.ago } })
+      def seek_consumer_group(consumer_group_id, topics_with_partitions_and_offsets)
+        tpl_base = {}
+
+        # Normalize the data so we always have all partitions and topics in the same format
+        # That is in a format where we have topics and all partitions with their per partition
+        # assigned offsets
+        topics_with_partitions_and_offsets.each do |topic, partitions_with_offsets|
+          tpl_base[topic] = {}
+
+          if partitions_with_offsets.is_a?(Hash)
+            tpl_base[topic] = partitions_with_offsets
+          else
+            topic(topic)[:partition_count].times do |partition|
+              tpl_base[topic][partition] = partitions_with_offsets
+            end
+          end
+        end
+
+        tpl = Rdkafka::Consumer::TopicPartitionList.new
+        # In case of time based location, we need to to a pre-resolution, that's why we keep it
+        # separately
+        time_tpl = Rdkafka::Consumer::TopicPartitionList.new
+
+        # Distribute properly the offset type
+        tpl_base.each do |topic, partitions_with_offsets|
+          partitions_with_offsets.each do |partition, offset|
+            target = offset.is_a?(Time) ? time_tpl : tpl
+            target.add_topic_and_partitions_with_offsets(topic, [[partition, offset]])
+          end
+        end
+
+        # We set this that way so we can impersonate this consumer group and seek where we want
+        mapped_consumer_group_id = app_config.consumer_mapper.call(consumer_group_id)
+        settings = { 'group.id': mapped_consumer_group_id }
+
+        with_consumer(settings) do |consumer|
+          # If we have any time based stuff to resolve, we need to do it prior to commits
+          unless time_tpl.empty?
+            real_offsets = consumer.offsets_for_times(time_tpl)
+
+            real_offsets.to_h.each do |name, results|
+              results.each do |result|
+                raise(Errors::InvalidTimeBasedOffsetError) unless result
+
+                partition = result.partition
+
+                # Negative offset means we're beyond last message and we need to query for the
+                # high watermark offset to get the most recent offset and move there
+                if result.offset.negative?
+                  _, offset = consumer.query_watermark_offsets(name, result.partition)
+                else
+                  # If we get an offset, it means there existed a message close to this time
+                  # location
+                  offset = result.offset
+                end
+
+                # Since now we have proper offsets, we can add this to the final tpl for commit
+                tpl.add_topic_and_partitions_with_offsets(name, [[partition, offset]])
+              end
+            end
+          end
+
+          consumer.commit(tpl, false)
+        end
+      end
+
+      # Removes given consumer group (if exists)
+      #
+      # @param consumer_group_id [String] consumer group name without the mapper name (if any used)
+      #
+      # @note Please note, Karafka will apply the consumer group mapper on the provided consumer
+      #   group.
+      #
+      # @note This method should not be used on a running consumer group as it will not yield any
+      #   results.
+      def delete_consumer_group(consumer_group_id)
+        mapped_consumer_group_id = app_config.consumer_mapper.call(consumer_group_id)
+
+        with_admin do |admin|
+          handler = admin.delete_group(mapped_consumer_group_id)
+          handler.wait(max_wait_timeout: app_config.admin.max_wait_time)
+        end
+      end
+
       # Fetches the watermark offsets for a given topic partition
       #
       # @param name [String, Symbol] topic name
@@ -155,11 +258,7 @@ module Karafka
 
       # @return [Rdkafka::Metadata] cluster metadata info
       def cluster_info
-        with_admin do |admin|
-          admin.instance_variable_get('@native_kafka').with_inner do |inner|
-            Rdkafka::Metadata.new(inner)
-          end
-        end
+        with_admin(&:metadata)
       end
 
       # Creates consumer instance and yields it. After usage it closes the consumer instance
@@ -187,6 +286,14 @@ module Karafka
         consumer&.close
       end
 
+      # Creates admin instance and yields it. After usage it closes the admin instance
+      def with_admin
+        admin = config(:producer, {}).admin
+        yield(admin)
+      ensure
+        admin&.close
+      end
+
       private
 
       # @return [Array<String>] topics names
@@ -201,14 +308,6 @@ module Karafka
         cluster_info.topics.find { |topic| topic[:topic_name] == name }
       end
 
-      # Creates admin instance and yields it. After usage it closes the admin instance
-      def with_admin
-        admin = config(:producer, {}).admin
-        yield(admin)
-      ensure
-        admin&.close
-      end
-
       # There are some cases where rdkafka admin operations finish successfully but without the
       # callback being triggered to materialize the post-promise object. Until this is fixed we
       # can figure out, that operation we wanted to do finished successfully by checking that the
@@ -264,7 +363,7 @@ module Karafka
       # @param settings [Hash] extra settings for config (if needed)
       # @return [::Rdkafka::Config] rdkafka config
       def config(type, settings)
-        group_id = app_config.consumer_mapper.call(
+        mapped_admin_group_id = app_config.consumer_mapper.call(
           app_config.admin.group_id
         )
 
@@ -272,8 +371,11 @@ module Karafka
           .kafka
           .then(&:dup)
           .merge(app_config.admin.kafka)
+          .tap { |config| config[:'group.id'] = mapped_admin_group_id }
+          # We merge after setting the group id so it can be altered if needed
+          # In general in admin we only should alter it when we need to impersonate a given
+          # consumer group or do something similar
           .merge!(settings)
-          .tap { |config| config[:'group.id'] = group_id }
           .then { |config| Karafka::Setup::AttributesMap.public_send(type, config) }
           .then { |config| ::Rdkafka::Config.new(config) }
       end