karafka 2.2.14 → 2.3.0.alpha1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69d8242fa695121f63b2e582d7a0b97f090d58f82047513c450f3b21107703b3
-  data.tar.gz: a9fb3db88cc6fbb3a25db24e95b8010a0b01f7ab09fc2f54d201e311581db9a5
+  metadata.gz: de7ea23762cefa19d5f3620e92a39f0030cd8ff78f318c92f30c494d79b78163
+  data.tar.gz: 775cfbd40d181036004dcf72dbcb84394dc8367bed0f6d69812f2324dc179d6f
 SHA512:
-  metadata.gz: 83e22a8317f10328c11f3f4ac4c90109ecebb7f1ca0b089da2875c4e0700b58338adfb6b7c70e30df6fedecb26e2aaa4a11df347cc0bd898781adf709ad7a87c
-  data.tar.gz: 15eb23000600be7d2f2c49316ae8d3355ddef4ab2d9f75585a5b63ea0f8b27a87f473d8fe5fcf926a5815f319413541f6822fa15660fc7962bb5baf31771f00a
+  metadata.gz: d68a4122a35afad517e4280b94f6f3d7cb3cab94fb37c11729e5e5c7a7aca082a7a272a52ff09a86e2f55ad0e078e234c88be79ce3b730527a2f6e7629ef259c
+  data.tar.gz: aa2ddb108cc39caa8ad5c95a86d07006b5be374647e703414a7761ffd5c333010d7e53b9fd2c42216780e35f00639d8cf80126c291a59d0585424077840cc6b5

data/.github/workflows/ci.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 3.2
+          ruby-version: 3.3
           bundler-cache: true
 
       - name: Install Diffend plugin
@@ -73,7 +73,7 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
-          - '3.3.0-preview2'
+          - '3.3'
           - '3.2'
           # We run it against the oldest and the newest of a given major to make sure, that there
           # are no syntax-sugars that we would use that were introduced down the road
@@ -82,9 +82,8 @@ jobs:
           - '3.0'
           - '3.0.0'
           - '2.7'
-          - '2.7.0'
         include:
-          - ruby: '3.2'
+          - ruby: '3.3'
             coverage: 'true'
     steps:
       - uses: actions/checkout@v4
@@ -100,6 +99,7 @@ jobs:
         with:
           ruby-version: ${{matrix.ruby}}
           bundler-cache: true
+          bundler: 'latest'
 
       - name: Wait for Kafka
         run: |
@@ -118,7 +118,7 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
-          - '3.3.0-preview2'
+          - '3.3'
           - '3.2'
           - '3.1'
           - '3.0'
@@ -143,17 +143,30 @@ jobs:
           #
           # We also want to check that librdkafka is compiling as expected on all versions of Ruby
           ruby-version: ${{matrix.ruby}}
+          bundler: 'latest'
 
       - name: Install latest Bundler
         run: |
-          gem install bundler --no-document
-          gem update --system --no-document
+          if [[ "$(ruby -v | awk '{print $2}')" == 2.7.8* ]]; then
+            gem install bundler -v 2.4.22 --no-document
+            bundle config set version 2.4.22
+            gem update --system 3.4.22 --no-document
+          else
+            gem install bundler --no-document
+            gem update --system --no-document
+          fi
+
           bundle config set without 'tools benchmarks docs'
 
       - name: Bundle install
         run: |
           bundle config set without development
-          bundle install
+
+          if [[ "$(ruby -v | awk '{print $2}')" == 2.7.8* ]]; then
+            BUNDLER_VERSION=2.4.22 bundle install --jobs 4 --retry 3
+          else
+            bundle install --jobs 4 --retry 3
+          fi
 
       - name: Wait for Kafka
         run: |
@@ -170,7 +183,7 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
-          - '3.3.0-preview2'
+          - '3.3'
           - '3.2'
           - '3.1'
           - '3.0'
@@ -188,17 +201,30 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{matrix.ruby}}
+          bundler: 'latest'
 
       - name: Install latest Bundler
         run: |
-          gem install bundler --no-document
-          gem update --system --no-document
+          if [[ "$(ruby -v | awk '{print $2}')" == 2.7.8* ]]; then
+            gem install bundler -v 2.4.22 --no-document
+            bundle config set version 2.4.22
+            gem update --system 3.4.22 --no-document
+          else
+            gem install bundler --no-document
+            gem update --system --no-document
+          fi
+
           bundle config set without 'tools benchmarks docs'
 
       - name: Bundle install
         run: |
           bundle config set without development
-          bundle install
+
+          if [[ "$(ruby -v | awk '{print $2}')" == 2.7.8* ]]; then
+            BUNDLER_VERSION=2.4.22 bundle install --jobs 4 --retry 3
+          else
+            bundle install --jobs 4 --retry 3
+          fi
 
       - name: Wait for Kafka
         run: |

data/.ruby-version

@@ -1 +1 @@
-3.2.2
+3.3.0

data/CHANGELOG.md

@@ -1,5 +1,28 @@
 # Karafka framework changelog
 
+## 2.3.0 (Unreleased)
+- **[Feature]** Provide ability to multiplex subscription groups (Pro)
+- **[Feature]** Provide `Karafka::Admin::Acl` for Kafka ACL management via the Admin APIs.
+- **[Feature]** Periodic Jobs (Pro)
+- **[Feature]** Offset Metadata storage (Pro)
+- **[Feature]** Provide low-level listeners management API for dynamic resources scaling (Pro)
+- [Enhancement] Improve shutdown process by allowing for parallel connections shutdown.
+- [Enhancement] Introduce `non_blocking` routing API that aliases LRJ to indicate a different use-case for LRJ flow approach.
+- [Enhancement] Allow to reset offset when seeking backwards by using the `reset_offset` keyword attribute set to `true`.
+- [Enhancement] Alias producer operations in consumer to skip `#producer` reference.
+- [Enhancement] Provide an `:independent` configuration to DLQ allowing to reset pause count track on each marking as consumed when retrying.
+- [Enhancement] Remove no longer needed shutdown patches for `librdkafka` improving multi-sg shutdown times for `cooperative-sticky`.
+- [Enhancement] Allow for parallel closing of connections from independent consumer groups.
+- [Change] Make `Kubernetes::LivenessListener` not start until Karafka app starts running.
+- [Change] Remove the legacy "inside of topics" way of defining subscription groups names
+- [Change] Update supported instrumentation to report on `#tick`.
+- [Refactor] Replace `define_method` with `class_eval` in some locations.
+- [Fix] Fix a case where internal Idle job scheduling would go via the consumption flow.
+- [Fix] Make the Iterator `#stop_partition` work with karafka-rdkafka `0.14.6`.
+- [Fix] Ensure Pro components are not loaded during OSS specs execution (not affecting usage).
+- [Fix] Fix invalid action label for consumers in DataDog logger instrumentation.
+- [Ignore] option --include-consumer-groups not working as intended after removal of "thor"
+
 ## 2.2.14 (2023-12-07)
 - **[Feature]** Provide `Karafka::Admin#delete_consumer_group` and `Karafka::Admin#seek_consumer_group`.
 - **[Feature]** Provide `Karafka::App.assignments` that will return real-time assignments tracking.

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    karafka (2.2.14)
-      karafka-core (>= 2.2.7, < 2.3.0)
-      waterdrop (>= 2.6.11, < 3.0.0)
+    karafka (2.3.0.alpha1)
+      karafka-core (>= 2.3.0.alpha1, < 2.4.0)
+      waterdrop (>= 2.6.12, < 3.0.0)
       zeitwerk (~> 2.3)
 
 GEM
@@ -23,7 +23,7 @@ GEM
       mutex_m
       tzinfo (~> 2.0)
     base64 (0.2.0)
-    bigdecimal (3.1.4)
+    bigdecimal (3.1.5)
     byebug (11.1.3)
     concurrent-ruby (1.2.2)
     connection_pool (2.4.1)
@@ -32,17 +32,16 @@ GEM
     drb (2.2.0)
       ruby2_keywords
     erubi (1.12.0)
-    factory_bot (6.4.2)
+    factory_bot (6.4.5)
       activesupport (>= 5.0.0)
     ffi (1.16.3)
     globalid (1.2.1)
       activesupport (>= 6.1)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    karafka-core (2.2.7)
-      concurrent-ruby (>= 1.1)
-      karafka-rdkafka (>= 0.13.9, < 0.15.0)
-    karafka-rdkafka (0.14.1)
+    karafka-core (2.3.0.alpha1)
+      karafka-rdkafka (>= 0.14.7, < 0.15.0)
+    karafka-rdkafka (0.14.7)
       ffi (~> 1.15)
       mini_portile2 (~> 2.6)
       rake (> 12)
@@ -57,7 +56,7 @@ GEM
     mutex_m (0.2.0)
     rack (3.0.8)
     rake (13.1.0)
-    roda (3.74.0)
+    roda (3.75.0)
       rack
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
@@ -82,12 +81,13 @@ GEM
     tilt (2.3.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    waterdrop (2.6.11)
+    waterdrop (2.6.12)
       karafka-core (>= 2.2.3, < 3.0.0)
       zeitwerk (~> 2.3)
     zeitwerk (2.6.12)
 
 PLATFORMS
+  ruby
   x86_64-linux
 
 DEPENDENCIES
@@ -100,4 +100,4 @@ DEPENDENCIES
   simplecov
 
 BUNDLED WITH
-   2.4.19
+   2.5.3

data/README.md

@@ -4,8 +4,6 @@
 [![Gem Version](https://badge.fury.io/rb/karafka.svg)](http://badge.fury.io/rb/karafka)
 [![Join the chat at https://slack.karafka.io](https://raw.githubusercontent.com/karafka/misc/master/slack.svg)](https://slack.karafka.io)
 
-**Note**: Upgrade instructions for migration from Karafka `1.4` to Karafka `2.0` can be found [here](https://karafka.io/docs/Upgrades-2.0/).
-
 ## About Karafka
 
 Karafka is a Ruby and Rails multi-threaded efficient Kafka processing framework that:

data/SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+Please refer to the Karafka [EOL documentation](https://karafka.io/docs/Versions-Lifecycle-and-EOL/) page for detailed information on which versions are actively supported with security updates.
+
+## Reporting a Vulnerability
+
+If you have identified a potential security vulnerability in our projects, we encourage you to report it immediately. We take all reports of security issues seriously and will work diligently to address them.
+
+To report a vulnerability, please send an email directly to contact@karafka.io.
+
+We understand the importance of addressing security vulnerabilities promptly. You can expect a reply from us within 2 working days of your report. This initial response will confirm receipt of your report.
+
+After acknowledging your report, we will:
+
+- Evaluate the reported vulnerability in the context of our project.
+- Provide you with regular updates on our progress.
+- Upon completing our assessment, we will inform you of the outcome. This includes whether the vulnerability will be accepted or declined for further action.
+
+Your report will be kept confidential and not disclosed to third parties without your consent, except as required by law.
+
+We appreciate your assistance in keeping our projects and their users safe by responsibly reporting vulnerabilities. Together, we can maintain a high standard of security for our community.

data/config/locales/errors.yml

@@ -30,12 +30,17 @@ en:
       internal.tick_interval_format: needs to be an integer bigger or equal to 1000
       internal.routing.builder_format: needs to be present
       internal.routing.subscription_groups_builder_format: needs to be present
+      internal.connection.manager_format: needs to be present
+      internal.connection.conductor_format: needs to be present
       internal.connection.proxy.query_watermark_offsets.timeout_format: needs to be an integer bigger than 0
       internal.connection.proxy.query_watermark_offsets.max_attempts_format: needs to be an integer bigger than 0
       internal.connection.proxy.query_watermark_offsets.wait_time_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.timeout_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.max_attempts_format: needs to be an integer bigger than 0
       internal.connection.proxy.offsets_for_times.wait_time_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.timeout_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.max_attempts_format: needs to be an integer bigger than 0
+      internal.connection.proxy.committed.wait_time_format: needs to be an integer bigger than 0
       key_must_be_a_symbol: All keys under the kafka settings scope need to be symbols
       max_timeout_vs_pause_max_timeout: pause_timeout must be less or equal to pause_max_timeout
       shutdown_timeout_vs_max_wait_time: shutdown_timeout must be more than max_wait_time
@@ -61,7 +66,7 @@ en:
       consumer_format: needs to be present
       id_format: 'needs to be a string with a Kafka accepted format'
       initial_offset_format: needs to be either earliest or latest
-      subscription_group_name_format: must be a non-empty string
+      subscription_group_details.name_format: must be a non-empty string
       manual_offset_management.active_format: needs to be either true or false
       manual_offset_management_must_be_enabled: cannot be disabled for ActiveJob topics
       inline_insights.active_format: needs to be either true or false
@@ -69,6 +74,7 @@ en:
       dead_letter_queue.max_retries_format: needs to be equal or bigger than 0
       dead_letter_queue.topic_format: 'needs to be a string with a Kafka accepted format'
       dead_letter_queue.active_format: needs to be either true or false
+      dead_letter_queue.independent_format: needs to be either true or false
       active_format: needs to be either true or false
       declaratives.partitions_format: needs to be more or equal to 1
       declaratives.active_format: needs to be true

data/config/locales/pro_errors.yml

@@ -3,6 +3,7 @@ en:
     topic:
       virtual_partitions.partitioner_respond_to_call: needs to be defined and needs to respond to `#call`
       virtual_partitions.max_partitions_format: needs to be equal or more than 1
+      virtual_partitions.offset_metadata_strategy_format: needs to be either :exact or :current
 
       long_running_job.active_format: needs to be either true or false
 
@@ -31,9 +32,30 @@ en:
       patterns.active_format: 'needs to be boolean'
       patterns.type_format: 'needs to be :matcher, :discovered or :regular'
 
+      periodic_job.active_missing: needs to be present
+      periodic_job.active_format: 'needs to be boolean'
+      periodic_job.interval_missing: 'needs to be present'
+      periodic_job.interval_format: 'needs to be an integer equal or more than 100'
+      periodic_job.during_pause_format: 'needs to be boolean'
+      periodic_job.during_retry_format: 'needs to be boolean'
+      periodic_job.materialized_format: 'needs to be boolean'
+      periodic_job.materialized_missing: 'needs to be present'
+
       inline_insights.active_format: 'needs to be boolean'
       inline_insights.required_format: 'needs to be boolean'
 
+      offset_metadata.active_format: 'needs to be boolean'
+      offset_metadata.cache_format: 'needs to be boolean'
+      offset_metadata.deserializer_missing: needs to be present
+      offset_metadata.deserializer_format: 'needs to respond to #call'
+
+      subscription_group_details.multiplexing_min_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details.multiplexing_max_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details_multiplexing_min_max_mismatch: 'min needs to be equal or less than max'
+      subscription_group_details_multiplexing_boot_mismatch: 'boot needs to be between min and max'
+      subscription_group_details.multiplexing_boot_format: 'needs to be an integer equal or more than 1'
+      subscription_group_details.multiplexing_boot_not_dynamic: 'needs to be equal to max when not in dynamic mode'
+
     consumer_group:
       patterns_format: must be an array with hashes
       patterns_missing: needs to be present

data/docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 services:
   kafka:
     container_name: kafka
-    image: confluentinc/cp-kafka:7.5.2
+    image: confluentinc/cp-kafka:7.5.3
 
     ports:
       - 9092:9092

data/karafka.gemspec

@@ -21,8 +21,8 @@ Gem::Specification.new do |spec|
     without having to focus on things that are not your business domain.
   DESC
 
-  spec.add_dependency 'karafka-core', '>= 2.2.7', '< 2.3.0'
-  spec.add_dependency 'waterdrop', '>= 2.6.11', '< 3.0.0'
+  spec.add_dependency 'karafka-core', '>= 2.3.0.alpha1', '< 2.4.0'
+  spec.add_dependency 'waterdrop', '>= 2.6.12', '< 3.0.0'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
   if $PROGRAM_NAME.end_with?('gem')

data/lib/karafka/admin/acl.rb

@@ -0,0 +1,287 @@
+# frozen_string_literal: true
+
+module Karafka
+  module Admin
+    # Struct and set of operations for ACLs management that simplifies their usage.
+    # It allows to use Ruby symbol based definitions instead of usage of librdkafka types
+    # (it allows to use rdkafka numerical types as well out of the box)
+    #
+    # We map the numerical values because they are less descriptive and harder to follow.
+    #
+    # This API works based on ability to create a `Karafka:Admin::Acl` object that can be then used
+    # using `#create`, `#delete` and `#describe` class API.
+    class Acl
+      # Types of resources for which we can assign permissions.
+      #
+      # Resource refers to any entity within the Kafka ecosystem for which access control can be
+      # managed using ACLs (Access Control Lists).
+      # These resources represent different components of Kafka, such as topics, consumer groups,
+      # and the Kafka cluster itself. ACLs can be applied to these resources to control and
+      # restrict reading, writing, and administrative operations, ensuring secure and authorized
+      # access to Kafka's functionalities.
+      RESOURCE_TYPES_MAP = {
+        # `:any` is only used for lookups and cannot be used for permission assignments
+        any: Rdkafka::Bindings::RD_KAFKA_RESOURCE_ANY,
+        # use when you want to assign acl to a given topic
+        topic: Rdkafka::Bindings::RD_KAFKA_RESOURCE_TOPIC,
+        # use when you want to assign acl to a given consumer group
+        consumer_group: Rdkafka::Bindings::RD_KAFKA_RESOURCE_GROUP,
+        # use when you want to assign acl to a given broker
+        broker: Rdkafka::Bindings::RD_KAFKA_RESOURCE_BROKER
+      }.freeze
+
+      # Resource pattern types define how ACLs (Access Control Lists) are applied to resources,
+      # specifying the scope and applicability of access rules.
+      # They determine whether an ACL should apply to a specific named resource, a prefixed group
+      # of resources, or all resources of a particular type.
+      RESOURCE_PATTERNS_TYPE_MAP = {
+        # `:any` is only used for lookups and cannot be used for permission assignments
+        any: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_ANY,
+        # Targets resources with a pattern matching for broader control with a single rule.
+        match: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_MATCH,
+        # Targets a specific named resource, applying ACLs directly to that resource.
+        literal: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_LITERAL,
+        # Applies ACLs to all resources with a common name prefix, enabling broader control with a
+        # single rule.
+        prefixed: Rdkafka::Bindings::RD_KAFKA_RESOURCE_PATTERN_PREFIXED
+      }.freeze
+
+      # ACL operations define the actions that can be performed on Kafka resources. Each operation
+      # represents a specific type of access or action that can be allowed or denied.
+      OPERATIONS_MAP = {
+        # `:any` is only used for lookups
+        any: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ANY,
+        # Grants complete access to a resource, encompassing all possible operations,
+        # typically used for unrestricted control.
+        all: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALL,
+        # Grants the ability to read data from a topic or a consumer group.
+        read: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_READ,
+        # Allows for writing data on a topic.
+        write: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_WRITE,
+        # Permits the creation of topics or consumer groups.
+        create: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_CREATE,
+        #  Enables the deletion of topics.
+        delete: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DELETE,
+        # Allows modification of topics or consumer groups.
+        alter: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALTER,
+        # Grants the ability to view metadata and configurations of topics or consumer groups.
+        describe: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DESCRIBE,
+        # Permits actions that apply to the Kafka cluster, like broker management.
+        cluster_action: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_CLUSTER_ACTION,
+        # Allows viewing configurations for resources like topics and brokers.
+        describe_configs: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_DESCRIBE_CONFIGS,
+        # Enables modification of configurations for resources.
+        alter_configs: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_ALTER_CONFIGS,
+        # Grants the ability to perform idempotent writes, ensuring exactly-once semantics in
+        # message production.
+        idempotent_write: Rdkafka::Bindings::RD_KAFKA_ACL_OPERATION_IDEMPOTENT_WRITE
+      }.freeze
+
+      # ACL permission types specify the nature of the access control applied to Kafka resources.
+      # These types are used to either grant or deny specified operations.
+      PERMISSION_TYPES_MAP = {
+        # Used for lookups, indicating no specific permission type.
+        any: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_ANY,
+        # Grants the specified operations, enabling the associated actions on the resource.
+        allow: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_ALLOW,
+        # Blocks the specified operations, preventing the associated actions on the resource.
+        deny: Rdkafka::Bindings::RD_KAFKA_ACL_PERMISSION_TYPE_DENY
+      }.freeze
+
+      # Array with all maps used for the Acls support
+      ALL_MAPS = [
+        RESOURCE_TYPES_MAP,
+        RESOURCE_PATTERNS_TYPE_MAP,
+        OPERATIONS_MAP,
+        PERMISSION_TYPES_MAP
+      ].freeze
+
+      private_constant :RESOURCE_TYPES_MAP, :RESOURCE_PATTERNS_TYPE_MAP, :OPERATIONS_MAP,
+                       :PERMISSION_TYPES_MAP, :ALL_MAPS
+
+      # Class level APIs that operate on Acl instances and/or return Acl instances.
+      # @note For the sake of consistency all methods from this API return array of Acls
+      class << self
+        # Creates (unless already present) a given ACL rule in Kafka
+        # @param acl [Acl]
+        # @return [Array<Acl>] created acls
+        def create(acl)
+          with_admin_wait do |admin|
+            admin.create_acl(**acl.to_native_hash)
+          end
+
+          [acl]
+        end
+
+        # Removes acls matching provide acl pattern.
+        # @param acl [Acl]
+        # @return [Array<Acl>] deleted acls
+        # @note More than one Acl may be removed if rules match that way
+        def delete(acl)
+          result = with_admin_wait do |admin|
+            admin.delete_acl(**acl.to_native_hash)
+          end
+
+          result.deleted_acls.map do |result_acl|
+            from_rdkafka(result_acl)
+          end
+        end
+
+        # Takes an Acl definition and describes all existing Acls matching its criteria
+        # @param acl [Acl]
+        # @return [Array<Acl>] described acls
+        def describe(acl)
+          result = with_admin_wait do |admin|
+            admin.describe_acl(**acl.to_native_hash)
+          end
+
+          result.acls.map do |result_acl|
+            from_rdkafka(result_acl)
+          end
+        end
+
+        # Returns all acls on a cluster level
+        # @return [Array<Acl>] all acls
+        def all
+          describe(
+            new(
+              resource_type: :any,
+              resource_name: nil,
+              resource_pattern_type: :any,
+              principal: nil,
+              operation: :any,
+              permission_type: :any,
+              host: '*'
+            )
+          )
+        end
+
+        private
+
+        # Yields admin instance, allows to run Acl operations and awaits on the final result
+        # Makes sure that admin is closed afterwards.
+        def with_admin_wait
+          Admin.with_admin do |admin|
+            yield(admin).wait(max_wait_timeout: Karafka::App.config.admin.max_wait_time)
+          end
+        end
+
+        # Takes a rdkafka Acl result and converts it into our local Acl representation. Since the
+        # rdkafka Acl object is an integer based on on types, etc we remap it into our "more" Ruby
+        # form.
+        #
+        # @param rdkafka_acl [Rdkafka::Admin::AclBindingResult]
+        # return [Acl] mapped acl
+        def from_rdkafka(rdkafka_acl)
+          new(
+            resource_type: rdkafka_acl.matching_acl_resource_type,
+            resource_name: rdkafka_acl.matching_acl_resource_name,
+            resource_pattern_type: rdkafka_acl.matching_acl_pattern_type,
+            principal: rdkafka_acl.matching_acl_principal,
+            host: rdkafka_acl.matching_acl_host,
+            operation: rdkafka_acl.matching_acl_operation,
+            permission_type: rdkafka_acl.matching_acl_permission_type
+          )
+        end
+      end
+
+      attr_reader :resource_type, :resource_name, :resource_pattern_type, :principal, :host,
+                  :operation, :permission_type
+
+      # Initializes a new Acl instance with specified attributes.
+      #
+      # @param resource_type [Symbol, Integer] Specifies the type of Kafka resource
+      #   (like :topic, :consumer_group).
+      #   Accepts either a symbol from RESOURCE_TYPES_MAP or a direct rdkafka numerical type.
+      # @param resource_name [String, nil] The name of the Kafka resource
+      #   (like a specific topic name). Can be nil for certain types of resource pattern types.
+      # @param resource_pattern_type [Symbol, Integer] Determines how the ACL is applied to the
+      #   resource. Uses a symbol from RESOURCE_PATTERNS_TYPE_MAP or a direct rdkafka numerical
+      #   type.
+      # @param principal [String, nil] Specifies the principal (user or client) for which the ACL
+      #   is being defined. Can be nil if not applicable.
+      # @param host [String] (default: '*') Defines the host from which the principal can access
+      #   the resource. Defaults to '*' for all hosts.
+      # @param operation [Symbol, Integer] Indicates the operation type allowed or denied by the
+      #   ACL. Uses a symbol from OPERATIONS_MAP or a direct rdkafka numerical type.
+      # @param permission_type [Symbol, Integer] Specifies whether to allow or deny the specified
+      #   operation. Uses a symbol from PERMISSION_TYPES_MAP or a direct rdkafka numerical type.
+      #
+      # Each parameter is mapped to its corresponding value in the respective *_MAP constant,
+      # allowing usage of more descriptive Ruby symbols instead of numerical types.
+      def initialize(
+        resource_type:,
+        resource_name:,
+        resource_pattern_type:,
+        principal:,
+        host: '*',
+        operation:,
+        permission_type:
+      )
+        @resource_type = map(resource_type, RESOURCE_TYPES_MAP)
+        @resource_name = resource_name
+        @resource_pattern_type = map(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP)
+        @principal = principal
+        @host = host
+        @operation = map(operation, OPERATIONS_MAP)
+        @permission_type = map(permission_type, PERMISSION_TYPES_MAP)
+        freeze
+      end
+
+      # Converts the Acl into a hash with native rdkafka types
+      # @return [Hash] hash with attributes matching rdkafka numerical types
+      def to_native_hash
+        {
+          resource_type: remap(resource_type, RESOURCE_TYPES_MAP),
+          resource_name: resource_name,
+          resource_pattern_type: remap(resource_pattern_type, RESOURCE_PATTERNS_TYPE_MAP),
+          principal: principal,
+          host: host,
+          operation: remap(operation, OPERATIONS_MAP),
+          permission_type: remap(permission_type, PERMISSION_TYPES_MAP)
+        }.freeze
+      end
+
+      private
+
+      # Maps the provided attribute based on the mapping hash and if not found returns the
+      # attribute itself. Useful when converting from Acl symbol based representation to the
+      # rdkafka one.
+      #
+      # @param value [Symbol, Integer] The value to be mapped.
+      # @param mappings [Hash] The hash containing the mapping data.
+      # @return [Integer, Symbol] The mapped value or the original value if not found in mappings.
+      def map(value, mappings)
+        validate_attribute!(value)
+
+        mappings.invert.fetch(value, value)
+      end
+
+      # Remaps the provided attribute based on the mapping hash and if not found returns the
+      # attribute itself. Useful when converting from Acl symbol based representation to the
+      # rdkafka one.
+      #
+      # @param value [Symbol, Integer] The value to be mapped.
+      # @param mappings [Hash] The hash containing the mapping data.
+      # @return [Integer, Symbol] The mapped value or the original value if not found in mappings.
+      def remap(value, mappings)
+        validate_attribute!(value)
+
+        mappings.fetch(value, value)
+      end
+
+      # Validates that the attribute exists in any of the ACL mappings.
+      # Raises an error if the attribute is not supported.
+      # @param attribute [Symbol, Integer] The attribute to be validated.
+      # @raise [Karafka::Errors::UnsupportedCaseError] raised if attribute not found
+      def validate_attribute!(attribute)
+        ALL_MAPS.each do |mappings|
+          return if mappings.keys.any?(attribute)
+          return if mappings.values.any?(attribute)
+        end
+
+        raise Karafka::Errors::UnsupportedCaseError, attribute
+      end
+    end
+  end
+end