cp-ansible
cp-ansible copied to clipboard
Additional Rbac SystemAdmins is hardcoded to "User" - as an user I would like to set Groups
Describe the issue Currently additional Systemadmins for components are hardcoded for users: eg:
"{{mds_bootstrap_server_urls.split(',')[0]}}/security/1.0/principals/User:{{item}}/roles/SystemAdmin"
However the API would allow any valid principal
- meaning Group:aldapgroup
would work as well.
https://docs.confluent.io/platform/6.1.2/security/rbac/mds-api.html#rbac-rolebinding-crud
POST /security/1.0/principals/{principal}/roles/{roleName}
Introducing that and a bit of Ansible Code would allow for rbac_component_additional_system_admin_groups
.
Do you think that would be a legit addition?
Edit:
The "easiest" fix would imho be to remove the User:
string from the Rest-Call and simply set:
rbac_component_additional_system_admins:
- User:user1
- Group:group1
+1 to this.
This functionality has been added. We can use it from 7.3.0-post onwards.