kafka-gitops icon indicating copy to clipboard operation
kafka-gitops copied to clipboard

Published 20 hours ago • verified publisher icon devshawn

Question: users and customUserAcls config

Open gquintana opened this issue 3 years ago • 1 comments

As far as I understand users and ACLs are in 2 separate sections:

users:
  my-test-user:
    principal: User:my-test-user
customUserAcls:
  my-test-user:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW

Why are they separate? What about:

users:
  my-test-user:
    principal: User:my-test-user
    acls:
      read-all-kafka:
        name: kafka.
        type: TOPIC
        pattern: PREFIXED
        host: "*"
        operation: READ
        permission: ALLOW

Or to be able to share ACLs groups among several users (some kind of RBAC):

users:
  my-test-user:
    principal: User:my-test-user
    roles:
      - my-test-role
  my-other-user:
    principal: User:my-other-user
    roles:
      - my-test-role
customRoles:
  my-test-role:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW

gquintana avatar May 03 '21 16:05 gquintana

especially the RBAC solution would be great

rolandjohann avatar Jul 20 '21 10:07 rolandjohann