julie icon indicating copy to clipboard operation
julie copied to clipboard

Published 20 hours ago verified publisher icon kafka-ops

RBAC - Optimize ACLs should add PREFIXED bindings for schema registry

Open damien-malescot opened this issue 2 years ago • 0 comments

Is your feature request related to a problem? Please describe. When optimize acls is set in configure file like this : topology.acls.optimized=true

Schema registry bindings are are not using this property.

Describe the solution you'd like With optimize ACL and this topology file :

context: "DEV"
source: "test"
projects:
  - name: "project"
    schemas:
      - principal: "Group:CONSUMER_READ"
        role: DeveloperRead

JulieOps should create schema registry's bindings like this : DEV.test.project.* / PREFIXED / Group:CONSUMER_READ / DeveloperRead

In fact, in optimize mode it seem consistent that principal would access to all schemas under the prefix. Otherwise it's very boring to declare each schemas in "schemas" section.

Thanks

damien-malescot avatar Jul 29 '22 10:07 damien-malescot