redpanda-data
redpanda: Deduplicate ACLs
Right now when we send a request for creating ACL, Redpanda add ACL no matter if exist a previous ACL for the same service account (+ sourcename on topic and group).
example:
request 1: service-account1{topic(topic1): alter, read and write}
request 2: service-account1{topic(topic1): read and write}
list acl request: [service-account1{topic(topic1): alter, read and write}, service-account1{topic(topic1): read and write}]
we need that Redpanda only saves the last ACLs that we sent: expected behavior:
request 1: service-account1{topic(topic1): alter, read and write, cluster: alter-config}
request 2: service-account1{topic(topic1): read and write, cluster: read-config}
list acl request: [service-account1{topic(topic1): read and write, cluster: read-config}]
@andresaristizabal I'm looking at the ACL implementation and we already have some deduplication. I'm wondering if in your example above alter and read and write are separate ACLs but alter implies read/write and so the duplication in this case is a UI issue. If you add the same ACL twice does it properly deduplicate?
request 1: service-account1{topic(topic1): alter, read and write} <- this is 3 differents acl for same sourceName (topic1) and specifict service account
Oh, I tested again and now Redpanda doesn't allow create duplicate ACL (ServiceAccount+SourceName+permission), but I found another problem related to "update" the ACL. when I send:
request 1: service-account1, acls: { sourceName: topic(topic1), permissions: [alter, read and write]} it works fine, but when I send request 2: service-account1, acls: { sourceName: topic(topic1), permissions: [read]} this responses :+1: but when I list the ACL, I see the previous permissions: [alter, read and write] and I expected to receive: [read].
ACLs are additive, not complete replacements -- closing as working as intended
