Closed arpan57 closed 2 years ago
Hi @arpan57,
Strimzi CLI only deals with internal users, and so the Strimzi itself should be. I am not sure if you can use external users with Strimzi. You open a new issue for the question from here: https://github.com/strimzi/strimzi-kafka-operator/issues
Feel free to close this issue if my answer satisfies you.
@arpan57 I am closing this since I did not hear you for some time. Feel free to open another issue for this if you still feel it is not resolved. Thanks
I have configured the strimzi with external CA. I have created an SSL certificate for my-user, and got it signed by CA. I could create the keystore and could authenticate it while using console producer and consumer by passing the client.properties(keystore/truststore,etc) Since the users are managed externally (=client's certificates are managed externally), I have removed the Useroperator. Also I have also removed the TopicOperator from the cluster YAML definition. Now, I want to achieve three things
(1) I want to enable my-user to access to my-topic (Read/Write) (2) I want to grant only my-user to have power to create topics on the cluster (3) I want to grant only my-user to have power to modify ACLs in future.
How do I go about them?
I tried giving permission to my-user to read/write my-topic with Strimzi CLI but I get an error
kfk acls --add --allow-principal User:CN=my-user,O=KafkaSecurity,L=Prague,C=CZ --operation WRITE --topic my-topic -c my-cluster -n kafka
Error from server (NotFound): kafkausers.kafka.strimzi.io "CN=my-user,O=KafkaSecurity,L=Prague,C=CZ" not foundNot sure what am I missing here.