Closed AntAreS24 closed 4 years ago
AntAreS24
commented
4 years ago So far, I'm thinking to create a user called gitops-user (whatever the name is fine) and assigned the following permissions:
./kafka-acls.sh (...) --add --allow-principal User:gitops-user --operation Create --operation Delete --operation Alter --operation Describe --topic '*'
devshawn
commented
4 years ago Hi @AntAreS24, I've added some documentation on this here:
https://devshawn.github.io/kafka-gitops/#/permissions
I've run some tests and I believe those are the correct credentials. See example state file for how to do it with kafka-gitops.
Essentially you need the topic and topic config ACLs set for managing topics. For services/users/custom ACLs, you need the alter config ACL. If you want to use kafka-gitops for only topics with no ACL functionality, we'd have to add a flag for that as if you don't provide the alter cluster ACL then it will fail on plan/apply.
Hope that helps!
AntAreS24
commented
4 years ago Great, perfect!
I was missing the Alter permission on the cluster...
Hi,
I'm currently looking at locking down the cluster as much as possible, and as such, I was wondering what would the minimal permission for the kafka-gitops user would be?
Could we have an example in the doc on that?