search

devshawn / kafka-gitops

🚀Manage Apache Kafka topics and generate ACLs through a desired state file.
https://devshawn.github.io/kafka-gitops
Apache License 2.0
317 stars 71 forks source link

Question: users and customUserAcls config #66

Open gquintana opened 3 years ago

gquintana commented 3 years ago

As far as I understand users and ACLs are in 2 separate sections:

users:
  my-test-user:
    principal: User:my-test-user
customUserAcls:
  my-test-user:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW

Why are they separate? What about:

users:
  my-test-user:
    principal: User:my-test-user
    acls:
      read-all-kafka:
        name: kafka.
        type: TOPIC
        pattern: PREFIXED
        host: "*"
        operation: READ
        permission: ALLOW

Or to be able to share ACLs groups among several users (some kind of RBAC):

users:
  my-test-user:
    principal: User:my-test-user
    roles:
      - my-test-role
  my-other-user:
    principal: User:my-other-user
    roles:
      - my-test-role
customRoles:
  my-test-role:
    read-all-kafka:
      name: kafka.
      type: TOPIC
      pattern: PREFIXED
      host: "*"
      operation: READ
      permission: ALLOW
rolandjohann commented 3 years ago

especially the RBAC solution would be great