Open Fobhep opened 3 years ago
Hi @Fobhep , thanks a lot for your comments and constant collaboration here.
The initial idea for user management here was to use Linux groups to manage other people who might need access to the ktb binary. If you add any user who is not ktb-kafka to the ktb-group they will be able to run the tool.
[vagrant@myhost ~]$ sudo usermod -a -G ktb-kafka vagrant
[vagrant@myhost ~]$ exit
logout
Connection to 127.0.0.1 closed.
pere@fuchsi ~/work/kafka-topology-builder/release/rpm improve-package-update ● vagrant ssh
Last login: Mon Dec 14 14:35:54 2020 from 10.0.2.2
[vagrant@myhost ~]$ kafka-topology-builder
Parsing failed cause of Missing required options: topology, clientConfig
usage: cli
--allowDelete Permits delete operations for topics and
configs. (deprecated, to be removed)
--brokers <arg> The Apache Kafka server(s) to connect to.
--clientConfig <arg> The AdminClient configuration file.
--dryRun Print the execution plan without altering
anything.
--help Prints usage information.
--plans <arg> File describing the predefined plans
--quiet Print minimum status update
--topology <arg> Topology config file.
--version Prints useful version information.
as the main usage of a tool like this is to be run over Jenkins, as of now I think of this as a low priority situation. I hope this makes sense to you.
Might be in the future we aim to add more permissive access, but not sure where there is much benefit of this right now.
@purbon Imho adding users to the julie-ops group is a good and proper solution. I think we could very well live with that but we should consider adding a short note to the docs regarding the need. Imho we could then close this issue as well
This is related to #133 - however also valid for the rpm version.
Deb and RPM installations fail when neither
root
norktb-kafka
are used for executing ktb (due to 440 permissions).Fixing the permissions in that way solves it: