Closed damien-malescot closed 2 years ago
Thanks again @damien-malescot for your list of interesting issues, I'm really grateful for your help and interest on making JulieOps a bit better. If I understand you better, you are proposing to have something like this kind of filter (if maching):
In this order, for AccessControlManager.
would that be accurate map of your suggestion here?
Hi @purbon, indeed that should fix this bug. Julie should only manage service account for the defined topic filters if any.
Thanks.
Fair enough! Let me shot your way a proposal PR and let me know if that fits it, ok?
@ludovic-boutros @damien-malescot as shared, I have created #521 as the proposed amend for this. Does this paint your thoughts and proposals in the issue?
Describe the bug In PR 418 service account take now precedence over all if configured. But if we have service account AND topic managed in configuration filter is not correct.
To Reproduce New code in PR 418 :
If we have an RBAC right like this in cluster :
Create a new topoology file :
with configs
After execution first binding is delete
In fact, binding match service account but topic is not is this file, so julieops delete this binding.
topology.topic.managed.prefixes is not used in this case to filter serviceaccount AND topic matching.
Expected behavior Service account should not always take precedence if configured.
Additional context JulieOps master branch