RBAC - Prefixed's bindings are too permissives

[damien-malescot]

Describe the bug When we configure topology.acls.optimized=true RBAC bindings are set in mode PREFIXED like this : **context.source.projectName***

In some contexts, bindings can be too permissive, for example if with have 2 projects with the same starting name :

1. context.source.foo bindings will be context.source.foo*
2. context.source.foobar bindings will be context.source.foobar*

In this example, consumer's in first project (context.source.foo) can read topics in the seconds (context.source.foobar)

To Reproduce Create 2 topologies with a same project's starting name. Apply topology

Expected behavior Authorizations of each projects are separated

Additional context Quick correction could be to add a dot at the end of bindings :

1. context.source.foo bindings will be context.source.foo.*
2. context.source.foobar bindings will be context.source.foobar.*

[purbon]

This makes complete sense @damien-malescot, thanks a lot for your issue. This should be now fixed with the introduction of #515, this will be released in the next release. Thanks again for your contribution.

[damien-malescot]

This makes complete sense @damien-malescot, thanks a lot for your issue. This should be now fixed with the introduction of #515, this will be released in the next release. Thanks again for your contribution.

Thanks, you are very reactive 😉