search

kafka-ops / julie

A solution to help you build automation and gitops in your Apache Kafka deployments. The Kafka gitops!
MIT License
417 stars 113 forks source link

Support for ACL host #570

Open qzhang1995 opened 1 year ago

qzhang1995 commented 1 year ago

I am trying to set up ACL for host using custom JulieRoles (suggested by issue #519), Current ACLs for resource ResourcePattern(resourceType=TOPIC, name=test-topic, patternType=LITERAL): (principal=User:ANONYMOUS, host=100.64.1.2, operation=WRITE, permissionType=ALLOW)

  1. In the roles.yaml , i set up the custom role, we are using confluent platform.

    roles:

    • name: "hostACL" acls:
      • resourceType: "Topic" resourceName: "test-topic" patternType: "LITERAL"
        host: "100.64.1.2"
        role: "DeveloperWrite"

  2. Assign the custom role in topology.yaml

    projects:

    • name: "Atest" hostACL:
      • principal: "User:ANONYMOUS"

  3. But in the julie ACL execution log and it has wildcard value "host" : "". { "Operation" : "com.purbon.kafka.topology.actions.access.CreateBindings", "Bindings" : [ { "resourceType" : "TOPIC", "resourceName" : "test-topic", "host" : "", "operation" : "DeveloperWrite", "principal" : "User:ANONYMOUS", "pattern" : "LITERAL", "scope" : { "clusters" : { "kafka-cluster" : "***" }, "resources" : [ { "name" : "test-topic", "patternType" : "LITERAL", "resourceType" : "Topic" } ] } } ] }

this is in the ACL list in the end of the julieOps execution log 'TOPIC', 'test-topic', '*', 'DeveloperWrite', 'User:ANONYMOUS', 'LITERAL'

Is it possible to set up ACL for Hosts? thanks.