Haarolean
commented
6 months ago Hi, this repo is not maintained (https://github.com/provectus/kafka-ui/discussions/4255) Happy to see your bug reports here: https://github.com/kafbat/ui-serde-glue
Open olivd4400 opened 6 months ago
Haarolean
commented
6 months ago Hi, this repo is not maintained (https://github.com/provectus/kafka-ui/discussions/4255) Happy to see your bug reports here: https://github.com/kafbat/ui-serde-glue
Hello,
With Amazon MSK Library for AWS Identity and Access Management, it is possible to switch role for accessing MSK cluster (https://github.com/aws/aws-msk-iam-auth?tab=readme-ov-file#specifying-an-aws-iam-role-for-a-client)
` security.protocol=SASL_SSL sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required awsRoleArn="arn:aws:iam::xxxxxx:role/msk_client_role" awsRoleSessionName="test-msk" ; sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler `
This is working fine for Kafka access. Permissions that are checked within kakfa Ui for listing brokers, topics, ... are permissions attached to "msk_client_role" (endossed role)
However this SASL config awsRoleArn has no effect on the serde. Permissions that apply are the one attached to the logged user. Obvisously SASL config apply only to kafka-ui, not to the serde.
Would it be possible for the serde to swith to a specific role that allows Glue Schema Registry Access?
Thanks in advance, Olivier