Open JFlath opened 1 day ago
N.B. The line referenced is one example, but the same applies for all requests in that file (and possibly more broadly)
I think we had discussions about constraining the character set for roles to the same rules that apply to topics. Reason being things such as:
Is there a specific reason to relax the requirements?
So at the moment you can use rpk to create a role called my.team
- Console will then fail to work with that correctly even though it's a real role that exists within Redpanda. I agree with the points raised, but the convention/standard has already been defined by what we allow in Redpanda itself
The API is cloud exclusive and RPK uses that API as well. In RP Cloud no one can create a role with a different convention because everything has to go through console
We may be talking cross purposes here, not sure - rpk security role create my.team
uses Redpanda's Admin API directly (/v1/security/roles
) and is available on Self Hosted clusters. I do see this in the code though that seems to suggest we permanently gate this?
https://github.com/redpanda-data/console/blob/master/frontend/src/state/supportedFeatures.ts#L54-L56
I think we had discussions about constraining the character set for roles to the same rules that apply to topics. Reason being things such as:
Currently with console you can also create a topic containing .
like test.example, but you can't create role like that. So this is not consistent.
In Console we apply this filter:
https://github.com/redpanda-data/console/blob/c99b26ed8d033f076467c12d02895779b18b0907/proto/redpanda/api/console/v1alpha1/security.proto#L80
However Redpanda itself isn't so strict:
https://github.com/redpanda-data/redpanda/blob/dev/src/v/redpanda/admin/security.cc#L293 vvv https://github.com/redpanda-data/redpanda/blob/0c0a3db581140bb2b8e0d6624cb4eabb697449d7/src/v/security/scram_algorithm.cc#L362 vvv https://github.com/redpanda-data/redpanda/blob/0c0a3db581140bb2b8e0d6624cb4eabb697449d7/src/v/security/scram_algorithm.cc#L193 vvv https://github.com/redpanda-data/redpanda/blob/0c0a3db581140bb2b8e0d6624cb4eabb697449d7/src/v/security/scram_algorithm.cc#L34-L45
Redpanda's implementation seems inkeeping with others. Notably, Console doesn't allow
.
in a Role