Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add api-key resource_type assignment based on verified conditions #8

Open
rjudin opened this issue Oct 15, 2020 · 2 comments
Open

Add api-key resource_type assignment based on verified conditions #8

rjudin opened this issue Oct 15, 2020 · 2 comments

Comments

@rjudin
Copy link
Contributor

rjudin commented Oct 15, 2020
edited

Issue

api-key should have Resource Type, otherwise empty value disallow access to specified resource

  • cloud - when created without cluster_id or logical_clusters parameters
  • kafka - when created with specified cluster_id or logical_clusters parameters

Action

Please add resource_type assignment based on verified conditions

Example

3 types of api keys [1] were created:

  • rj-tf-keys - via web https://confluent.cloud :: got type cloud - wide access to cloud resources (including env, clusters, topics, etc)
  • TF-to-cluster - via terraform resource [2] :: got type NULL - expected to grant access SA to the desired cluster
  • CLI-to-cluster - via cli cloud API key create [3] :: got type kafka - expected to grant access SA to the desired cluster

Verification:

create a topic at lkc-clus1 cluster:

  • rj-tf-keys - SUCCESS👍
  • TF-to-cluster - FAILED 😟
  • CLI-to-cluster - SUCCESS👍

[1] ccloud api-key list

         Key         | Owner  |  Description   | Resource Type | Resource ID  
+--------------------+--------+----------------+---------------+-------------+
    MASKEDMASKED7EHE | 123123 | rj-tf-keys     | cloud         |              
    MASKEDMASKED7S2E | 123456 | TF-to-cluster  |               | lkc-clus1    
    MASKEDMASKED7TR3 | 123456 | CLI-to-cluster | kafka         | lkc-clus1

[2] terraform resource confluentcloud_api_key

resource "confluentcloud_api_key" "this" {
  description = "TF-to-cluster"

  environment_id = confluentcloud_environment.this.id
  cluster_id     = local.cluster_id
  user_id        = confluentcloud_service_account.this.id
}

[3] cli-reference
ccloud service-account list

Id | Name | Description
+--------+------------------+--------------------------+
123456 | DEV-test-sa-test | DEV service account test

ccloud api-key create --resource lkc-clus1 --service-account 123456 --description CLI-to-cluster
@rjudin
Copy link
Contributor Author

rjudin commented Oct 22, 2020

@brunodomenici can you please help with that?

@brunodomenici
Copy link
Contributor

Hi @rjudin, unfortunately I can't work on this right now. I'm not sure I got the issue, but I know that Confluent is changing lots of things on this matter and I think worth wait the official Confluent Cloud REST API version https://confluent.cloud/api/docs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brunodomenici @rjudin