Schema linking testing

security/rbac/delta_configs/schema-registry.properties.delta

@@ -8,7 +8,7 @@ kafkastore.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBe
 schema.registry.group.id=schema-registry-demo
 
 # These properties install the Schema Registry security plugin, and configure it to use RBAC for authorization and OAuth for authentication
-schema.registry.resource.extension.class=io.confluent.kafka.schemaregistry.security.SchemaRegistrySecurityResourceExtension
+schema.registry.resource.extension.class=io.confluent.kafka.schemaregistry.security.SchemaRegistrySecurityResourceExtension,io.confluent.schema.exporter.SchemaExporterResourceExtension
 confluent.schema.registry.authorizer.class=io.confluent.kafka.schemaregistry.security.authorizer.rbac.RbacAuthorizer
 rest.servlet.initializor.classes=io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler
 
@@ -23,5 +23,9 @@ confluent.metadata.http.auth.credentials.provider=BASIC
 public.key.path=/tmp/tokenPublicKey.pem
 
 # This enables anonymous access with a principal of User:ANONYMOUS
+schema.linking.rbac.enable=true
 confluent.schema.registry.anonymous.principal=true
 authentication.skip.paths=/*
+kafkastore.update.handlers=io.confluent.schema.exporter.storage.SchemaExporterUpdateHandler
+password.encoder.secret=mysecret
+

security/rbac/scripts/enable-rbac-schema-registry.sh

@@ -42,10 +42,21 @@ login_mds $MDS
 # Get the Kafka cluster id
 get_cluster_id_kafka
 
+
+
 echo -e "\n# Grant principal User:$USER_ADMIN_SCHEMA_REGISTRY the ResourceOwner role to Topic:_schemas"
 echo "confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_schemas --kafka-cluster-id $KAFKA_CLUSTER_ID"
 confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_schemas --kafka-cluster-id $KAFKA_CLUSTER_ID
 
+echo -e "\n# Grant principal User:$USER_ADMIN_SCHEMA_REGISTRY the ResourceOwner role to Topic:_schemas"
+echo "confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_exporter_configs --kafka-cluster-id $KAFKA_CLUSTER_ID"
+confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_exporter_configs --kafka-cluster-id $KAFKA_CLUSTER_ID
+echo "$KAFKA_CLUSTER_ID"
+confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_exporter_states --kafka-cluster-id $KAFKA_CLUSTER_ID
+
+# ONLY NEEDED FOR 7.4.0
+confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Topic:_schema_encoders --kafka-cluster-id $KAFKA_CLUSTER_ID
+
 echo -e "\n# Grant principal User:$USER_ADMIN_SCHEMA_REGISTRY the ResourceOwner role to Group:schema-registry-demo"
 echo "confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Group:schema-registry-demo --kafka-cluster-id $KAFKA_CLUSTER_ID"
 confluent iam rbac role-binding create --principal User:$USER_ADMIN_SCHEMA_REGISTRY --role ResourceOwner --resource Group:schema-registry-demo --kafka-cluster-id $KAFKA_CLUSTER_ID

security/rbac/scripts/init.sh

@@ -15,7 +15,7 @@ check_jq || exit 1
 mkdir -p /tmp/original_configs
 mkdir -p /tmp/rbac_configs
 
-./create_login_properties.py
+python3 create_login_properties.py
 
 # Generate keys
 openssl genrsa -out /tmp/tokenKeypair.pem 2048