-
Notifications
You must be signed in to change notification settings - Fork 552
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce principal_type::role
#16768
Conversation
/dt |
0d79ce8
to
d6a5cd9
Compare
/dt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I did wonder if Role:
prefix might be taken elsewhere, or at some point in the future, and wondered if "namespacing it", i.e., RedpandaRole:
might be useful.
Ya, posted something in slack so folks can see, but I'm going to change this. |
d6a5cd9
to
fe3c7ca
Compare
force push: "Role:" -> "RedpandaRole:" |
fe3c7ca
to
b8e1c43
Compare
force push: typo |
b8e1c43
to
0967e8f
Compare
force push rebase to fix merge conflict |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rpk bits LGTM 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Also adds "RedpandaRole:" prefix handling to conversion helpers: - to_acl_principal(...) - to_kafka_principal(...)
Normally rpk adds a "User:" prefix to any principal name that doesn't include it. This commit adds an exception to the rule.
Verify that we can create them and that ACLs for "RedpandaRole:<name>" don't bleed over to "User:<name>". Verifies that franz-go based clients won't choke on "RedpandaRole:" type principals
0967e8f
to
eb4e275
Compare
force push fix test docstring and remove out-of-date linter suppression |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I would try to add in a test or two that tests that error handling works (e.g. if a principal doesn't begin with either User:
or RedpandaRole:
Verifying that Java-based clients won't choke on "RedpandaRole:" Verifying that Redpanda rejects ACL bindings with a bogus principal type and that Java-based clients properly handle the result. In this case that means a non-zero exit status becuase shell scripts are fun!
Verifying that librdkafka-based clients won't choke on "RedpandaRole:". Verifying that ACL bindings with a bogus principal are rejected and that librdkafka-based clients won't choke on the result.
eb4e275
to
ebb1d8d
Compare
force push to add tests for invalid role prefix handling (librdkafka and java only b/c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/45656#018e0c14-762a-4599-8757-b05662a67b42 |
This PR introduces a new type of security principal for RBAC.
Updates
security::to_acl_principal
andsecurity::to_kafka_principal
to support "Role:" prefix.Includes a small
rpk
update to respect the "Role:" prefix when creating/deleting ACLsCloses https://github.com/redpanda-data/core-internal/issues/1100
Backports Required
Release Notes