-
Notifications
You must be signed in to change notification settings - Fork 552
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cluster: create default "Users" role when RBAC is activated #17624
cluster: create default "Users" role when RBAC is activated #17624
Conversation
ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47376#018ea896-eb55-461e-99e5-db751dd58679 |
908f0d0
to
7b66833
Compare
Force-pushed to address all of the comments above |
We don't want to bother customers with a license nag for the role we auto-create for the users.
7b66833
to
687bc3f
Compare
Force-pushed to prevent allocating the range query result. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
return "role_base_access_control"; | ||
return "role_based_access_control"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sigh. good catch!
This implements a one-time convenience functionality. On the first upgrade to an RBAC-supporting build, this creates a "Users" role that contains all the existing SASL/SCRAM users to help customers get started with RBAC.
It uses the already implemented feature migrator to create a role when the feature first becomes active.
Finally, it implements a suppression to the license nag to not show the license nag for this auto-generated role.
Closes https://github.com/redpanda-data/core-internal/issues/1205
Backports Required
Release Notes