Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cluster: create default "Users" role when RBAC is activated #17624

Merged
merged 4 commits into from
Apr 5, 2024
Merged

cluster: create default "Users" role when RBAC is activated #17624

merged 4 commits into from
Apr 5, 2024

Conversation

pgellert
Copy link
Contributor

@pgellert pgellert commented Apr 4, 2024

This implements a one-time convenience functionality. On the first upgrade to an RBAC-supporting build, this creates a "Users" role that contains all the existing SASL/SCRAM users to help customers get started with RBAC.

It uses the already implemented feature migrator to create a role when the feature first becomes active.

Finally, it implements a suppression to the license nag to not show the license nag for this auto-generated role.

Closes https://github.com/redpanda-data/core-internal/issues/1205

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.3.x
  • v23.2.x

Release Notes

  • none

@pgellert pgellert requested review from oleiman and a team April 4, 2024 08:56
@pgellert pgellert self-assigned this Apr 4, 2024
@pgellert pgellert requested review from aanthony-rp and removed request for a team April 4, 2024 08:56
@pgellert pgellert requested review from BenPope and removed request for aanthony-rp April 4, 2024 08:59
@vbotbuildovich
Copy link
Collaborator

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47376#018ea896-eb55-461e-99e5-db751dd58679

BenPope
BenPope reviewed Apr 4, 2024
View reviewed changes
src/v/migrations/rbac_migrator.cc Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.h Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.h Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.h Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.h Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.h Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.cc Outdated Show resolved Hide resolved
src/v/migrations/rbac_migrator.cc Outdated Show resolved Hide resolved
@pgellert pgellert force-pushed the rbac/default-role-on-upgrade branch from 908f0d0 to 7b66833 Compare April 4, 2024 14:58
@pgellert
Copy link
Contributor Author

pgellert commented Apr 4, 2024

Force-pushed to address all of the comments above

@pgellert
cluster: suppress license nag for default role
687bc3f 
We don't want to bother customers with a license nag for the role we
auto-create for the users.
@pgellert pgellert force-pushed the rbac/default-role-on-upgrade branch from 7b66833 to 687bc3f Compare April 4, 2024 16:06
@pgellert
Copy link
Contributor Author

pgellert commented Apr 4, 2024

Force-pushed to prevent allocating the range query result.

@pgellert pgellert requested review from BenPope and oleiman April 4, 2024 16:07
oleiman
oleiman approved these changes Apr 4, 2024
View reviewed changes
Copy link
Member

@oleiman oleiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

src/v/features/feature_table.cc
return "role_base_access_control";
return "role_based_access_control";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sigh. good catch!

@pgellert pgellert merged commit e7648f5 into redpanda-data:dev Apr 5, 2024
18 checks passed
@pgellert pgellert deleted the rbac/default-role-on-upgrade branch April 5, 2024 14:39
@nvartolomei nvartolomei mentioned this pull request Apr 10, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleiman oleiman oleiman approved these changes

@BenPope BenPope Awaiting requested review from BenPope

Assignees

@pgellert pgellert

Labels
area/redpanda
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pgellert @vbotbuildovich @BenPope @oleiman