-
-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Adding 'groups' to simplify auths #143
Comments
Totally agree, but to be totally transparent, peoples working on ldap may have started working on this part, since it more than necessary on ldap auth (group are here in ldap). here is the brief I send us : kafkahq:
security:
basic-auth:
user:
password: d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1
# Change basic auth with roles instead of permission (like now)
groups:
- topic-reader
- admin
# list of groups in kafkaHQ
groups:
topic-reader:
attributes:
topics-filter-regexp: "test.*"
roles:
- topic/read
admin:
roles:
- topic/read
- topic/insert
- topic/delete
- topic/config/gupdate
- node/read
- node/config/update
- topic/data/read
- topic/data/insert
- topic/data/delete
- group/read
- group/delete
- group/offsets/update
- registry/read
- registry/insert
- registry/update
- registry/delete
- registry/version/delete
- user/read
- connect/read
- connect/insert
- connect/update
- connect/delete
- connect/state/update Your version is retro compatible, that be can be a good thing for some people (will have less issue on githib 😆). One concern is about topic prefix that I don't think before, so I cheat the example below to add this, thanks for pointing me this one. As I know, the work is already started from other guy, so for #142, you will see who would be the first and I will handle the merge myself I think. |
Hey, I think we should clarify a bit about topics-filter-regexp. Example : My group could be set to be a "topic-reader", but each user could have its own business, like one for the "car-" and another user for the "truck-". Each of them will have the same group but a different topics-filter-regexp. Another thing is that we should also add (I think), an other field to limitate the available clusters. For now, if kafkaHQ has only one instance, the user will have access to both of them. What do you think about this ? |
For the topic regexp, I'll really prefer to create 2 groups with 2 different topic regexp. For the cluster limitation, the need is here (also the consumer group ⏩ ) 😄 |
* implementing calendar * implementing calendar * finished update and implementation of calendar * added an import * removed console.logs
Hey,
While thinking on #142, I thought we could make a change on the way that security configuration is set. It could help to be cleaner I guess even for the basic auth. If you agree, it has to be before starting #142.
What I suggest here is to be able to do this :
The goal is to simplify the management of the users in the configuration file. Instead of repeating roles every time, we create the possibility to have group of roles and use them.
When creating user details, we will merge roles from selected group if there is one, and those from roles list, if they exists.
What do you think ?
The text was updated successfully, but these errors were encountered: