Skip to content

BE: RBAC: Implement instance-wide default role #1056

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
Jul 10, 2025
Merged

BE: RBAC: Implement instance-wide default role #1056

merged 20 commits into from
Jul 10, 2025

Conversation

@seono
Copy link
Contributor

@seono seono commented May 4, 2025
edited by Haarolean
Loading

I’ve opened a draft PR. If this approach looks okay, I’ll follow up with tests and documentation.

  • Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)
Implement default role
Resolves #344

Is there anything you'd like reviewers to focus on?
I updated each extractor’s extract method to return the defaultRole if it’s present, but I’m not sure if this aligns with the original intention of how extract is supposed to be used.

I tested it using the configuration below

rbac: default-role: name: defaultRole permissions: - resource: clusterconfig actions: [ view ] - resource: topic value: ".*" actions: - VIEW - MESSAGES_READ - resource: consumer value: ".*" actions: [ view ] - resource: schema value: ".*" actions: [ view ] - resource: connect value: ".*" actions: [ view ] - resource: acl actions: [ view ] roles: []

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • No need to
  • Manually (please, describe, if necessary)
  • Unit checks
  • Integration checks
  • Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)
@kapybro kapybro bot added status/triage Issues pending maintainers triage area/rbac Related to Role Based Access Control feature status/triage/manual Manual triage in progress status/triage/completed Automatic triage completed and removed status/triage Issues pending maintainers triage labels May 4, 2025
github-actions[bot]
github-actions bot reviewed May 4, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi seono! 👋

Welcome, and thank you for opening your first PR in the repo!

Please wait for triaging by our maintainers.

Please take a look at our contributing guide.
@seono seono mentioned this pull request May 4, 2025
Open
2 tasks
@seono seono marked this pull request as ready for review June 12, 2025 09:55
@seono seono requested a review from a team as a code owner June 12, 2025 09:55
germanosin
germanosin requested changes Jun 12, 2025
View reviewed changes
Copy link
Member

@germanosin germanosin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for PR!
Please check my comments.
seono
seono commented Jun 12, 2025
View reviewed changes
Copy link
Contributor Author

@seono seono left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@germanosin
Thanks for the review.
I applied the following updates:

  • use jakarta
  • remove changes from extractors
  • add DefaultRole class.
  • let DefaultRole need cluster definition

I updated the code to work with the RBAC definition below.

... rbac: default-role: name: read-only clusters: - dev-cluster permissions: - resource: clusterconfig actions: [ "view" ] - resource: topic value: ".*" actions: - VIEW - MESSAGES_READ - resource: consumer value: ".*" actions: [ view ] - resource: schema value: ".*" actions: [ view ] - resource: connect value: ".*" actions: [ view ] - resource: acl actions: [ view ] roles: - name: admin clusters: - dev-cluster - prod-cluster subjects: - provider: oauth_github type: user value: "seono" ...
@seono seono requested a review from germanosin June 14, 2025 04:48
germanosin
germanosin requested changes Jun 15, 2025
View reviewed changes
germanosin
germanosin requested changes Jun 15, 2025
View reviewed changes
@seono seono requested a review from germanosin June 16, 2025 03:39
@Haarolean Haarolean self-requested a review June 16, 2025 08:23
@Haarolean Haarolean added this to the 1.3 milestone Jul 2, 2025
@Haarolean Haarolean added type/enhancement En enhancement/improvement to an already existing feature scope/backend Related to backend changes and removed status/triage/manual Manual triage in progress labels Jul 2, 2025
@Haarolean Haarolean moved this from Todo to In Review in Release 1.3 Jul 2, 2025
Haarolean
Haarolean requested changes Jul 9, 2025
View reviewed changes
@github-project-automation github-project-automation bot moved this from In Review to Changes requested in Release 1.3 Jul 9, 2025
@seono seono requested a review from Haarolean July 10, 2025 13:06
@github-project-automation github-project-automation bot moved this from Changes requested to PR Approved in Release 1.3 Jul 10, 2025
@Haarolean Haarolean changed the title BE: RBAC: Impl default role BE: RBAC: Implement app-wide default role Jul 10, 2025
@Haarolean Haarolean enabled auto-merge (squash) July 10, 2025 15:52
@Haarolean Haarolean changed the title BE: RBAC: Implement app-wide default role BE: RBAC: Implement instance-wide default role Jul 10, 2025
@Haarolean Haarolean disabled auto-merge July 10, 2025 15:53
@Haarolean Haarolean enabled auto-merge (squash) July 10, 2025 15:53
@Haarolean Haarolean merged commit 089b072 into kafbat:main Jul 10, 2025
18 checks passed
@github-project-automation github-project-automation bot moved this from PR Approved to Done in Release 1.3 Jul 10, 2025
@Haarolean
Copy link
Member

@seono, thanks for your first contribution to Kafbat UI!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/rbac Related to Role Based Access Control feature scope/backend Related to backend changes status/triage/completed Automatic triage completed type/enhancement En enhancement/improvement to an already existing feature

3 participants

@seono @Haarolean @germanosin