Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Alias Mapping for Confluent Cloud #2

Open
christophschubert opened this issue Nov 9, 2020 · 1 comment
Open

Support Alias Mapping for Confluent Cloud #2

christophschubert opened this issue Nov 9, 2020 · 1 comment

Comments

@christophschubert
Copy link
Owner

Problem description: Service-accounts in Confluent Cloud can be referenced as principals of the form User:12345 in ACLs, where 12345 is the service account ID. Since the ID of a service account is assigned internally, we have no control about which IDs will be used.
Moreover, we might want to reuse a description in another Confluent Cloud organization. In this case, the service account IDs will also be different.

Proposed solution: support principal-aliases as follows. Add a new type Alias (besides User and Group) to the domain description. Upon calling kst, a alias map mapping alias names to principals can be provided. The alias map is used to translate the aliases in the cluster-state before the diff is performed.
@christophschubert
Copy link
Owner Author

Preliminary implementation done. Can be tested by setting

export KST_PRINCIPAL_MAPPING=User:xxx,User:new\;Group:StreamTeam,Group:DreamTeam

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@christophschubert