We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
master
If RBAC role name is different from LDAP group name, authorization is not working.
I could give independent names to RBAC roles. Currently, I have to assign the same name to roles with LDAP groups.
I am using kubernetes helm charts for installation. version: 0.7.5 and appVersion: v0.7.1
version: 0.7.5 and appVersion: v0.7.1
Here is my helm values yaml:
replicaCount: 1 image: registry: registry.address repository: provectuslabs/kafka-ui tag: "v0.7.1" service: type: NodePort port: 80 targetPort: 80 probes: useHttpsScheme: false autoscaling: enabled: false ingress: enabled: false networkPolicy: enabled: false serviceAccount: create: false env: - name: KAFKA_CONFIG_SANITIZER_ENABLED value: "false" volumeMounts: - mountPath: /security-files/ name: truststore volumes: - name: truststore secret: secretName: truststore yamlApplicationConfig: auth: type: LDAP spring: ldap: admin-password: admin123 admin-user: adminuser base: some=parameters group-filter-search-base: (some=parameters) urls: ldap://ldap-address user-filter-search-base: some=parameters user-filter-search-filter: (sAMAccountName={0}) oauth2: ldap: activeDirectory: true aсtiveDirectory: domain: mydomain.com kafka: clusters: - bootstrapServers: broker:9092 kafkaConnect: - address: connect-cluster:8083 name: example-cluster-1 properties: sasl: jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username=admin-user password=admin-password; mechanism: SCRAM-SHA-512 security.protocol: SASL_SSL readOnly: false ssl: truststoreLocation: /security-files/truststore.jks truststorePassword: secret123 rbac: roles: - name: kafka-ui-ldap-group subjects: - provider: ldap type: group value: kafka-ui-ldap-group clusters: - example-cluster-1 permissions: - resource: topic value: .* actions: [view, messages_read] - resource: consumer value: .* actions: [view]
If rbac.roles.name != rbac.role.subjects.value it fails :)
rbac.roles.name != rbac.role.subjects.value
Deploy kafka-ui with LDAP groups authantication method and do not give same value to rbac role name with LDAP group name.
No response
The text was updated successfully, but these errors were encountered:
Hello there ahmettortumlu! 👋
Thank you and congratulations 🎉 for opening your very first issue in this project! 💖
In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀
Sorry, something went wrong.
Me and @Haarolean no longer support this repo, don't you mind to post this to https://github.com/kafbat/kafka-ui
No branches or pull requests
Issue submitter TODO list
master
-labeled docker image and the issue still persists thereDescribe the bug (actual behavior)
If RBAC role name is different from LDAP group name, authorization is not working.
Expected behavior
I could give independent names to RBAC roles. Currently, I have to assign the same name to roles with LDAP groups.
Your installation details
I am using kubernetes helm charts for installation.
version: 0.7.5 and appVersion: v0.7.1
Here is my helm values yaml:
If
rbac.roles.name != rbac.role.subjects.value
it fails :)Steps to reproduce
Deploy kafka-ui with LDAP groups authantication method and do not give same value to rbac role name with LDAP group name.
Screenshots
No response
Logs
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: