Add support for opa authorization #455
Comments
mano1233
added
status/triage
kapybro
bot
added
status/triage/manual
|
Hi mano1233! 👋 Welcome, and thank you for opening your first issue in the repo! Please wait for triaging by our maintainers. As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. If you plan to raise a PR for this issue, please take a look at our contributing guide. |
|
My organization is also in the process of migrating our authorization to OPA. We have started this move after the overhead of maintaining authorization rules in all of out applications. So far we have moved our Trino clusters to OPA, and are in the middle of transitioning out Kafka stack to OPA. We have looked to switch out Kafka management tool since our old one does not suite our requirement well. After testing many tools we decided to use Kafbat-Ui, but our only problem is the lack of support for OPA. Out idea is to have OPA policies the dictate authorization based on our data governance tool, and by doing that simplifying the overhead of authorization and have a single mechanism of managing it. To give some context on the current implementation in our environment, we are running Keycloack for Authentication, and OPA sidecar containers for the systems that support OPA. We have integrated out Kafbat-Ui with our Keycloack and would be happy if we could farther integrate it with OPA for our solution. Thank you in advance. |
|
@theonlyguyy thanks for the additional feedback! |
Haarolean
added
scope/backend
Issue submitter TODO list
Is your proposal related to a problem?
No response
Describe the feature you're interested in
Add the ability to select the open policy agent option to use authorization inside Kafka-ui. This will allow policies to manage user interface approval outside the application configuration and allow the usage of extra data sources to manage permissions. It can also be used to configure the masking of data on a topic.
Describe alternatives you've considered
I Tried using the static RBAC to manage users. This causes some issues. The main one is that you must restart the application each time you change the permissions. Secondly, you can't enrich the decision-making using a third-party tool (like a metadata store) to specify the permissions on the user interface
Version you're running
2956664
Additional context
opa docs
The text was updated successfully, but these errors were encountered: