Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RBAC - Schema registry subjects bindings are never deleted #513

Open
damien-malescot opened this issue Jul 29, 2022 · 5 comments
Open

RBAC - Schema registry subjects bindings are never deleted #513

damien-malescot opened this issue Jul 29, 2022 · 5 comments
Labels
bug Something isn't working under-investigation

Comments

@damien-malescot
Copy link

damien-malescot commented Jul 29, 2022

Describe the bug
When we remove subjects from a topoligy, bindings are not removed from RBAC

To Reproduce
Create a topology file like this :

context: "DEV"
source: "example"
projects:
  - name: "demo"
    schemas:
      - principal: "Group:G_DEMO_READ"
        subjects:
          - "transactions"
    consumers:
      - principal: "Group:G_DEMO_READ"
    topics:
      - name: "personne.1"
        plan: "one-partition-compact"

Bindings are created :

        Principal        |     Role      | ResourceType |       Name       | PatternType
+------------------------+---------------+--------------+------------------+-------------+
  Group:G_DEMO_READ | DeveloperRead | Topic        | DEV.example.demo | PREFIXED
  Group:G_DEMO_READ | ResourceOwner | Group        | *                | LITERAL
        Principal        |     Role      | ResourceType |     Name     | PatternType
+------------------------+---------------+--------------+--------------+-------------+
  Group:G_DEMO_READ | ResourceOwner | Subject      | transactions | LITERAL

Remove all from topology and apply :

context: "DEV"
source: "example"
projects:
  - name: "demo"

Subject's bindings is still present :

-------------------------------------------------------------------------------
  Principal | Role | ResourceType | Name | PatternType
+-----------+------+--------------+------+-------------+
        Principal        |     Role      | ResourceType |     Name     | PatternType
+------------------------+---------------+--------------+--------------+-------------+
  Group:G_DEMO_READ | ResourceOwner | Subject      | transactions | LITERAL

Expected behavior
Subjects's bindings must be removed when they are deleted from topology files.

You should use a property like for topics to recognize managed subjects :
topology.subject.managed.prefixes";

@damien-malescot damien-malescot added the bug Something isn't working label Jul 29, 2022
@purbon
Copy link
Collaborator

purbon commented Aug 1, 2022

Hi @damien-malescot,
again thanks a lot for your help and reports, all very important.

I have done in #516 some validation of possible problems with the delete of subjects, sadly I'm not able to reproduce it yet. As you can see there, subjects gone, gone in my test.

Is anything specific you might have in your config file?

@damien-malescot
Copy link
Author

Hi,

I'm on holidays, i will check that in 3 weeks.
Or maybe @ludovic-boutros can check it before if he has time 😉

Thanks

@ludovic-boutros
Copy link
Contributor

Hi @purbon , indeed it works with the master version.
I will have to double check with @damien-malescot when he will be back, because I think this modification seems to fix the described issue:
If not filtered, just apply updates.

Just to let you know, we have added a subject management prefix filter in our fork.

We would like to use the official version or at least something really similar in order to reduce our maintenance work. that's why we are creating all these issues in order to improve Julie.
Hope this helps :)

@purbon
Copy link
Collaborator

purbon commented Aug 4, 2022

Just to let you know, we have added a subject management prefix filter in our fork.

@ludovic-boutros, feel free to push a PR if that is ok for you! I'm very open to that kind of contribution! and I think that would help the project a lot.

Thanks a lot for all your efforts and help! it is honestly much appreciated.

@ludovic-boutros
Copy link
Contributor

ludovic-boutros commented Aug 24, 2022

Hello @purbon, after some research with @damien-malescot , it seems that it is due to this parameter topology.state.cluster.enabled which is enabled on our platform.
If I enable it in the test, it crashes.

One question, did you already try using random parameters for some tests or parametrized tests (Junit5) in order to tests a lot of parameter combinations ? (#534)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working under-investigation
Projects
None yet
Development

No branches or pull requests

3 participants