[Enhancement]: Support for Deny in the UserOperator #11109
Labels
Comments
scholzj
added a commit
to scholzj/strimzi-kafka-operator
that referenced
this issue
Feb 7, 2025
Signed-off-by: Jakub Scholz <www@scholzj.com>
|
I had a look at it, but it seems that the ACL Deny rules work fine and you can use the User Operator to specify them. I opened a PR to fix the documentation. |
|
Thanks for the support. I am closing this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related problem
Today, the documentation says that only type with 'Allow' is supported
https://strimzi.io/docs/operators/latest/full/configuring.html#type-AclRule-schema-reference
It would be useful to support Deny rules because the authorizer applies Deny first and we can build authorizations such as:
Allow READ all topics
Deny READ my-secret-topic
Note that the documentation is not very clear because at the same time, it lists both values as possible.
I tested with a Deny and the Custom Resource is in ready state (but I don't know what is the real result as I didn't test).
Suggested solution
In any case, the documentation should be clarified I think.
This issue is to ask support of Deny rules.
Alternatives
If it is not supported, at minimum, a Warning should be set in the Status of the CR
Additional context
No response
The text was updated successfully, but these errors were encountered: