diff --git a/assets/scripts/add_rbac.sh b/assets/scripts/add_rbac.sh index c1da650..9c80a65 100755 --- a/assets/scripts/add_rbac.sh +++ b/assets/scripts/add_rbac.sh @@ -33,6 +33,8 @@ confluent iam rbac role-binding create \ --schema-registry-cluster "$SCHEMA_REGISTRY_CLUSTER" confluent iam rbac role-binding create --principal Group:TeamBlueAdmin --role ResourceOwner --resource Topic:prod.teamblue. --prefix --kafka-cluster "$CLUSTER_ID" +confluent iam rbac role-binding create --principal Group:TeamBlueAdmin --role ResourceOwner --resource Group:prod.teamblue. --prefix --kafka-cluster "$CLUSTER_ID" +confluent iam rbac role-binding create --principal Group:TeamBlueAdmin --role ResourceOwner --resource TransactionalId:prod.teamblue. --prefix --kafka-cluster "$CLUSTER_ID" confluent iam rbac role-binding create \ --principal Group:TeamBlueAdmin \ --role ResourceOwner \ @@ -51,3 +53,77 @@ confluent iam rbac role-binding list --kafka-cluster "$CLUSTER_ID" --principal G confluent iam rbac role-binding list --kafka-cluster "$CLUSTER_ID" --principal Group:TeamBlueAdmin --schema-registry-cluster "$SCHEMA_REGISTRY_CLUSTER" echo "Done!" + + ++---------------+--------------------+ +| Principal | Group:TeamBlueRead | +| Role | DeveloperRead | +| Resource Type | Topic | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+--------------------+ ++---------------+--------------------+ +| Principal | Group:TeamBlueRead | +| Role | DeveloperRead | +| Resource Type | Group | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+--------------------+ ++---------------+--------------------+ +| Principal | Group:TeamBlueRead | +| Role | DeveloperRead | +| Resource Type | Subject | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+--------------------+ + ++---------------+---------------------+ +| Principal | Group:TeamBlueWrite | +| Role | DeveloperWrite | +| Resource Type | Topic | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ ++---------------+---------------------+ +| Principal | Group:TeamBlueWrite | +| Role | DeveloperWrite | +| Resource Type | TransactionalId | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ ++---------------+---------------------+ +| Principal | Group:TeamBlueWrite | +| Role | DeveloperWrite | +| Resource Type | Subject | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ + ++---------------+---------------------+ +| Principal | Group:TeamBlueAdmin | +| Role | ResourceOwner | +| Resource Type | Topic | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ ++---------------+---------------------+ +| Principal | Group:TeamBlueAdmin | +| Role | ResourceOwner | +| Resource Type | Group | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ ++---------------+---------------------+ +| Principal | Group:TeamBlueAdmin | +| Role | ResourceOwner | +| Resource Type | TransactionalId | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ ++---------------+---------------------+ +| Principal | Group:TeamBlueAdmin | +| Role | ResourceOwner | +| Resource Type | Subject | +| Name | prod.teamblue. | +| Pattern Type | PREFIXED | ++---------------+---------------------+ diff --git a/charts/confluent/values.yaml b/charts/confluent/values.yaml index 9088bf6..bcb7a34 100644 --- a/charts/confluent/values.yaml +++ b/charts/confluent/values.yaml @@ -65,11 +65,6 @@ lsdmesp: # objectClass: organizationalRole # cn: jane # -# dn: cn=support,ou=groups,{{ LDAP_BASE_DN }} -# cn: support -# objectClass: groupOfNames -# member: cn=bob,ou=users,{{ LDAP_BASE_DN }} -# # dn: cn=TeamBlueRead,ou=groups,{{ LDAP_BASE_DN }} # cn: TeamBlueRead # objectClass: groupOfNames @@ -85,7 +80,6 @@ lsdmesp: # dn: cn=TeamBlueAdmin,ou=groups,{{ LDAP_BASE_DN }} # cn: TeamBlueAdmin # objectClass: groupOfNames -# member: cn=bob,ou=users,{{ LDAP_BASE_DN }} # member: cn=peter,ou=users,{{ LDAP_BASE_DN }} confluent: