RBAC - Schema registry subjects bindings are never deleted
damien-malescot opened this issue · comments
Describe the bug
When we remove subjects from a topoligy, bindings are not removed from RBAC
To Reproduce
Create a topology file like this :
context: "DEV"
source: "example"
projects:
- name: "demo"
schemas:
- principal: "Group:G_DEMO_READ"
subjects:
- "transactions"
consumers:
- principal: "Group:G_DEMO_READ"
topics:
- name: "personne.1"
plan: "one-partition-compact"
Bindings are created :
Principal | Role | ResourceType | Name | PatternType
+------------------------+---------------+--------------+------------------+-------------+
Group:G_DEMO_READ | DeveloperRead | Topic | DEV.example.demo | PREFIXED
Group:G_DEMO_READ | ResourceOwner | Group | * | LITERAL
Principal | Role | ResourceType | Name | PatternType
+------------------------+---------------+--------------+--------------+-------------+
Group:G_DEMO_READ | ResourceOwner | Subject | transactions | LITERAL
Remove all from topology and apply :
context: "DEV"
source: "example"
projects:
- name: "demo"
Subject's bindings is still present :
-------------------------------------------------------------------------------
Principal | Role | ResourceType | Name | PatternType
+-----------+------+--------------+------+-------------+
Principal | Role | ResourceType | Name | PatternType
+------------------------+---------------+--------------+--------------+-------------+
Group:G_DEMO_READ | ResourceOwner | Subject | transactions | LITERAL
Expected behavior
Subjects's bindings must be removed when they are deleted from topology files.
You should use a property like for topics to recognize managed subjects :
topology.subject.managed.prefixes";
Hi @damien-malescot,
again thanks a lot for your help and reports, all very important.
I have done in #516 some validation of possible problems with the delete of subjects, sadly I'm not able to reproduce it yet. As you can see there, subjects gone, gone in my test.
Is anything specific you might have in your config file?
Hi,
I'm on holidays, i will check that in 3 weeks.
Or maybe @ludovic-boutros can check it before if he has time 😉
Thanks
Hi @purbon , indeed it works with the master version.
I will have to double check with @damien-malescot when he will be back, because I think this modification seems to fix the described issue:
If not filtered, just apply updates.
Just to let you know, we have added a subject management prefix filter in our fork.
We would like to use the official version or at least something really similar in order to reduce our maintenance work. that's why we are creating all these issues in order to improve Julie.
Hope this helps :)
Just to let you know, we have added a subject management prefix filter in our fork.
@ludovic-boutros, feel free to push a PR if that is ok for you! I'm very open to that kind of contribution! and I think that would help the project a lot.
Thanks a lot for all your efforts and help! it is honestly much appreciated.
Hello @purbon, after some research with @damien-malescot , it seems that it is due to this parameter topology.state.cluster.enabled which is enabled on our platform.
If I enable it in the test, it crashes.
One question, did you already try using random parameters for some tests or parametrized tests (Junit5) in order to tests a lot of parameter combinations ? (#534)