Support Kafka Connect permissions at connector level

[Dugong42]

Issue submitter TODO list

• I've searched for an already existing issues here
• I'm running a supported version of the application which is listed here and the feature is not present there

Is your proposal related to a problem?

Current Kafbat UI permissions related to Kafka Connect only allow a granularity at the level of the Connect cluster. This means any permission covers all connectors in that cluster with no exception.

Describe the feature you're interested in

I would like to be able to set permissions targeting connectors based on their name for example, like it is done with topics and consumers.

Describe alternatives you've considered

No response

Version you're running

1.0.0

Additional context

No response

[github-actions]

Hi Dugong42! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues.
Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

[Dugong42]

The documentation indicates that selectors may be implemented in the future, with a proposed config spec.

        - resource: connect
          value: "local"
          actions: [ view, edit, create ]
        # connectors selector not implemented yet, use connects
        #      selector:
        #        connector:
        #          name: ".*"
        #          class: 'io.kafbat.connectorName'

It tries to implement generic selectors but I don't see how that would work in the general case. Perhaps the name of the selector should actually be a generic value instead. Also the class may be different in frontend and backend (?).

This diverges quite a bit from the current way of managing permissions based on resource names. It seems the permissions would need extensive changes to allow that level of genericity.

In the current format, the permissions are applied to one or multiple Kafka clusters. Its quite flexible since you can chose to have permissions for topicA in clusterA, but optionally not in clusterB.

Whereas you may have multiple Kafka Connect clusters linked to a single Kafka cluster, and each Connect could need to have different permissions.

If we were to simply add a kind of resource: connector to keep the permissions "flat", it would need an additional key to map it to a connect cluster.

# Connector
        - resource: connector
          value: "my_connectors_.*" # regex to match connectors
          actions: [ view, edit, create, restart, reset_offsets ]
          connect: "my_connect_cluster" # could be a regex as well

In that case i'm not sure the connect resource is even needed since I believe no operations are currently done at the cluster level, only on the connectors.

[Haarolean]

provectus/kafka-ui#4253 (comment)