-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathconfig.yml
362 lines (357 loc) · 8.97 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
topics:
topic-1:
name: matt-topic-A
replication.factor: 1
partitions: 3
project-2-topic:
name: matt-topic-C
replication.factor: 1
partitions: 5
retention.ms:
default_topics:
- do.not.delete.me
- _.*
- connect-.*
acls:
project-1:
resource-type: topic
resource-name: matt-topic-A, matt-topic-C, matt-topic-D, matt-topic-S
resource-pattern: LITERAL
principal: User:Matt, User:Brien, User:Kevin, User:Aleks, User:Vedanta,User:Liying
operation: ALL, READ, WRITE
permission: ALLOW
host: '*'
project-1-2:
resource-type: topic
resource-name: matt-topic-
resource-pattern: LITERAL
principal: User:*
operation: ALL
permission: ALLOW
host: '*'
rolebindings:
RoleBinding-1:
principal: User:ksqlDBcli
role: ResourceOwner
resource:
- resourceType: Topic
name: _confluent-ksql-rbac-ksqltransient
patternType: PREFIXED
- resourceType: Topic
name: CSAS_STREAM1
patternType: LITERAL
- resourceType: Topic
name: CTAS_TABLE1
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-2:
principal: User:ksqlDBserver
role: SecurityAdmin
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
ksql-cluster: rbac-ksql
RoleBinding-3:
principal: User:clientrp
role: ResourceOwner
resource:
- resourceType: Topic
name: topic3
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-4:
principal: User:cliente
role: ResourceOwner
resource:
- resourceType: Subject
name: pageviews-value
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
schema-registry-cluster: schema-registry-demo
RoleBinding-5:
principal: User:ksqlDBcli
role: DeveloperRead
resource:
- resourceType: Topic
name: topic1
patternType: LITERAL
- resourceType: Topic
name: rbac-ksqlksql_processing_log
patternType: LITERAL
- resourceType: Group
name: _confluent-ksql-rbac-ksql
patternType: PREFIXED
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-6:
principal: User:clientc
role: DeveloperRead
resource:
- resourceType: Topic
name: topic1
patternType: LITERAL
- resourceType: Topic
name: pageviews
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-7:
principal: User:clientc
role: DeveloperRead
resource:
- resourceType: Connector
name: datagen-pageviews
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
connect-cluster: connect-cluster
RoleBinding-8:
principal: User:ksqlDBserver
role: DeveloperRead
resource:
- resourceType: Topic
name: topic1
patternType: LITERAL
- resourceType: Group
name: _confluent-ksql-rbac-ksql
patternType: PREFIXED
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-9:
principal: User:connect
role: SecurityAdmin
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
connect-cluster: connect-cluster
RoleBinding-10:
principal: User:cliente
role: ResourceOwner
resource:
- resourceType: Topic
name: pageviews
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-11:
principal: User:clientd
role: ResourceOwner
resource:
- resourceType: Connector
name: datagen-pageviews
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
connect-cluster: connect-cluster
RoleBinding-12:
principal: User:c3
role: SystemAdmin
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-13:
principal: User:connect
role: ResourceOwner
resource:
- resourceType: Group
name: secret-registry
patternType: LITERAL
- resourceType: Topic
name: connect-configs
patternType: LITERAL
- resourceType: Topic
name: _confluent-secrets
patternType: LITERAL
- resourceType: Topic
name: connect-offsets
patternType: LITERAL
- resourceType: Group
name: connect-cluster
patternType: LITERAL
- resourceType: Topic
name: connect-statuses
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-14:
principal: User:clienta
role: ResourceOwner
resource:
- resourceType: Subject
name: new-topic-value
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
schema-registry-cluster: schema-registry-demo
RoleBinding-15:
principal: User:ksqlDBserver
role: ResourceOwner
resource:
- resourceType: KsqlCluster
name: ksql-cluster
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
ksql-cluster: rbac-ksql
RoleBinding-16:
principal: User:ksqlDBcli
role: DeveloperWrite
resource:
- resourceType: KsqlCluster
name: ksql-cluster
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
ksql-cluster: rbac-ksql
RoleBinding-17:
principal: User:cliente
role: DeveloperRead
resource:
- resourceType: Group
name: console-consumer-
patternType: PREFIXED
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-18:
principal: User:MySystemAdmin
role: SystemAdmin
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-19:
principal: User:sr
role: ResourceOwner
resource:
- resourceType: Topic
name: _schemas
patternType: LITERAL
- resourceType: Group
name: schema-registry-demo
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-20:
principal: User:clienta
role: ResourceOwner
resource:
- resourceType: Topic
name: topic1
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-21:
principal: User:clientrp
role: DeveloperRead
resource:
- resourceType: Group
name: rest_proxy_consumer_group
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-22:
principal: User:ksqlDBserver
role: ResourceOwner
resource:
- resourceType: Topic
name: _confluent-ksql-rbac-ksqltransient
patternType: PREFIXED
- resourceType: Topic
name: CSAS_STREAM1
patternType: LITERAL
- resourceType: Topic
name: _confluent-ksql-rbac-ksql_command_topic
patternType: LITERAL
- resourceType: Topic
name: _confluent-ksql-rbac-ksql
patternType: PREFIXED
- resourceType: Topic
name: CTAS_TABLE1
patternType: LITERAL
- resourceType: Topic
name: rbac-ksqlksql_processing_log
patternType: LITERAL
- resourceType: TransactionalId
name: rbac-ksql
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
RoleBinding-23:
principal: User:sr
role: SecurityAdmin
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
schema-registry-cluster: schema-registry-demo
RoleBinding-24:
principal: User:clientc
role: DeveloperRead
resource:
- resourceType: Subject
name: pageviews-value
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
schema-registry-cluster: schema-registry-demo
RoleBinding-25:
principal: User:clienta
role: DeveloperRead
resource:
- resourceType: Group
name: console-consumer-
patternType: PREFIXED
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
aclbindings:
AclBinding-1:
resourcePattern:
resourceType: Topic
name: test
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
aclRules:
- principal: User:clienta
permissionType: ALLOW
host: '*'
operation: Create
- principal: User:clientc
permissionType: ALLOW
host: '*'
operation: Describe
AclBinding-2:
resourcePattern:
resourceType: Cluster
name: kafka-cluster
patternType: LITERAL
scope:
clusters:
kafka-cluster: ghUubZZ1R5-yc_6uhi-1pw
aclRules:
- principal: User:clienta
permissionType: ALLOW
host: '*'
operation: Describe