-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blocker: customUserAcls - Plan command - Marks the action for every entry on the state.yaml as "REMOVE". #77
Comments
I am using the latest version 0.2.15. |
Hi @jaykatti, can you provide an example state.yaml file to help reproduce? Do note that ACLs do not update, they only add/remove. (so a change to an ACL should have one create and one delete). |
Hello Shawn @devshawn , Thanks for your response ! For the below sample state.yaml, if I have to change the permission for describe_configs_topic to "DENY". I change the permission to "DENY" for that block and then run the kafka-gitops command for validate, plan. customUserAcls: |
host above is * for all the records. |
Hello @devshawn , Any further update for me on this please ? |
I have generated a yaml (initial state) for my existing cluster. Now, this includes a large list of users and ACL's. I will use this as my base configuration and start modifying it based on the requirement. Either update an ACL or delete or Add a new one. Kindly advise at the earliest as I need to get this wrapped up and start using it on our cluster. Thanks, |
Hi @jaykatti, You have to have every ACL listed in your state file. So you need to take your existing cluster and make an initial state file with all topics / ACLs until you run a plan and it says there are no changes. Then, you can start adding/removing ACLs and it will only have the changes you want. Or am I misunderstanding the situation? |
Hello Shawn,
Yes, I have already completed the below steps -
- Generate the state.yaml for my cluster ( This has all the current ACL's
for my cluster ).
I am running the plan on this yaml and it marks all the existing ACL's for
deletions.
This is where, I was confused.
Ideally, I expected the plan to have nil deletions.
Can you pls. guide me on this ?
Thanks,
Jay.
…On Tue, Sep 21, 2021 at 6:17 PM Shawn Seymour ***@***.***> wrote:
Hi @jaykatti <https://github.com/jaykatti>,
You have to have every ACL listed in your state file. So you need to take
your existing cluster and make an initial state file with all topics / ACLs
until you run a plan and it says there are no changes. Then, you can start
adding/removing ACLs and it will only have the changes you want.
Or am I misunderstanding the situation?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#77 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI5B75XOUJZD6Z5NNLEBEWDUDCVX5ANCNFSM5C5NFEPA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Regards,
- Jay
|
Hi @jaykatti You're stating a Every If you're only claiming the For example, if I were to add a
|
Oh !! Okay, Let me try that. Thanks !, I will keep you posted. |
Sorry, closed by mistake |
Hello @fireydagostino @devshawn I tried with that and it seems to be working. So many thanks ! Do we also need to list all the topics as part of the state.yaml ? Thanks, |
Yeah @jaykatti The state file literally claims everything that should be present within the current state of your Kafka cluster. Any topics/ACLs that are on Kafka, but not defined for in your state will be privy to deletion upon execution - and respectively the opposite for topics/Acls defined in your state but not present on Kafka. Your
In my production environment, we have some of these separated into specific directories/files pertaining to different teams/technologies and then utilize |
Thanks a lot for the clarification.
Would you please share a sample state.yaml from ur environment ?
Thanks and regards,
Jay
…On Tue, 28 Sep 2021, 7:13 pm fireydagostino, ***@***.***> wrote:
Yeah @jaykatti <https://github.com/jaykatti>
The state file literally claims everything that should be present within
the current state of your Kafka cluster.
Any topics/ACLs that are on Kafka, but not defined for in your state will
be privy to deletion upon execution - and respectively the opposite for
topics/Acls defined in your state but not present on Kafka.
Your state.yaml file will need
- default options / blacklisted topic prefixes
- topics
- users + customUserAcl
- services + customServiceAcl
In my production environment, we have some of these separated into
specific directories/files pertaining to different teams/technologies and
then utilize yq4to merge all the information into thestate.yaml` file.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#77 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AI5B75VRYZ4HD2T3OMI7YQ3UEHBBZANCNFSM5C5NFEPA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
I have generated a current state.yaml for my existing cluster.
I changed some couple of users the permission as "DENY". So I was expecting the "plan" command to show me those many "updates", instead, it is including those records in the plan json file and marks everything else for "REMOVE".
Kindly advise at the earliest.
This currently is not allowing me to deploy onto our server, so we can include this into our process permanently.
Thanks,
Jay.
The text was updated successfully, but these errors were encountered: