...
Code Block | ||||
---|---|---|---|---|
| ||||
package policy.kafka.authz default allow = false allow = true { allowedActions := ["DESCRIBE","CREATE", "READ"] input.action.operation == allowedActions[_] allowedResourceTypes := ["GROUP", "CLUSTER"] input.action.resourcePattern.resourceType == allowedResourceTypes[_] input.requestContext.principal.name == "service-account-opacli" } allow = true { allowedActions := ["DESCRIBE","READ"] input.action.operation == allowedActions[_] input.action.resourcePattern.name == "my-topic" input.action.resourcePattern.resourceType == "TOPIC" input.requestContext.principal.name == "service-account-opacli" input.requestContext.header.name.clientId == "consumer-client" } allow = true { allowedActions := ["DESCRIBE","WRITE"] input.action.operation == "WRITE"allowedActions[_] input.action.resourcePattern.name == "my-topic" input.action.resourcePattern.resourceType == "TOPIC" input.requestContext.principal.name == "service-account-opacli" input.requestContext.header.name.clientId == "producer-client" } |
...