feat: Add connector-level permissions for Kafka Connect #1541
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kapybro
bot
added
status/triage
joshuaNathaniel
force-pushed
the
issues/614
branch
3 times, most recently
from
922d1e4 to
01a0709
Compare
Implements granular permission control at the individual connector level, allowing administrators to grant permissions for specific connectors rather than entire Kafka Connect instances. Changes: - Add CONNECTOR resource type and ConnectorAction enum for granular permissions - Implement hierarchical permission checking (connector-level takes precedence) - Update frontend to check connector permissions with connect-level fallback - Add comprehensive tests for connector permission scenarios - Upgrade Testcontainers to 2.0.2 for Docker Engine 29 compatibility Features: - Permission format: `connect-name/connector-name` for specific connectors - Wildcard patterns supported (e.g., `.*-connect/prod-.*`) - Backwards compatible with existing CONNECT permissions - Action hierarchy maintained (EDIT includes VIEW permission)
joshuaNathaniel
force-pushed
the
issues/614
branch
from
01a0709 to
4cce922
Compare
Haarolean
requested changes
Dec 1, 2025
Member
Haarolean
left a comment
Haarolean
left a comment
There was a problem hiding this comment.
- let's address the backward compatibility issues first before reviewing any further
- please refrain from editing the description / using force push to remove the AI tools attributions.
api/src/main/java/io/kafbat/ui/controller/KafkaConnectController.java
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes did you make? (Give an overview)
This PR implements connector-level permissions for Kafka Connect, addressing issue #614. The implementation adds granular permission control at the individual connector level while maintaining backwards compatibility with existing CONNECT-level permissions.
Key changes:
ActionDropdownItemWithFallbackcomponent to support hierarchical permission checking (tries connector-level first, falls back to connect-level)The permission hierarchy works as follows:
CONNECTORresource with valueconnect-name/connector-namefor specific connector accessCONNECTresource with valueconnect-namefor cluster-wide accessIs there anything you'd like reviewers to focus on?
Please review the permission fallback logic in
ActionDropdownItemWithFallback.tsxto ensure it properly handles the hierarchical permission model without violating React hooks rules.How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)
Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)
Check out Contributing and Code of Conduct
A picture of a cute animal (not mandatory but encouraged)
🦫