[UX-838] Add rpk support for local gbac#29738
Conversation
graham-rp
requested review from
a team,
kbatuigas and
r-vasquez
as code owners
| Use: "assign [GROUP] --role [ROLE]", | ||
| Short: "Assign an IDP group to a Redpanda role", | ||
| Long: `Assign an IDP group to a Redpanda role. | ||
|
|
There was a problem hiding this comment.
Why a new command group assign --role instead of using rpk security role assign --group <group>? Both commands (group assign and role assign) update role memberships.
Don't get me wrong, I like that it is all within the same command space, so it is self-contained and easily discoverable, but perhaps we should add the --group flag to role assign for those who are already accustomed to the role command space
There was a problem hiding this comment.
good call - it's a little weird to have users and groups be assigned from different places
There was a problem hiding this comment.
We can have both, so people don't have to run between commands and both call the same underlying method.
We do it with rpk cloud cluster select and rpk profile create --from-cloud, they are technically an alias, but they exist for discoverability
| out.Die("rpk security group is not yet available in Redpanda Cloud") | ||
| } | ||
|
|
||
| groupName := args[0] |
There was a problem hiding this comment.
Do we expect users to assign multiple roles to a single group? Or multiple groups with the same role?
This is to understand if the input role flag should accept a comma-separated list of roles, and we batch update the group OR allow multiple groups in the input and assign the same role to all of them.
There was a problem hiding this comment.
I don't know if we have great research here, but I'd think one role to multiple groups (like principals) is probably the most likely case.
| cmd := &cobra.Command{ | ||
| Use: "describe [GROUP]", | ||
| Aliases: []string{"info"}, | ||
| Short: "Describe the roles assigned to an IDP group", |
There was a problem hiding this comment.
Doc question, in group assign we have
Short: "Assign an IDP group to a Redpanda role",
And here
roles assigned to an IDP group
Should we standardize and say that we assign roles to groups? Also, should we use 'Redpanda roles' in both places?
There was a problem hiding this comment.
definitely with you on Redpanda roles, and I can make it uniform (groups assigned to a role?), but I think it's really a bidirectional thing, right?
edit: the more I try to think about wording, the more I'm convinced it's bidirectional. Do you have any ideas on the best way to get this across?
There was a problem hiding this comment.
I would just say in the Short form: Describe the IDP Group.
In the long form, I would mention that we are describing the configuration between roles and IDP groups within Redpanda.
graham-rp
force-pushed
the
UX-838/local-gbac
branch
5 times, most recently
from
c5ad0fe to
96f244c
Compare
graham-rp
force-pushed
the
UX-838/local-gbac
branch
from
1881887 to
8feaac6
Compare
graham-rp
force-pushed
the
UX-838/local-gbac
branch
from
8feaac6 to
9a00584
Compare
Co-authored-by: Rogger Vasquez <59714880+r-vasquez@users.noreply.github.com>
* Add rpk security role un|assign --group ... * Reword descriptions a bit
graham-rp
force-pushed
the
UX-838/local-gbac
branch
from
9a00584 to
3450320
Compare
dotnwat
left a comment
dotnwat
left a comment
There was a problem hiding this comment.
Please try to keep the git commit history clean
https://github.com/redpanda-data/redpanda/blob/dev/CONTRIBUTING.md#commit-history
ah! blanked on this one, sorry! |
4 participants
Backports Required
Release Notes
rpk security groupsubcommandsFeatures
Adds the following commands to
rpk security grouprpk security group listrpk security group describe <group>rpk security group assign <group> --role <role>rpk security group unassign <group> --role <role>