Hi,
Wondering if it’s possible to use Role Based Access Control to authenticate REST Proxy users to Confluent Cloud clusters.
Documentation describes how to connect it to self-managed clusters with MDS enabled, but not how to use this approach with Confluent Cloud clusters. Is it even possible?
hi @beegor
to have a proper understanding of your use case:
you’d like to connect your on prem REST proxy to CC and use RBAC to authenticate towards Rest Proxy right?
Best,
Michael
Hi @mmuehlbeyer ,
Exactly, that is what I want. We would like users to use basic http authentication to REST Proxy using their CC access keys and propagate that credentials to Kafka Clusters in order to have proper authorization (ACLs)
I 'm aware of Principal Propagation feature of REST Proxy, however the fact that user credentials has to be stored on REST proxy side is kind of a blocker for us due to company security policies.
Hi @beegor
what about using the rest endpoint on CC directly?
https://docs.confluent.io/cloud/current/api-overview.html
best,
michael
Hi @mmuehlbeyer ,
The problem with Confluent Cloud REST API is that it only supports produce but not consume. We need both.
BR,
Igor
I see
not sure whether it works nor tested
but what about secrets protection?
You mean to use secrets protection with Principal Propagation approach?
yes
just came to my mind not tested but maybe worth to try