How OAuth JWT claims attribute is intract with Confluent Cloud Service Account

ajaykumar2014 · 1 November 2023 19:19

Hi Team,

How OAuth Service account gain the ACL/RBAC role to perform resource specific operation in Confluent Clount ( like Topic creation )

Objective would be - Create a devOps pipeline to securely interact with CC cluster using GCP OAuth Service Account (signed JWT token) and perform cluster creation, identity provider and identity pool and then Topic creation…

first three steps are successfully executed ( cluster creation, identity provider and identity pool ) and topic creation is getting failed due to “Authorization failed”. If I assign manually RBAC role to identity pool then it execute successfully but I need this to be perform by automated way like by scripts.

Note - no service account is created in CC side.

I think, something is missing here, so it would be really great help if you suggest me or provide some related documentation.

Thanks

dtroiano · 2 November 2023 16:48

Hi @ajaykumar2014 ,

You can use the Confluent CLI to make the role assignment with the principal specified as User:<Identity Pool ID>. For example:

confluent iam rbac role-binding create --principal User:pool-1234 --environment env-123456 --role EnvironmentAdmin

HTH,
Dave

Topic		Replies	Views
Issue with Create ACL for Service Account using REST APIs Confluent Cloud	18	4678	30 January 2023
Topic ACL on service account or API key? Confluent Cloud	1	384	21 June 2024
Google Identity provider for OAuth Confluent Cloud	0	738	23 February 2024
GCP OAuth-OIDC Identity Provider Confluent Cloud	0	755	12 February 2024
Using ccloud with Service Account Confluent Cloud	1	3755	16 May 2022

How OAuth JWT claims attribute is intract with Confluent Cloud Service Account

Related topics