Staged mutations

Staged mutations allow for an approval step on specific mutation actions. Staged mutations are configured through Role Based Access Control.

For example, a regular Kpow user requests to create a topic and an administrator approves or denies this request. Once approved, the topic will be created on the Kafka cluster.

admin_roles:
  - kafka-admins

policies:
  -
    actions:
      - TOPIC_CREATE
    effect: Allow
    resource:
      - "*"
    role: "kafka-admins"
  - actions:
      - TOPIC_CREATE
    effect: Stage
    resource:
      - "*"
    role: "kafka-users"

The above RBAC yaml describes how you would configure Kpow for the scenario above.

Note: the admin approving the staged mutation must also be allowed to invoke TOPIC_CREATE mutations for the resource being requested.

Viewing mutation requests

From within the Settings page an administrator can navigate to the Staged mutations tab.

From within the UI, an administrator can either approve or deny the request.

After the mutation has been approved or denied, you can see the full history within the Audit log

Notifications

You can configure the Slack integration integration to be notified when a new mutation request has been made.

Configuration

The following environment variables can be used to configure the mutation scheduler:

  • MUTATION_SCHEDULER_EXPIRES_MS - The duration (in ms) until a scheduled mutation is expired. Default is 15 minutes.
Next
Kafka Streams

Copyright © 2022 Factor House.