Staged Mutations
Simple Workflow for Kafka Configuration Changes
Staged mutations allow for an approval step on specific mutation actions. Staged mutations are configured through Role Based Access Control.
For example, a regular kPow user requests to create a topic and an administrator approves or denies this request. Once approved, the topic will be created on the Kafka cluster.
1
admin_roles:
2
- kafka-admins
3
4
policies:
5
-
6
actions:
7
- TOPIC_CREATE
8
effect: Allow
9
resource:
10
- "*"
11
role: "kafka-admins"
12
- actions:
13
- TOPIC_CREATE
14
effect: Stage
15
resource:
16
- "*"
17
role: "kafka-users"
Copied!
The above RBAC yaml describes how you would configure kPow for the scenario above.
Note: the admin approving the staged mutation must also be allowed to invoke TOPIC_CREATE mutations for the resource being requested.

Viewing mutation requests

From within the Settings page an administrator can navigate to the Staged Mutations tab.
From within the UI, an administrator can either approve or deny the request.
After the mutation has been approved or denied, you can see the full history within the Audit Log

Notifications

You can configure the Slack integration to be notified when a new mutation request has been made.
Last modified 3mo ago