Can users/ACL be managed by the operator

Question

Can users/ACL be managed by the operator

dberardo-com opened this issue 2 years ago · 6 comments

dberardo-com commented 2 years ago

if so, then which params of the CRD should be set ?

dberardo-com commented 2 years ago

5.0.9

Answer 1 · 2022-11-10T02:42:51.000Z

Are you using EMQX 5 or EMQX 4 ?

Answer 2 · 2022-11-10T07:37:55.000Z

In EMQX 5, all user/ACLs can be configured via emqx.conf, and in EMQX CR, you can populate with the contents of .spec.bootstrapConfig

Answer 3 · 2022-11-10T08:31:03.000Z

i see, ok, i was actually meaning something like EMQXAclUser and creating users/acl as CRD instead of having to edit the "core" EMQX file defining the emqx cluster and its config. Fair enough though i will have a look at the config documentation you linked: https://www.emqx.io/docs/en/v5.0/admin/cfg.html

I had experience with mosquitto and SQL based ACLs. Is it a thing in EMQX as well? could ACL be read in from a HA postgres cluster? or are config files the only option?

EDIT

yes it seems to be possible: https://www.emqx.io/docs/en/v5.0/admin/cfg.html#authz-postgresql

so now the question would be, perhaps if ACL is postgres based, then i might have to look for some CRD that controls insertion of entries in postgres tables as a "proxy" for users/ACL in EMQX. i can post the results of my research here then.

Answer 4 · 2022-11-10T08:37:43.000Z

so now the question would be, perhaps if ACL is postgres based, then i might have to look for some CRD that controls insertion of entries in postgres tables as a "proxy" for users/ACL in EMQX. i can post the results of my research here then.

So cool, I'm looking forward