July 2024

Application groups, schema subjects in self-service, and group provisioning

Define team access with application groups. Manage schema subjects through self-service. Automate user and group provisioning via CLI.

View full release notes →

Define team access with application groups

Application Groups represent teams that use your application. Set group permissions to restrict or delegate access: a support team with read-only production access, a DevOps team with privileges across environments, or developers who maintain the product.

apiVersion: self-service/v1
kind: "ApplicationGroup"
metadata:
  application: "clickstream-app"
  name: "clickstream-support"
spec:
  title: Support Clickstream
  description: |
    Members of the Support Group are allowed:
    Read access on all the resources
    Can restart owned connectors
    Can reset offsets
  permissions:
    - appInstance: clickstream-app-dev
      resourceType: TOPIC
      patternType: "LITERAL"
      name: "*"
      permissions: ["topicViewConfig", "topicConsume"]
    - appInstance: clickstream-app-dev
      resourceType: GROUP
      patternType: "LITERAL"
      name: "*"
      permissions: ["consumerGroupCreate", "consumerGroupReset", "consumerGroupView"]
  members:
    - user1@company.org
    - user2@company.org
  externalGroups:
    - GP-COMPANY-CLICKSTREAM-SUPPORT

Manage schema subjects through self-service

Schema subjects are now supported in self-service. Application teams can automate schema deployments.

apiVersion: v1
kind: Subject
metadata:
  cluster: shadow-it
  name: myPrefix.topic-value
spec:
  schemaFile: schemas/topic.avsc
  format: AVRO
  compatibility: FORWARD_TRANSITIVE

Automate user and group provisioning

Create groups and set permissions through infrastructure as code. Declare Group resources with User assignments for automated on/off-boarding.

apiVersion: iam/v2
kind: "Group"
metadata:
  name: "devops"
spec:
  displayName: "DevOps team"
  description: "Making devs happy"
  permissions:
    - resourceType: PLATFORM
      permissions: ["userManage"]
    - type: CLUSTER
      name: "my-cluster"
      permissions: ["clusterViewBroker"]
    - type: TOPIC
      cluster: "my-cluster"
      patternType: "LITERAL"
      name: "*"
      permissions: ["topicViewConfig", "topicConsume"]
  members:
    - bob@conduktor.io
    - jane@conduktor.io
  externalGroups:
    - GP-COMPANY-DEVOPS

Filter topics in the catalog by labels

Filter and discover topics using business metadata labels. Request access by adding the generated snippet to a PR for owner approval.

For a full list of changes, read the complete release notes.