I am using Bluemix message hub service. I need to provide read only access to specific topics to specific users. Question is how can I define ACLs in Bluemix message hub? Apache kafka does provide the means (http://kafka.apache.org/documentation.html#security_authz), but that involves interacting with zookeeper. And I haven't been able to find details to connect to underlying zookeeper behind Bluemix message hub service. Appreciate the responses.
Asked
Active
Viewed 148 times
1 Answers
1
ACLs are currently not supported with MessageHub. As you've correctly noted, we don't give users access to Zookeeper. So at the moment, there is no way to only provide read or write access to a topic.
That said, we isolate each service instance. So if you provision 2 MessageHub instances in different Bluemix spaces, they will be fully isolated and won't be able to see each other topics. That way you could have guaranties that users from instance1 won't be able to read or write from/to topics from instance2. Not what you've asked for but that might help.
Mickael Maison
- 25,067
- 7
- 71
- 68
-
Aren't there plans to provide this via a different interface i.e.via a wrapper over Zookeeper? Having different service instances, I think is not really a option, given the constraint that we can provision only 1 instance per space. And creating different spaces (which you alluded above) per instance of message hub or per instance of consumer is again not scalable. – jeet Mar 07 '17 at 12:22
-
We would like to provide more topic configurations options in the future but I can't say when this will happen or what will be configurable. Also the limit of 1 instance per space should be removed soon. – Mickael Maison Mar 08 '17 at 13:18