BE: RBAC: Subject type/value is unintended to be optional

[wernerdv]

• Breaking change? (if so, please describe the impact and migration path for existing application instances)

What changes did you make? (Give an overview)

• minor refactoring

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

• No need to
• Manually (please, describe, if necessary)
• Unit checks
• Integration checks
• Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
• My changes generate no new warnings (e.g. Sonar is happy)
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

[wernerdv]

@Haarolean I checked locally and with these changes RBAC with AD works as expected for both types (user, group).

Parameter value rbac.roles.name can be anything.

If need I can add integration tests with Active Directory.

[wernerdv]

@Haarolean I've added integration tests with Active Directory.
Please take a look.

[Haarolean]

Let's not mix the distinct issues in one PR, please. #54 is to be solved within #717 (which was planned as more of a refactoring PR first, but, welp, it's another story).

#716 has nothing to do with LDAP in particular, we'd need RBAC subject validation. In io.kafbat.ui.model.rbac.Permission and Role classes there's a validate method, perhaps implementing one for Subject as well is the way here.

[wernerdv]

Maybe we can merge this PR as is for the task fix #54 and I'll do the RBAC subject validation (#716) in a separate PR, what do you say?

[Haarolean]

Let's rather not. This is not quite the changes we need to resolve #54, I've already started implementing the required adjustments in #717

[Haarolean]

This one is really cool tho, can you raise a separate PR with these tests so we can merge this?

Btw, we don't quite need kafka container here, the app can perfectly start with no defined clusters.

[wernerdv]

Btw, we don't quite need kafka container here, the app can perfectly start with no defined clusters.

Yes, but there's a test that checks the creation of a topic on a cluster.

[Haarolean]

Yes, but there's a test that checks the creation of a topic on a cluster.

this sounds redundant. Authenticating successfully should suffice

[wernerdv]

can you raise a separate PR with these tests so we can merge this?

Opened the PR with the tests #726