Hi everyone, Changed the interface a little bit to accommodate methods better where authorization happens for multiple operations so the implementer of the audit interface will receive all authorizations together. I'll wait a few more days to allow people to react or give feedback but if there are no objections until then, I'll start a vote.
Viktor On Tue, Sep 8, 2020 at 9:49 AM Viktor Somogyi-Vass <viktorsomo...@gmail.com> wrote: > Hi Everyone, > > I'd like to restart the discussion on this. Since the KIP has been > revamped I thought I'd start a new discussion thread. > > Link: > https://cwiki.apache.org/confluence/display/KAFKA/KIP-567%3A+Kafka+Cluster+Audit > > Short summary: > - Would like to introduce a new interface similar to the Authorizer called > Auditor as follows: > public interface Auditor { > audit(Request r, AuthorizableRequestContext c, AclOperation > o, Map<ResourcePattern, Boolean> isAllowed, Map<ResourcePattern, Errors> > errors); > } > - Basically it would pass down the request and the authorization > information to the auditor implementation where various kind of reporting > can be done based on the request. > - A new config would be added called "auditor" which is similar to the > "authorizer" config, but users can pass a list of auditor class names. > - The implementation is expected to be low latency similarly to the > Authorizer. > - A default implementation will be added that logs into a file. > > I appreciate any feedback on this. > > Best, > Viktor >
