Here is link to the KIP, https://cwiki.apache.org/confluence/display/KAFKA/KIP-50+-+Enhance+Authorizer+interface+to+be+aware+of+supported+Principal+Types
On Wed, Mar 2, 2016 at 9:46 AM, Ashish Singh <asi...@cloudera.com> wrote: > Hi Guys, > > I would like to initiate a discuss thread on KIP-50. Kafka authorizer is > agnostic of principal types it supports, so are the acls CRUD methods > in kafka.security.auth.Authorizer. The intent behind is to keep Kafka > authorization pluggable, which is really great. However, this leads to Acls > CRUD methods not performing any check on validity of acls, as they are not > aware of what principal types Authorizer implementation supports. This > opens up space for lots of user errors, KAFKA-3097 > <https://issues.apache.org/jira/browse/KAFKA-3097> for an instance. > > This KIP proposes adding a getSupportedPrincipalTypes method to authorizer > and use that for acls verification during acls CRUD. > > Feedbacks and comments are welcome. > > -- > > Regards, > Ashish > -- Regards, Ashish
