[jira] [Commented] (KAFKA-5259) TransactionalId authorization should imply ProducerId authorization

Tue, 16 May 2017 16:56:02 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-5259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16013282#comment-16013282
 ] 

ASF GitHub Bot commented on KAFKA-5259:
---------------------------------------

GitHub user hachikuji opened a pull request:

    https://github.com/apache/kafka/pull/3075

    KAFKA-5259 [WIP]: TransactionalId auth implies ProducerId auth

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/hachikuji/kafka KAFKA-5259-FIXED

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/3075.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3075
    
----
commit 18e9cd7140a586af78c934092fb55cb71b4428ef
Author: Jason Gustafson <ja...@confluent.io>
Date:   2017-05-16T20:20:04Z

    KAFKA-5259: TransactionalId auth implies ProducerId auth

----


> TransactionalId authorization should imply ProducerId authorization
> -------------------------------------------------------------------
>
>                 Key: KAFKA-5259
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5259
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: clients, core, producer 
>            Reporter: Jason Gustafson
>            Assignee: Jason Gustafson
>             Fix For: 0.11.0.0
>
>
> There is not much point to only authorizing a transactionalId: without 
> producerId authorization, a principal cannot actually write any transactional 
> data. So we may as well make ProducerId authorization implicit if a 
> transactionalId is authorized. 
> There are also a couple cases that we missed in the initial authorization 
> patch which we may as well handle here.
> 1. FindCoordinatorRequest should authorize by transactionalId
> 2. TxnOffsetCommitRequest should also authorize by transactionalId. Currently 
> this field is not included in the request type but it probably should be 
> since then writing any transactional data requires authorization to some 
> transactionalId.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to