[
https://issues.apache.org/jira/browse/KAFKA-6912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-6912.
-----------------------------------
Resolution: Fixed
Reviewer: Dong Lin
> Add authorization tests for custom principal types
> --------------------------------------------------
>
> Key: KAFKA-6912
> URL: https://issues.apache.org/jira/browse/KAFKA-6912
> Project: Kafka
> Issue Type: Task
> Components: core
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 2.0.0
>
>
> KIP-290 proposes to add prefixed-wildcarded principals to enable ACLs to be
> configured for groups of principals. This doesn't work with all security
> protocols - e.g. SSL principals are of format CN=name,O=org,C=country where
> prefixes don't fit in terms of grouping. Kafka currently doesn't support the
> concept of user groups, but it is possible to use custom
> KafkaPrincipalBuilders to generate group principals during authentication. By
> default, Kafka generates principals of type User, but custom types (e.g.
> Group) are supported. This does currently have the restriction ACLs may be
> defined only at group level (cannot combine both user & group level ACLs for
> a connection), but it works currently for all security protocols.
> We don't have any tests that verify custom principal types and authorization
> based on custom principal types. It will be good to add some tests.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
