[GitHub] [kafka] tinaselenge commented on a diff in pull request #13660: KAFKA-14662: Update the ACL list in the doc

Wed, 03 May 2023 03:57:23 -0700 


tinaselenge commented on code in PR #13660:
URL: https://github.com/apache/kafka/pull/13660#discussion_r1183526354


##########
docs/security.html:
##########
@@ -2089,6 +2089,144 @@ <h5 class="anchor-heading"><a 
id="operations_resources_and_protocols" class="anc
             <td>Topic</td>
             <td></td>
         </tr>
+        <tr>
+            <td>DESCRIBE_CLIENT_QUOTAS (48)</td>
+            <td>DescribeConfigs</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>ALTER_CLIENT_QUOTAS (49)</td>
+            <td>AlterConfigs</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>DESCRIBE_USER_SCRAM_CREDENTIALS (50)</td>
+            <td>Describe</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>ALTER_USER_SCRAM_CREDENTIALS (51)</td>
+            <td>Alter</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>VOTE (52)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>BEGIN_QUORUM_EPOCH (53)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>END_QUORUM_EPOCH (54)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>DESCRIBE_QUORUM (55)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>DESCRIBE_QUORUM (55)</td>
+            <td>Alter</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>ALTER_PARTITION (56)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>UPDATE_FEATURES (57)</td>
+            <td>ClusterAction</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>UPDATE_FEATURES (57)</td>
+            <td>Alter</td>
+            <td>Cluster</td>
+            <td></td>
+        </tr>

Review Comment:
   Thank you @showuon. Looking at the other ApiKeys, they are listed several 
times for each operation primitive and resource it checks, e.g FETCH. I 
followed the same format for DESCRIBE_QUORUM and UPDATE_FEATURES as they both 
had clusterAction set to true here 
(https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/protocol/ApiKeys.java#L101).
  However now looking at the code again, I don't think ClusterAction operation 
is checked as part of the authorization check for them but used later for 
throttling the requests. So I think I should remove them, what do you think?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to