[jira] [Updated] (KAFKA-18005) Return metadata of sensitive config when describe config

[Luke Chen (Jira)]

     [ 
https://issues.apache.org/jira/browse/KAFKA-18005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Luke Chen updated KAFKA-18005:
------------------------------
    Description: 
Currently, when describing config for a resource, we'll get `null` if the 
config is a sensitive config, ex: "ssl.keystore.certificate.chain", 
"ssl.keystore.password". And when describing configs with them it'll always 
return something like this:
{code:java}
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers 
> --entity-name 2 --describe
Dynamic configs for broker 2 are:
  listener.name.myssl.ssl.keystore.key=null sensitive=true 
synonyms={DYNAMIC_BROKER_CONFIG:listener.name.myssl.ssl.keystore.key=null} 
{code}
It would be great if the broker can return some metadata of these sensitive 
configs, like last modified timestamp, to allow readers (ex: the operator) to 
know if this is an outdated value.

  was:
Currently, when describing config for a resource, we'll get `null` if the 
config is a sensitive config, ex: "ssl.keystore.certificate.chain", 
"ssl.keystore.password". And when describing configs with them it'll always 
return something like this: 
{code:java}
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers 
> --entity-name 2 --describe
Dynamic configs for broker 2 are:
  listener.name.plantext.ssl.keystore.key=null sensitive=true 
synonyms={DYNAMIC_BROKER_CONFIG:listener.name.plantext.ssl.keystore.key=null} 
{code}
It would be great if the broker can return some metadata of these sensitive 
configs, like last modified timestamp, to allow readers (ex: the operator) to 
know if this is an outdated value.


> Return metadata of sensitive config when describe config
> --------------------------------------------------------
>
>                 Key: KAFKA-18005
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18005
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Luke Chen
>            Assignee: Luke Chen
>            Priority: Major
>
> Currently, when describing config for a resource, we'll get `null` if the 
> config is a sensitive config, ex: "ssl.keystore.certificate.chain", 
> "ssl.keystore.password". And when describing configs with them it'll always 
> return something like this:
> {code:java}
> > bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type 
> > brokers --entity-name 2 --describe
> Dynamic configs for broker 2 are:
>   listener.name.myssl.ssl.keystore.key=null sensitive=true 
> synonyms={DYNAMIC_BROKER_CONFIG:listener.name.myssl.ssl.keystore.key=null} 
> {code}
> It would be great if the broker can return some metadata of these sensitive 
> configs, like last modified timestamp, to allow readers (ex: the operator) to 
> know if this is an outdated value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)