Hi all, I'd like to propose KIP-1329: a new broker-level admin API that lists currently authenticated client connections.
* KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-1329%3A+ListClientConnections+Admin+API * JIRA: https://issues.apache.org/jira/browse/KAFKA-20526 * POC: https://github.com/apache/kafka/compare/trunk...mehbey:kafka:kip-1329-list-client-connections-poc The problem: Kafka has no way to answer "which principals are connected right now?" MySQL has SHOW PROCESSLIST, PostgreSQL has pg_stat_activity, RabbitMQ has /api/connections — Kafka has nothing. This matters most during security incidents (compromised credentials) and credential rotation, where operators need to verify active connections without restarting brokers. The broker already holds all the data in memory (KafkaPrincipal on every KafkaChannel) — it's just not exposed through any external interface. The proposal adds a ListClientConnections RPC (API key 93) that returns: principal, client address/port, listener, security protocol, and client software info. It requires DESCRIBE on CLUSTER and supports optional filters. A working POC validates the approach against trunk — thread safety, API registration, and connection enumeration all work as expected. Looking forward to your feedback. Full details in the KIP. Thanks, Mehari
