[jira] [Commented] (KAFKA-3186) Kafka authorizer should be aware of principal types it supports.

Wed, 03 Feb 2016 17:11:35 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15131490#comment-15131490
 ] 

ASF GitHub Bot commented on KAFKA-3186:
---------------------------------------

GitHub user SinghAsDev opened a pull request:

    https://github.com/apache/kafka/pull/861

    KAFKA-3186: Make Kafka authorizer aware of principal types it supports.

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/SinghAsDev/kafka KAFKA-3186

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/861.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #861
    
----
commit 0617c75ee808d58009afdaf976fc1ae455cfb2e8
Author: Ashish Singh <[email protected]>
Date:   2016-02-04T01:06:29Z

    KAFKA-3186: Make Kafka authorizer aware of principal types it supports.

----


> Kafka authorizer should be aware of principal types it supports.
> ----------------------------------------------------------------
>
>                 Key: KAFKA-3186
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3186
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Ashish K Singh
>            Assignee: Ashish K Singh
>
> Currently, Kafka authorizer is agnostic of principal types it supports, so 
> are the acls CRUD methods in {{kafka.security.auth.Authorizer}}. The intent 
> behind is to keep Kafka authorization pluggable, which is really great. 
> However, this leads to following issues.
> 1. {{kafka-acls.sh}} supports pluggable authorizer and custom principals, 
> however is some what integrated with {{SimpleAclsAuthorizer}}. The help 
> messages has details which might not be true for a custom authorizer. For 
> instance, assuming User is a supported PrincipalType.
> 2. Acls CRUD methods perform no check on validity of acls, as they are not 
> aware of what principal types the support. This opens up space for lots of 
> user errors, KAFKA-3097 is an instance.
> I suggest we add a {{getSupportedPrincipalTypes}} method to authorizer and 
> use that for acls verification during acls CRUD, and make {{kafka-acls.sh}} 
> help messages more generic.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to