[ https://issues.apache.org/jira/browse/KAFKA-4985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16053942#comment-16053942 ]
Tom Bentley commented on KAFKA-4985: ------------------------------------ > The problem with resolving hostnames client-side is that it would cause a lot > of confusion when resolution happened differently client-side versus > server-side. That argument could be applied to practically any use of DNS, so I'm not convinced it makes a good reason not to do this. > kafka-acls should resolve dns names and accept ip ranges > -------------------------------------------------------- > > Key: KAFKA-4985 > URL: https://issues.apache.org/jira/browse/KAFKA-4985 > Project: Kafka > Issue Type: Improvement > Components: security > Reporter: Ryan P > > Per KAFKA-2869 it looks like a conscious decision was made to move away from > using hostnames for authorization purposes. > This is fine however IP addresses are terrible inconvenient compared to > hostname with regard to configuring ACLs. > I'd like to propose the following two improvements to make managing these > ACLs easier for end-users. > 1. Allow for simple patterns to be matched > i.e --allow-host 10.17.81.11[1-9] > 2. Allow for hostnames to be used even if they are resolved on the client > side. Simple pattern matching on hostnames would be a welcome addition as well > i.e. --allow-host host.name.com > Accepting a comma delimited list of hostnames and ip addresses would also be > helpful. -- This message was sent by Atlassian JIRA (v6.4.14#64029)