[
https://issues.apache.org/jira/browse/KAFKA-14357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630534#comment-17630534
]
Mickael Maison commented on KAFKA-14357:
----------------------------------------
I took a look at these APIs to see what can be done.
* Scram Credentials
It already possible to retrieve credential details for multiple users in a
single call:
{code:java}
DescribeUserScramCredentialsResult credentials =
admin.describeUserScramCredentials(Arrays.asList("user1", "user2"));
{code}
* Quotas
DescribeClientQuotasRequest/Response and Admin.describeClientQuotas() accepts
multiple resources but the server side currently enforce that requests only
contain one type of entities (user, clientId or IP). I think we should be able
to change that logic and allow retrieving quotas for multiple similar entities.
If we keep the current API, this would look like:
{code:java}
Collection<ClientQuotaFilterComponent> components = Arrays.asList(
ClientQuotaFilterComponent.ofEntity(USER, "user1"),
ClientQuotaFilterComponent.ofEntity(USER, "user2")
);
DescribeClientQuotasResult quotas =
admin.describeClientQuotas(ClientQuotaFilter.contains(components));
{code}
* ACLs
This is a bit more tricky because DescribeAclsRequest/Response only accept a
single resource. So we will need to update the protocol and Admin API. From my
quick test, I think we should be able to have the following API:
{code:java}
Collection<AclBindingFilter> filters = Arrays.asList(
new AclBindingFilter(
ResourcePatternFilter.ANY,
new AccessControlEntryFilter("User:user1", null,
AclOperation.ANY, AclPermissionType.ANY)),
new AclBindingFilter(
ResourcePatternFilter.ANY,
new AccessControlEntryFilter("User:user2", null,
AclOperation.ANY, AclPermissionType.ANY))
);
Collection<AclBinding> aclBindings = admin.describeAcls(filters).values().get();
{code}
I would be nice to have AclBindingFilter behave like ClientQuotaFilter and
contain multiple "components" but it looks like it will be very hard to achieve
while keeping compatibility. Also the describeAcls() API expects a principal
name so it requires the principal type prefix, "User:" in this case.
> Make it possible to batch describe requests in the Kafka Admin API
> ------------------------------------------------------------------
>
> Key: KAFKA-14357
> URL: https://issues.apache.org/jira/browse/KAFKA-14357
> Project: Kafka
> Issue Type: Improvement
> Reporter: Jakub Scholz
> Priority: Major
>
> The Admin API has several methods to describe different objects such as ACLs,
> Quotas or SCRAM-SHA users. But these API seem to be usable only in one for
> the two modes:
> * Query or one users ACLs / Quotas / SCRAM-SHA credentials
> * Query all existing ACLs / Quotas / SCRAM-SHA credentials
> But there seems to be no way how to batch the describe requests for multiple
> users. E.g. {_}describe ACLs of users Joe, John and Mike{_}. It would be nice
> to have such option as it might make it easier for applications using the
> Admin API to make less different API calls.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
