cmccabe commented on code in PR #14306:
URL: https://github.com/apache/kafka/pull/14306#discussion_r1312367762
##########
core/src/main/scala/kafka/server/ControllerApis.scala:
##########
@@ -1005,4 +1023,20 @@ class ControllerApis(val requestChannel: RequestChannel,
}
}
}
+
+ def handleDescribeCluster(request: RequestChannel.Request):
CompletableFuture[Unit] = {
+ // Unlike on the broker, DESCRIBE_CLUSTER on the controller requires a
high level of
+ // permissions (ALTER on CLUSTER).
Review Comment:
direct-to-controller operation is intended only for administrators. if
you're not an admin, you should talk to the brokers. (In a well-run network,
this should also be enforced by putting non-administrators on a separate
subnet.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
