[ 
https://issues.apache.org/jira/browse/KAFKA-15701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiao Zhang updated KAFKA-15701:
-------------------------------
    Description: 
One use case of CreateTopicPolicy we have experienced is allow/reject topic 
creation by checking the user.

Especially for the secured cluster usage, we add acls to specific users for 
allowing topic creation. At the same time, we have the needs to design 
customized create topic policy for different users. For example, for user A, 
topic creation is allowed only when partition number is within limit. For user 
B, we allow topic creation without check. As the kafka service provider, user A 
is imaged as random user of kafka service and user B is imaged as internal user 
for cluster management.

For this need, we patched our local fork of kafka by passing user principle in 
KafkaApis.

One place need to revise is here 
[https://github.com/apache/kafka/blob/834f72b03de40fb47caaad1397ed061de57c2509/core/src/main/scala/kafka/server/KafkaApis.scala#L1980]

As thinking it's natural to support this kind of usage even in upstream, I 
raised this Jira for asking community's ideas about this. 

  was:
One use case of CreateTopicPolicy we have experienced is allow/reject topic 
creation by checking the user.

Especially for the secured cluster usage, we add acls to specific users for 
allowing topic creation. At the same time, we have the needs to design 
customized create topic policy for different users. For example, for user A, 
topic creation is allowed when partition number is within limit. For user B, we 
allow topic creation without check. As the kafka service provider, user A is 
imaged as random user of kafka service and user B is imaged as internal user 
for cluster management.

For this need, we patched our local fork of kafka by passing user principle in 
KafkaApis.

One place need to revise is here 
[https://github.com/apache/kafka/blob/834f72b03de40fb47caaad1397ed061de57c2509/core/src/main/scala/kafka/server/KafkaApis.scala#L1980]

As thinking it's natural to support this kind of usage even in upstream, I 
raised this Jira for asking community's ideas about this. 


> Allow use of user policy in CreateTopicPolicy 
> ----------------------------------------------
>
>                 Key: KAFKA-15701
>                 URL: https://issues.apache.org/jira/browse/KAFKA-15701
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Jiao Zhang
>            Priority: Minor
>
> One use case of CreateTopicPolicy we have experienced is allow/reject topic 
> creation by checking the user.
> Especially for the secured cluster usage, we add acls to specific users for 
> allowing topic creation. At the same time, we have the needs to design 
> customized create topic policy for different users. For example, for user A, 
> topic creation is allowed only when partition number is within limit. For 
> user B, we allow topic creation without check. As the kafka service provider, 
> user A is imaged as random user of kafka service and user B is imaged as 
> internal user for cluster management.
> For this need, we patched our local fork of kafka by passing user principle 
> in KafkaApis.
> One place need to revise is here 
> [https://github.com/apache/kafka/blob/834f72b03de40fb47caaad1397ed061de57c2509/core/src/main/scala/kafka/server/KafkaApis.scala#L1980]
> As thinking it's natural to support this kind of usage even in upstream, I 
> raised this Jira for asking community's ideas about this. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to