[
https://issues.apache.org/jira/browse/KAFKA-18857?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongnuo Lyu updated KAFKA-18857:
--------------------------------
Description:
In kafka-18813, we pass the authorizer to the group coordinator in order to
check the topic describe authorization for the subscribed topics resolved from
regex.
Ideally we want to do the authz check only in KafkaApis, so we should consider
split the `consumerGroupHeartbeat` to first return a list of topics to check or
other ways to avoid the authorization check in the coordinator.
was:
In kafka-18813, we pass the authorizer to the group coordinator in order to
check the topic describe authorization for the subscribed topics resolved from
regex.
Ideally we want to do the authz check only in KafkaApis, so we should consider
split the `consumerGroupHeartbeat` to first return a list of topics to check or
other ways to avoid the authorization check in the coordinator.
> Avoid authorization check in the group coordinator
> --------------------------------------------------
>
> Key: KAFKA-18857
> URL: https://issues.apache.org/jira/browse/KAFKA-18857
> Project: Kafka
> Issue Type: Improvement
> Reporter: Dongnuo Lyu
> Priority: Major
>
> In kafka-18813, we pass the authorizer to the group coordinator in order to
> check the topic describe authorization for the subscribed topics resolved
> from regex.
> Ideally we want to do the authz check only in KafkaApis, so we should
> consider split the `consumerGroupHeartbeat` to first return a list of topics
> to check or other ways to avoid the authorization check in the coordinator.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
