Jason Gustafson created KAFKA-5547:
--------------------------------------
Summary: Return topic authorization failed if no topic describe
access
Key: KAFKA-5547
URL: https://issues.apache.org/jira/browse/KAFKA-5547
Project: Kafka
Issue Type: Improvement
Reporter: Jason Gustafson
We previously made a change to several of the request APIs to return
UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to
the topic. The thought was to avoid leaking information about which topics
exist. The problem with this is that a client which sees this error will just
keep retrying because it is usually treated as retriable. It seems, however,
that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid leaking
information as long as we ensure that the Describe authorization check comes
before the topic existence check. This would avoid the ambiguity on the client.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
