Table of Contents |
---|
Status
Current state: Under Discussion
...
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
We still have some users using very old Kafka client libraries, such as Kafka 8 and Kafka 9. We need a mechanism to force users to upgrade their client libraries, or forbid outdated client libraries.
...
In this KIP, we propose to provide client API version to authorizer. So that, the user defined authorizer can decide allowing or not allowing the operation based on client library versions.
Public Interfaces
A public interface is any change to the following:
...
- Anything else that will likely break existing users in some way when they upgrade
No
Proposed Changes
Public Interfaces and classes
Authorizer
Code Block | ||
---|---|---|
| ||
package kafka.security.auth /** ... * ... */ trait Authorizer { /** ... * ... */ /** * @param session The session being authenticated. * @param operation Type of operation client is trying to perform on resource. * @param resource Resource the client is trying to access. + * @param apiVersion The client API version of the request. * @return */ - def authorize(session: Session, operation: Operation, resource: Resource): Boolean + def authorize(session: Session, operation: Operation, resource: Resource, apiVersion: Short): Boolean } |
...
- What impact (if any) will there be on existing users?
No impact to the users that are not using user-defined authorizer. For the users that are using user-defined authorizer, they will have to modify their authorizer code to use the new interface.
Rejected Alternatives
Alternative 1 - Add a new broker configuration (e.g. min_api_version)
The method proposed in this KIP provides more flexibility to the cluster administrators. For example, they can forbid old consumers, but still allow old producers; or forbid old clients for a set of topics (e.g. the topics that are using new message format), while still allow for the other topics.
Alternative 2 - Provide the authorizer the entire Request object
From the request object, users can many other information about the request (e.g. the message content for produce request), in addition to the api version. The concern is may expose too much broker internal details to the authorizer, and may be abused.