...
As described above, Kafka protocol for requests and responses to describe broker resources will be extended to request authorized operations and return the set of authorized operations if requested. Broker will use its pluggable Authorizer
to obtain the set of permitted operations for the Session
performing the Describe
operation. (This change is dropped due to compatibility issue with Scala 2.11(See this). If no authorizer is configured on the broker, the full set of supported operations on each resource will be returned.SimpleAclAuthorizer
will be updated to traverse through ACLs once and return all the matching operations. Custom authorizers may be extended to do the same, but a default implementation that uses the existing `authorize()
` method to authorize every supported operation ensures that existing authorizers can be used without change.
...
- Existing clients using older versions will not request authorized operations in
Describe
requests since the default is to disable this feature. This keeps older clients compatible with newer brokers. - Newer clients connecting to older brokers will use the older protocol version and hence will not request authorized operations.
AdminClient
will throw an exception if the option is requested but not supported by brokers. - When new operations are added, newer brokers may return operations that are not known to older clients. AdminClient will ignore any bit that is set in
authorized_operations
that is not known to the client. TheSet<AclOperation>
created by the client from the bits returned by the broker will only include operations that the client client knows about.
Changes dropped from the Proposal
Initially we proposed below API changes to the scala `Authorizer` trait with a default implementation so that existing implementations continue to work. But Scala 2.11 doesn't convert the default implementation in a trait to a default implementation in Java. So this breaks existing Java authorizer implementations when building with scala 2.11 version of core. Due to this we dropped below Authorizer API related changes. These changes can be implemented in future when we drop support for Scala 2.11.
...