...
Discussion thread: old thread
JIRA: KAFKA-9413
Please note that there was an earlier but now abandoned work here and this current KIP what you're reading is an attempt to tackle the problem from a slightly different angle (described below).
Motivation
Auditing is a reporting functionality to notify other subsystems of the outcome of an authorization. It is used to check the activity of certain entities within a cluster. It is highly demanded in most businesses to have the ability of obtaining audit information in case someone changes cluster configuration (like creation/deletion/modify/description of any topic or ACLs) or even record client events in some environment.
...
The correctness of the LoggingAuditor
and data propagation between KafkaApis
and the Auditor
will be covered on the unit test level with mocking.
Rejected Alternatives
Original KIP-567
There was an earlier attempt to tackle this problem but it is now abandoned. It operated with somewhat different interfaces but overall the concept was similar. I chose to take a slightly different angle and emphasize the similarities with the Authorizer
as it makes sense to represent a similar requirement with a similar interface, therefore until the community discussion prefers otherwise, I keep the original works but represent it in the rejected alternatives.
Client Side Auditing
Some auditing action can be quite heavy, such as auditing client actions, like detecting which client produces to which topics. It was considered to do some of these on the client side but it has multiple obstacles:
...