...
This is not a new interface, but an implementation of the KafkaPrincipalBuilder interface to add support for SPIFFE based SAN URIs and return them as a Principle so they can be leveraged to create ACL rules directly.
...
This is not a new interface, but an implementation of the KafkaPrincipalBuilder interface to add support for SPIFFE based SAN URIs and return them as a Principle so they can be leveraged to create ACL rules directly.
There are several POC implementations out there implementing a bespoke KafkaPrincipalBuilder implementation for this purpose. Two examples include
- https://github.com/traiana/kafka-spiffe-principal
- https://github.com/boeboe/kafka-istio-principal-builder (written by myself)
I can use some help here to determine the best implementation and improve the code in terms of resiliency and logging.
...