...
This KIP introduces a change to Session
class to accept a parameter of Java Principal
type instead of KafkaPrincipal
type. It also introduces a new API in PrincipalBuilder,
that would build a Java Principal
from the passed in map of configs. kafka-acls.sh would take in 2 optional command line parameters specifying the PrincipalBuilder
class name and the properties used to create the PrincpalBuilder
.Beyond the proposed new configuration key this KIP makes no changes to client or server public APIs.
Proposed Changes
Change the
Session
class to accept a parameter of typeJava Principal
instead ofKafkaPrincipal
.Code Block language java theme Midnight case class Session(principal: Principal, clientAddress: InetAddress)
The
Authorizer
can access this principal object as follows :Code Block language java theme Midnight public boolean authorize(RequestChannel.Session session, Operation operation, Resource resource) { ... Principal principal = session.principal(); User_Defined_Principal principal = (User_Defined_Principal) principal; ... }
Changes to kafka-aclsUser_Defined_Principal
is thePrincipal
generated by thePrincipalBuilder
and it implementsJava Principal.
sh.
- Kafka-acls.sh will allow to specify a custom
PrincipalBuilder
class using a new command line parameter "-- principalBuilder" andPrincipalBuilder
configs using a new command line parameter "--principalBuilder-properties". The "--allow-principal" will take list of properties as follows :
Code Block language java theme Midnight bin/kafka-acls.sh ...... --principalBuilder <PrincipalBuilder-class> --principalBuilder-properties <PrincipalBuilder-properties> --add --allow-principal <principal-properties> --allow-principal <principal-properties> ...... --operations Read,Write --topic Test-topic
Add a new API to
PrincipalBuilder
:Code Block language java theme Midnight public interface PrincipalBuilder extends Configurable { ... /** * Build a Principal using the provided configs. * * @param principalConfigs configs used to create the Principal * @return Principal */ Principal buildPrincipal(Map<String, ?> principalConfigs); ... }
- The specified
PrincipalBuilder
class will be responsible for building thePrincipal
using the <principal-properties>. - The
Principal
generated by thisPrincipalBuilder
can then be included inKafkaPrincipal
using the new constructor specified above. The "--principalBuilder" and "--principalBuilder-properties" parameters are optional. If its not specified, the Kafka-acls.sh would still work as it does today.
- Kafka-acls.sh will allow to specify a custom
Compatibility, Deprecation, and Migration Plan
What impact (if any) will there be on existing users?
The existing users implementing PrincipalBuilder
interface will get compile time error and will have to add the new API implementation to resolve it.
If users use there custom PrincipalBuilder
, they will have to implement there custom Authorizer
as the out of box Authorizer
that Kafka provides uses KafkaPrincipalThere is no compatibility impact as there is no change in behavior.
Test Plan
- Unit tests to validate that new changes work as expected without affecting the existing behavior.
Rejected Alternatives
Alternative 1 :
Kafka-acls.sh will allow to specify a custom PrincipalBuilder
using a new command line parameter "-- principalBuilder" and PrincipalBuilder
configs using a new command line parameter "--principalBuilder-properties". Users can use these to build their custom Principal
(that implements Java Principal
). Add a new API to PrincipalBuilder
Interface :
Code Block | ||||
---|---|---|---|---|
| ||||
public interface PrincipalBuilder extends Configurable { ... /** * Build a Principal using name. * * @param name Principal name * @return Principal */ Principal buildPrincipal(String name); ... } |
This PrincipalBuilder
API will then be used to generate a Principal
using the names specified in --allow-principal and --deny-principal parameters. This Principal
can be included in KafkaPrincipal
using the new constructor specified above.
This alternative was rejected due to following reasons :
Since the
Principal
is built using the "--principalBuilder-properties", users can only specify a particular type ofPrincipal
(s) (using --allow-principal / --deny-principal) at a time.If users want to specify multiple types of Principals, they will have to run the kafka-acls.sh multiple times with different "--principalBuilder-properties", even if the Principals might have the same name. For example, we can have a service
Principal
with name "XYZ" and a userPrincipal
with name "XYZ".
Due to above reasons, it is quite clear that it is less user friendly and not intuitive.
Alternative 2 :
Changes to kafka-acls.sh
- Kafka-acls.sh will allow to specify a custom
PrincipalBuilder
class using a new command line parameter "-- principalBuilder" andPrincipalBuilder
configs using a new command line parameter "--principalBuilder-properties". The "--allow-principal" will take list of properties as follows :
Code Block language java theme Midnight bin/kafka-acls.sh ...... --principalBuilder <PrincipalBuilder-class> --principalBuilder-properties <PrincipalBuilder-properties> --add --allow-principal <principal-properties> --allow-principal <principal-properties> ...... --operations Read,Write --topic Test-topic
Add a new API to
PrincipalBuilder
:Code Block language java theme Midnight public interface PrincipalBuilder extends Configurable { ... /** * Build a Principal using the provided configs. * * @param principalConfigs configs used to create the Principal * @return Principal */ Principal buildPrincipal(Map<String, ?> principalConfigs); ... }
- The specified
PrincipalBuilder
class will be responsible for building thePrincipal
using the <principal-properties>. - The
Principal
generated by thisPrincipalBuilder
can then be included inKafkaPrincipal
using the new constructor specified above. The "--principalBuilder" and "--principalBuilder-properties" parameters are optional. If its not specified, the Kafka-acls.sh would still work as it does today.
- Kafka-acls.sh will allow to specify a custom
- This was rejected as per discussions on the email thread as this is a nice to have feature but there is no urgent need for this.