...
- This
PrincipalBuilder
API will then be used to generate aPrincipal
using the names specified in --allow-principal and --deny-principal parameters. ThisPrincipal
can be included inKafkaPrincipal
using the new constructor specified above. - This alternative was rejected due to following reasons :
Since the
Principal
is built using the "--principalBuilder-properties", users can only specify a particular type ofPrincipal
(s) (using --allow-principal / --deny-principal) at a time.If users want to specify multiple types of Principals, they will have to run the kafka-acls.sh multiple times with different "--principalBuilder-properties", even if the Principals might have the same name. For example, we can have a service
Principal
with name "XYZ" and a userPrincipal
with name "XYZ".
- Due to above reasons, it is quite clear that it is less user friendly and not intuitive.
Alternative 2 :
Changes to kafka-acls.sh
- Kafka-acls.sh will allow to specify a custom
PrincipalBuilder
class using a new command line parameter "-- principalBuilder" andPrincipalBuilder
configs using a new command line parameter "--principalBuilder-properties". The "--allow-principal" will take list of properties as follows :
Code Block language java theme Midnight bin/kafka-acls.sh ...... --principalBuilder <PrincipalBuilder-class> --principalBuilder-properties <PrincipalBuilder-properties> --add --allow-principal <principal-properties> --allow-principal <principal-properties> ...... --operations Read,Write --topic Test-topic
Add a new API to
PrincipalBuilder
:Code Block language java theme Midnight public interface PrincipalBuilder extends Configurable { ... /** * Build a Principal using the provided configs. * * @param principalConfigs configs used to create the Principal * @return Principal */ Principal buildPrincipal(Map<String, ?> principalConfigs); ... }
- The specified
PrincipalBuilder
class will be responsible for building thePrincipal
using the <principal-properties>. - The
Principal
generated by thisPrincipalBuilder
can then be included inKafkaPrincipal
using the new constructor specified above. The "--principalBuilder" and "--principalBuilder-properties" parameters are optional. If its not specified, the Kafka-acls.sh would still work as it does today.
- Kafka-acls.sh will allow to specify a custom
- This was rejected as per discussions on the email thread as this is a nice to have feature but there is no urgent need for this.
...