...

Note that removing a topic does not remove the associated ACLs, nor does removing ACLs remove the associated topic.

Migration Plan

Once AdminClient supports ACL operations, we can transition the command-line utilities to using it, instead of contacting ZooKeeper directly.

Compatibility Plan

Since there are no existing ACL APIs and requests, backwards compatibility is not an issue.  However, we still need to think about forwards compatibility.  The version of the AdminClient that we release in 0.11 should be able to interact with future versions of the broker.

...

• The name "AlterAcls" suggests that ACLs are being altered.  However, in fact ACLs are only being added or removed, but not altered.
• It's unclear what order the add and remove operations happen in.
• It is unclear whether a remove operation can remove something added in the same AlterAcls request.
• If add and remove operations are reordered, a security hole could be created when brokers are configured with default-allow behavior.  Deleting a restrictive ACL on a secure topic before adding a new restrictive ACL on that topic creates a window of vulnerability.
• AddAcls and RemoveAcls is similar to the existing AddTopics and RemoveTopics APIs.

Future Work

Once AdminClient supports ACL operations, we can transition the command-line utilities to using it, instead of contacting ZooKeeper directly.