Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.

Status

Current state: Draft

...

Currently when building a Principal, the builder has access to the an  AuthenticationContext which contains the security protocol as well as the client address. However since 0.10.2.0 Kafka can have multiple listeners for the same protocol . It would be beneficial to also have access to the listener name in the AuthenticationContext to properly identify the connection.
For example with the following configuration, it's not currently possible in a custom PrincipalBuilder to identify if a connection is from an internal or external network as both have the same security protocol:

...

using listener names (listener.security.protocol.map). While we can identify the source of the connection using the client address, having the listener name would make it simpler as IPs/networks can change and it currently requires to parse the client IP.

Public Interfaces

A new public method will be added to AuthenticationContext:

...

As well as to all the existing implementations: PlaintextAuthenticationContext, SslAuthenticationContext and SaslAuthenticationContext

Proposed Changes

.

 Describe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.

Compatibility, Deprecation, and Migration Plan

...