THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Kafka supports authorize access to resources like topics, consumer groups etc. by way of ACLs. The current supported semantic of resource name and principal name in ACL definition is either full resource /principal name or special wildcard '*', which matches everything.
Kafka should support a way of defining bulk ACLs instead of specifying individual ACLs.
Example use cases:
- Principal “com.company.product1.client” has access to all topics that start with “com.company.product1.”.
- Principal “com.company.client1” has access to all consumer groups that start with “com.company.client1.”.All principals start with “com.company.” can write to topic “com.company.public.topic”.
This support would greatly simplify ACL operational story in a multi-tenant environment.
...
We would add new methods getMatchingAcls(resource) and getMatchingAcls(principal) to to the Authorizer interface.
Code Block language scala title Authorizer /** * Get set of all acls that match this resource. * @param resource regular or wildcard-suffixed resource name. * @return empty set if no acls are found, otherwise the acls for the matching resources. */ def getMatchingAcls(resource: Resource): Set[Acl] /** * Get set of all acls that match this principal. * @param principal regular or wild-suffixed principal name. * @return empty Map if no acls exist, otherwise a map of resource -> acls. */ def getMatchingAcls(principal: KafkaPrincipal): Map[Resource, Set[Acl]]
...