THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
We extend the same storage model to store new wildcard suffix ACLs in a different location 'kafka-wildcard-acl-v2' with escaping for using special characters in resource names. Changes will first be stored at 'kafka-wildcard-acl-v2-changes'.
$ get /kafka-wildcard-acl-v2/Topic/teamA*
{"version":1,"acls":[{"principal":"User:clientA","permissionType":"Allow","operation":"Read","host":"*"}]}
ACLs write path
Write to a new location 'kafka-wildcard-acl-v2'.
$ get /kafka-wildcard-acl-v2/Topic/orgName*
{"version":1,"acls":[{"principal":"User:clientA","permissionType":"Allow","operation":"Read","host":"*"}]}
ACLs read path
On read path, we look for all matching ACLs when:
a) getMatchingAcls(resourceWithWildcardSuffix) is called.
b) authorize(…) is called.
Access would be allowed if there is at least one ALLOW matching acl and no DENY matching acl (current behavior is maintained). Note that the length of the prefix doesn't play any role here.
...