THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
Kafka supports authorize authorizes access to resources like topics, consumer groups etc. by way of ACLs. The current supported semantic of resource name in ACL definition is either full resource name or special wildcard '*', which matches everything.
Kafka should support a way of defining bulk ACLs instead of specifying individual ACLs.
Example use cases:
...
- Add new field 'ResourceNameType' to Resource and ResourceFilter classes , which would define if the resource name is a literal or to distinguish between literal and wildcard-suffix (resource names.
- ResourceNameType is an enum to support more types in the future
- .
- Enhance implementation of getAcls(resource) in SimpleAclAuthorizer to return all matching wildcard-suffixed ACLs if 'ResourceNameType' is wildcard-suffix
- The behavior of getAcls(resource) method today is to return ACLs matching only the resource literal.
- authorize(...) method calls getAcls(resource) and getAcls('*') to get all the matching ACLs today.
- Backward compatibility would be maintained because 'ResourceNameType' defaults to literal.
...