THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Enhance implementation of getAcls(resource) in SimpleAclAuthorizer to return all matching wildcard-suffixed ACLs if 'ResourceNameType' in input resource is a wildcard-suffix.
- The behavior of getAcls(resource) method today is to return ACLs matching only the resource literal.
- authorize(...) method calls getAcls(resource) and getAcls('*') to get all the matching ACLs today.
- Backward compatibility would be maintained because 'ResourceNameType' defaults to literal.
- Changes to command line tool class https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/admin/AclCommand.scala
- To expose the above new API (if we go that route).
- Expose a '--wildcard-suffixsuffixed-resource' flag which is "false" by default to maintain backwards compatibility (though "true" is more user friendly going forward)
- bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
--add --allow-principal User:Bob --allow-principal User:Alice --allow-host
198.51.100.0 --allow-host 198.51.100.1 --operation Read --group my-app-* –wildcard-suffixsuffixed-resource true
- bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
- Expose a '--wildcard-suffixsuffixed-resource' flag which is "false" by default to maintain backwards compatibility (though "true" is more user friendly going forward)
- Changes to AdminClient - None.
- New API keys for CreateAclsRequest / DeleteAclsRequest / DescribeAclsRequest which would have a new field in schema to distinguish literals vs wildcard-suffix resource names.
- Update the public documentation with the details of the new feature.
...