THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Changes to command line tool class https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/admin/AclCommand.scala
- Expose a '--wildcardresource-suffixed-resourcetype' flag which is "falseliteral" by default to maintain backwards compatibility (though "truewildcard-suffixed" is more user friendly going forward)
- bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
--add --allow-principal User:Bob --allow-principal User:Alice --allow-host
198.51.100.0 --allow-host 198.51.100.1 --operation Read --group my-app-* –wildcard -suffixed-resource true-type wildcard-suffixed
- bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181
- Expose a '--wildcardresource-suffixed-resourcetype' flag which is "falseliteral" by default to maintain backwards compatibility (though "truewildcard-suffixed" is more user friendly going forward)
- New schema version for CreateAclsRequest / DeleteAclsRequest / DescribeAclsRequest which will have a new field (int) in schemas to distinguish literals vs wildcard-suffix resource names.
- Update the public documentation with the details of the new feature.
...
On downgrade, the wildcard ACLs will be treated as literals and hence never match anythingignored because they are in separate path. This means that any wildcard ACLs will be treated as if they were never added. This is fine for ALLOW ACLs, but might have security implications if DENY ACLs are ignored.
...