Versions Compared

Old Version 6

changes.mady.by.user Manikumar Reddy O.

Saved on

compared with

New Version 7

changes.mady.by.user Manikumar Reddy O.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
>> sh kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --principal User:User1
ACLs for principal `User:User1`
Current ACLs for resource `Group:PREFIXED:TEST_GROUP`:
 	User:User1 has Allow permission for operations: Read from hosts: *

Current ACLs for resource `Topic:PREFIXED:TEST_TOPIC`:
 	User:User1 has Allow permission for operations: Read from hosts: *
	User:User1 has Allow permission for operations: Create from hosts: *
	User:User1 has Allow permission for operations: Write from hosts: *
	User:User1 has Allow permission for operations: Describe from hosts: *

Proposed Changes

AclCommand with Authorizer Interface:

We have a method in Authorizer interface to get acls for a given principal.
We will use this method to fetch acls and filter the results for the requested Resources.

Authorizer {
def getAcls(principal: KafkaPrincipal): Map[Resource, Set[Acl]]
}

AclCommand with AdminClient API:

Currently AdminClient API doesn't have API to fetch acls for given principal.
So while using AclCommand with AdminClient API (KIP-332: Update AclCommand to use AdminClient API),
we just filter the results returned from describeAcls API.

We can add new AdminClient API/new DescribeAclsRequest if required in future.

Compatibility, Deprecation, and Migration Plan

...