...
Code Block |
---|
>> sh kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --principal User:User1 ACLs for principal `User:User1` Current ACLs for resource `Group:PREFIXED:TEST_GROUP`: User:User1 has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:PREFIXED:TEST_TOPIC`: User:User1 has Allow permission for operations: Read from hosts: * User:User1 has Allow permission for operations: Create from hosts: * User:User1 has Allow permission for operations: Write from hosts: * User:User1 has Allow permission for operations: Describe from hosts: * |
Proposed Changes
AclCommand with Authorizer Interface:
We have a method in Authorizer interface to get acls for a given principal.
We will use this method to fetch acls and filter the results for the requested Resources.
Authorizer {
def getAcls(principal: KafkaPrincipal): Map[Resource, Set[Acl]]
}
AclCommand with AdminClient API:
Currently AdminClient API doesn't have API to fetch acls for given principal.
So while using AclCommand with AdminClient API (KIP-332: Update AclCommand to use AdminClient API),
we just filter the results returned from describeAcls API.
We can add new AdminClient API/new DescribeAclsRequest if required in future.
Compatibility, Deprecation, and Migration Plan
...