This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.

Status

Current state: Under Discussion

...

config.providers=directory

config.providers.directory.class=org.apache.kafka.connect.configs.DirectoryConfigProvider

config.providers.directory.param.allowed.paths=/var/run,var/configs

If a caller tries to access another path, for example:

...

• org/apache/kafka/common

Name: allowed.paths
Type: StringList
Documentation: Comma separated designated paths that this configuration provider has permission to access files from. If not set, all paths are allowed.
Default: empty

...

Classes DirectoryConfigProvider and FileConfigProvider that implements the ConfigProvider interface will be updated. In the configure() method of the classes, the newly added configuration will be retrieved. Their get() method will then verify whether the file it is attempting to access resides within the designated paths. If the file is not within any of the designated paths, an empty string will be returned for the value. This behaviour is consistent with how EnvVarConfigProvider handles when user attempts to access environment variables that are not allowed.  allowed. When using FileConfigProvider, users can also specify files in the allowed.paths to limit access to specific files so that other files in the same directory are not accessible.

In cases where no path is specified, the configuration providers will retain their previous unrestricted access to any file.

...