THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Routing Request Security
For older ZK mutation requests that need redirection, forwarding broker will just use its own authorizer to verify the principals. When the request looks good, it will just forward the request with its own credentials, so that the controller broker will only validate the broker principal in the forwarded request. The only exceptional case is the controller audit log which needs a principal name of the request, so we will add an optional tag called "InitialPrincipalName" to the header when sending the proxy request.
In addition, to avoid exposing this forwarding power to the admin clients, the routing request shall be forwarded towards the controller broker internal endpoint which should be only visible to other brokers inside the cluster in the KIP-500 controller. Any admin configuration request with broker principal should not be going through the public endpoint and will be rejected for security purpose. For pre-KIP-500 controller, we would allow broker principal to go through only when the message comes in on the inter-broker listener, which is an indication of a forwarding request.
Public Interfaces
Deprecate Client Side Controller Access
...
To be more strict of protecting controller information, the "ControllerId" field in new MetadataResponse shall be set to -1 when the original request comes from a non-broker client and it is already on v10. We shall use the request listener name to distinguish whether a given request is inter-broker, or from the clienta random broker for v0-v9 request, and gets deprecated on v10. Note that only existing clients are using Metadata RPC to get controller info, so it should be safe to deprecate and we would explicitly mention that on the NetworkClient meta comments.
Security Access Changes
Broker Authorization Override During Forwarding
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
BROKER_AUTHORIZATION_FAILURE(92, "Authorization failed for the request during forwarding,. thisThis indicates an internal error on the broker cluster security setup.", BrokerAuthorizationFailureException::new); |
...