THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Option | Description(old) | Description(new) |
|---|---|---|
| --allow-host <String: allow-host> | Host from which principals listed in -- allow-principal will have access. If you have specified --allow-principal then the default for this option will be set to * which allows access from all hosts. | Host from which principals listed in --allow-principal will have access. Host supports both IP and network segment formats. Eg: 192.0.0.1 or 192.0.0.1/20. If you have specified --allow-principal then the default for this option will be set to * which allows access from all hosts. |
Proposed Changes
Command line code changes
None
Server code changes
In the matchingACLExists method of AclAuthorizer, the determination of host is modified to support network segments。
| Code Block | ||
|---|---|---|
| ||
private def matchingAclExists(operation: AclOperation,
resource: ResourcePattern,
principal: KafkaPrincipal,
host: String,
permissionType: AclPermissionType,
acls: AclSeqs): Boolean = {
......
(acl.host == host || acl.host == AclEntry.WildcardHost)
......
} |
...