...
A configuration option quota.type
will be added with supported values "client-id
" and "user-principal".
This option can be used to choose between the existing client-id based implementation and the new authenticated -user principal based implementation. The default value will be client-id
to be consistent with Kafka 0.9.0.x and 0.10.0.x.
Default quota configs will apply to authenticated user principals if quota.type=user-principal.
...
If quota.type=user-principal
, quota related metrics will be generated for authenticated user principals rather than client-ids.
...
kafka-configs.sh
will be extended to support authenticated quota overrides for user quotasprincipals. A new entity type “users
” will be added which provides quota configuration similar to the existing entity type "clients
".
...
Quota Persistence in Zookeeper
Client-id based quotas quota configuration overrides will continue be stored under /config/clients
. Authenticated user quotas Quota configuration overrides for user principals will be stored under /config/users
. Only one of these will be processed and watched by the brokers depending on the value of quota.type
. Note that Base64-encoded hex version of the user principal will be used as node name under /config/users
to cope with Zookeeper naming restrictions.
...
quota.type
is set to client-id
as default to be consistent with Kafka 0.9.0.x and 0.10.0.x. Hence the existing quota configurations will apply if new secure quotas are not defined. If quota.type
is set to user-principal
in broker configuration and default or new quotas are configured for users, clients may be throttled based on the quota limits for user principals. But no client API changes are necessary to work with the new implementation.
...