When implementing a custom authorizer, one has to map authorization requests coming from Kafka to a custom backend system.
The following table lists all the authorization combinations that can come from Kafka:
ApiKey | Topic | Group | Cluster (singleton) | TransactionalId | DelegationToken |
---|---|---|---|---|---|
Produce | Write | ||||
Produce (Idempotent) | Write | IdempotentWrite | |||
Produce (Transactional) | Write | Write | |||
Fetch (Follower) | Read | ClusterAction | |||
Fetch (Consumer) | Read | ||||
ListOffsets | Describe | ||||
Metadata | Describe | ||||
LeaderAndIsr | ClusterAction | ||||
StopReplica | ClusterAction | ||||
UpdateMetadata | ClusterAction | ||||
ControlledShutdown | ClusterAction | ||||
OffsetCommit | Read | Read | |||
OffsetFetch | Describe | Describe | |||
FindCoordinator (Group) | Describe | ||||
FindCoordinator (Transaction) | Describe | ||||
JoinGroup | Read | ||||
Heartbeat | Read | ||||
LeaveGroup | Read | ||||
SyncGroup | Read | ||||
DescribeGroups | Describe | ||||
ListGroups | Describe | ||||
SaslHandshake | |||||
ApiVersions | |||||
CreateTopics | Create | ||||
DeleteTopics | Delete | ||||
DeleteRecords | Delete | ||||
InitProducerId (Idempotent) | IdempotentWrite | ||||
InitProducerId (Transaction) | Write | ||||
OffsetsForLeaderEpoch | ClusterAction | ||||
AddPartitionsToTxn | Write | Write | |||
AddOffsetsToTxn | Read | Write | |||
EndTxn | Write | ||||
WriteTxnMarkers | ClusterAction | ||||
TxnOffsetCommit | Read | Read | Write | ||
DescribeAcls | Describe | ||||
CreateAcls | Alter | ||||
DeleteAcls | Alter | ||||
DescribeConfigs (Broker) | DescribeConfigs | ||||
DescribeConfigs (Topic) | DescribeConfigs | ||||
AlterConfigs (Broker) | AlterConfigs | ||||
AlterConfigs (Topic) | AlterConfigs | ||||
AlterReplicaLogDirs | Alter | ||||
DescribeLogDirs | Describe | ||||
SaslAuthenticate | |||||
CreatePartitions | Alter | ||||
CreateDeletegationToken | |||||
RenewDelegationToken | |||||
ExpireDelegationToken | |||||
DescribeDelegationTokens | Describe | ||||
DeleteGroups | Delete |