This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.
Status
Current state: "Under Discussion"
Discussion thread: here
JIRA: here
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
From JIRA description
"Currently the `kafka-acls` command has a `--list` option that can list per resource. In order to look at the ACLs for a particular principal the user needs to iterate through the entire list to figure out what privileges a particular principal has been granted. An option to list the ACL per principal would simplify this process."
We propose new optional argument "–principal" to list the ACLs for the specified principal.
Public Interfaces
kafka-acls.sh script with "--list" option supports optional argument "--principal" with the following specification
val listPrincipalsOpt = parser.accepts("principal", "List ACLs for the specified principal. principal is in principalType:name format." + " Note that principalType must be supported by the Authorizer being used.") .withOptionalArg() .describedAs("principal") .ofType(classOf[String])
Example:
>> sh kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --principal User:User1 ACLs for principal `User:User1` Current ACLs for resource `Group:PREFIXED:TEST_GROUP`: User:User1 has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:PREFIXED:TEST_TOPIC`: User:User1 has Allow permission for operations: Read from hosts: * User:User1 has Allow permission for operations: Create from hosts: * User:User1 has Allow permission for operations: Write from hosts: * User:User1 has Allow permission for operations: Describe from hosts: *
Compatibility, Deprecation, and Migration Plan
- There won't be any change of current behavior.