Versions Compared

Old Version 15

changes.mady.by.user Mayuresh Gharat

Saved on

compared with

New Version 16

changes.mady.by.user Mayuresh Gharat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • This PrincipalBuilder API will then be used to generate a Principal using the names specified in --allow-principal and --deny-principal parameters. This Principal can be included in KafkaPrincipal using the new constructor specified above.
  • This alternative was rejected due to following reasons :

    1. Since the Principal is built using the "--principalBuilder-properties", users can only specify a particular type of Principal(s) (using --allow-principal / --deny-principal) at a time.

    2. If users want to specify multiple types of Principals, they will have to run the kafka-acls.sh multiple times with different "--principalBuilder-properties", even if the Principals might have the same name. For example, we can have a service Principal with name "XYZ" and a user Principal with name "XYZ".

  • Due to above reasons, it is quite clear that it is less user friendly and not intuitive.

Alternative 2 :

  • Changes to kafka-acls.sh

    • Kafka-acls.sh will allow to specify a custom PrincipalBuilder class using a new command line parameter "-- principalBuilder" and PrincipalBuilder configs using a new command line parameter "--principalBuilder-properties".

    • The "--allow-principal" will take list of properties as follows :

      Code Block
      languagejava
      themeMidnight
      bin/kafka-acls.sh ...... --principalBuilder <PrincipalBuilder-class> --principalBuilder-properties <PrincipalBuilder-properties> --add --allow-principal <principal-properties> --allow-principal <principal-properties> ...... --operations Read,Write --topic Test-topic

    • Add a new API to PrincipalBuilder :

      Code Block
      languagejava
      themeMidnight
      public interface PrincipalBuilder extends Configurable {
...

  /**
   * Build a Principal using the provided configs.
   *
   * @param  principalConfigs  configs used to create the Principal
   * @return Principal
   */
  Principal buildPrincipal(Map<String, ?> principalConfigs);

...
}
    • The specified PrincipalBuilder class will be responsible for building the Principal using the <principal-properties>.
    • The Principal generated by this PrincipalBuilder can then be included in KafkaPrincipal using the new constructor specified above.

    • The "--principalBuilder" and "--principalBuilder-properties" parameters are optional. If its not specified, the Kafka-acls.sh would still work as it does today.

  • This was rejected as per discussions on the email thread as this is a nice to have feature but there is no urgent need for this.

...