DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
Status
Current state: ["accpect"]
Discussion thread: here
JIRA: here [ KAFKA-18627 - Getting issue details... STATUS ]
Vote: here
Motivation
Currently, we allow all login modules except for those explicitly listed in `org.apache.kafka.disallowed.login.modules`. This approach presents a security risk: new and potentially insecure login modules may emerge over time. To mitigate this, we should consider adding org.apache.kafka.allowed.login.modules to explicitly list all built-in login modules and reject any other modules not included in this list.
we can deprecate `org.apache.kafka.disallowed.login.modules` and print warning message when users explicitly define it.
Public Interfaces
n/a
Proposed Changes
The ‘disallowed’ configuration is deprecated, and the ‘allowed’ configuration is added. At the same time, the login logic is updated to warn users who are using the ‘disallowed’ configuration.
@Deprecated
public static final String DISALLOWED_LOGIN_MODULES_CONFIG = "org.apache.kafka.disallowed.login.modules";
public static final String ALLOWED_LOGIN_MODULES_CONFIG = "org.apache.kafka.allowed.login.modules";
Compatibility, Deprecation, and Migration Plan
For compatibility, we retain both disallowedList and allowlist functionalities. Here is the logic:
- If a allowlist is configured, filtering will be done using the allowlist; otherwise, the disallowedList will be used for filtering.
- If neither is configured, the existing default disallowed list will be used for processing.
- If the user configures a disallowedList, a warning message will be printed regardless of whether it is effective or not.
Such changes will not affect existing tests; we only need to add a test to ensure the whitelist functionality.
In the future, we should remove the disallowedList functionality (expected in version 5.0), along with the corresponding tests.
Test Plan
The current changes will not affect existing tests, but we need to add tests for the whitelist functionality. In the future, after the disallowed list is removed, both the corresponding tests and registration code will need to be modified.
Rejected Alternatives
n/a