You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.

Status

Current state "Under Discussion"

Discussion thread: here 

JIRA: here 

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

From JIRA description

Currently the `kafka-acls` command has a `--list` option that can list per resource. In order to look at the ACLs  for a particular principal the user needs to iterate through the entire list to figure out what privileges a particular principal has been granted. An option to list the ACL per principal would simplify this process.

Public Interfaces

kafka-acls.sh script with "--list" option supports additional optional argument "--principal" with the following specification

    val listPrincipalsOpt = parser.accepts("principal", "List ACLs for the specified principal. principal is in principalType:name format." +
      " Note that principalType must be supported by the Authorizer being used.")
      .withOptionalArg()
      .describedAs("principal")
      .ofType(classOf[String])

Example:

>>sh kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --principal User:User1
ACLs for principal `User:User1`
Current ACLs for resource `Group:PREFIXED:TEST_GROUP`:
 	User:User1 has Allow permission for operations: Read from hosts: *

Current ACLs for resource `Topic:PREFIXED:TEST_TOPIC`:
 	User:User1 has Allow permission for operations: Read from hosts: *
	User:User1 has Allow permission for operations: Create from hosts: *
	User:User1 has Allow permission for operations: Write from hosts: *
	User:User1 has Allow permission for operations: Describe from hosts: *


Proposed Changes

Describe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.

Compatibility, Deprecation, and Migration Plan

  • There won't be any change of current behavior.
  • No labels