Kafka Authorizer API changes - KIP-504

[Don Bosco Durai <bo...@apache.org>]

The Apache Kafka community is proposing a new interface for Kafka Topic authorization. They are going to continue supporting the older interface, but it will be deprecated soon. The new interface doesn’t affect much to us. I have reviewed the KIP and have also given my feedback. Feel free to review and provide your feedback either to the Kafka mailing list or here (and I can take it there).

 

Few key points:
It is going to be Java interface, which makes it is easy for us
Additional context in the request
Support multiple listeners and pass on the listener context as part of request. E.g. inter broker communication, etc…
Hints for audit logging  (e.g. where the request is for check listing, etc.). We can decide what to log to audit destination. This will reduce the number of logs
Count for similar requests. Similar to what we are already doing in batching/aggregating audit count. This will make it easier and reduce CPU cycles on our side.
Authorize method could have multiple requests. We need to treat them accordingly. 
There are few additional classes for abstraction.
 

KIP-504 detail

https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface

 

Discussion thread 

https://lists.apache.org/thread.html/f9830e4cb4bd7e9cc031c51395dfd670ec6839fef432d86d5074334b@%3Cdev.kafka.apache.org%3E

 

Thanks

 

Bosco