You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/04/11 02:36:23 UTC
[GitHub] [kafka] C0urante opened a new pull request #10521: KAFKA-12651: Register Connect REST extensions before bringing up REST resources
C0urante opened a new pull request #10521:
URL: https://github.com/apache/kafka/pull/10521
[Jira](https://issues.apache.org/jira/browse/KAFKA-12651)
Copied from the Jira ticket:
> Connect currently registers custom REST extensions after REST resources. This can be problematic in security-conscious environments where REST extensions are used to lock down access to the Connect REST API, as it creates a window of opportunity for unauthenticated access to the REST API between the time the worker's REST resources are brought up and when its REST extensions are registered.
This change aims to address that vulnerability by registering REST extensions before REST resources.
### Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] C0urante closed pull request #10521: KAFKA-12651: Register Connect REST extensions before bringing up REST resources
Posted by GitBox <gi...@apache.org>.
C0urante closed pull request #10521:
URL: https://github.com/apache/kafka/pull/10521
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] C0urante commented on pull request #10521: KAFKA-12651: Register Connect REST extensions before bringing up REST resources
Posted by GitBox <gi...@apache.org>.
C0urante commented on pull request #10521:
URL: https://github.com/apache/kafka/pull/10521#issuecomment-817316483
Whoops, turns out the REST resources aren't online immediately after being registered and are only brought up at a [later point](https://github.com/apache/kafka/blob/db688b1a5e5904eed5849fbab4940585e5a3d646/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestServer.java#L306). By this point all REST extensions have been registered so there's no need for any changes here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] C0urante commented on pull request #10521: KAFKA-12651: Register Connect REST extensions before bringing up REST resources
Posted by GitBox <gi...@apache.org>.
C0urante commented on pull request #10521:
URL: https://github.com/apache/kafka/pull/10521#issuecomment-817237299
@ncliang @gharris1727 @kpatelatwork @ddasarathan could one or two of you take a look at this when you have time?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org