You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Rajini Sivaram (JIRA)" <ji...@apache.org> on 2018/06/06 12:06:00 UTC

[jira] [Resolved] (KAFKA-6912) Add authorization tests for custom principal types

     [ https://issues.apache.org/jira/browse/KAFKA-6912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajini Sivaram resolved KAFKA-6912.
-----------------------------------
    Resolution: Fixed
      Reviewer: Dong Lin

> Add authorization tests for custom principal types
> --------------------------------------------------
>
>                 Key: KAFKA-6912
>                 URL: https://issues.apache.org/jira/browse/KAFKA-6912
>             Project: Kafka
>          Issue Type: Task
>          Components: core
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.0.0
>
>
> KIP-290 proposes to add prefixed-wildcarded principals to enable ACLs to be configured for groups of principals. This doesn't work with all security protocols - e.g. SSL principals are of format CN=name,O=org,C=country where prefixes don't fit in terms of grouping. Kafka currently doesn't support the concept of user groups, but it is possible to use custom KafkaPrincipalBuilders to generate group principals during authentication. By default, Kafka generates principals of type User, but custom types (e.g. Group) are supported. This does currently have the restriction ACLs may be defined only at group level (cannot combine both user & group level ACLs for a connection), but it works currently for all security protocols.
> We don't have any tests that verify custom principal types and authorization based on custom principal types. It will be good to add some tests.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)