You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by gu...@apache.org on 2018/06/27 16:35:47 UTC
[kafka] branch trunk updated: HOTFIX: remove old security
suggestions
This is an automated email from the ASF dual-hosted git repository.
guozhang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7ea8a25 HOTFIX: remove old security suggestions
7ea8a25 is described below
commit 7ea8a25a4c03c0c5f342d621eacd07ff62489b06
Author: Guozhang Wang <wa...@gmail.com>
AuthorDate: Wed Jun 27 09:35:34 2018 -0700
HOTFIX: remove old security suggestions
---
docs/streams/developer-guide/security.html | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/docs/streams/developer-guide/security.html b/docs/streams/developer-guide/security.html
index e196e14..821a34e 100644
--- a/docs/streams/developer-guide/security.html
+++ b/docs/streams/developer-guide/security.html
@@ -67,16 +67,15 @@
<p>Kafka clusters can use ACLs to control access to resources (like the ability to create topics), and for such clusters each client,
including Kafka Streams, is required to authenticate as a particular user in order to be authorized with appropriate access.
In particular, when Streams applications are run against a secured Kafka cluster, the principal running the application must have
- the ACL
- <code class="docutils literal"><span class="pre">--cluster</span> <span class="pre">--operation</span> <span class="pre">Create</span></code> set so that the application has the permissions to create
+ the ACL set so that the application has the permissions to create, read and write
<a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p>
<p>Since all internal topics as well as the embedded consumer group name are prefixed with the <a class="reference internal" href="/{{version}}/documentation/streams/developer-guide/config-streams.html#required-configuration-parameters"><span class="std std-ref">application id</span></a>,
it is recommended to use ACLs on prefixed resource pattern
to configure control lists to allow client to manage all topics and consumer groups started with this prefix
+ as <code class="docutils literal"><span class="pre">--resource-pattern-type prefixed --topic your.application.id --operation All </span></code>
(see <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-277+-+Fine+Grained+ACL+for+CreateTopics+API">KIP-277</a>
and <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs">KIP-290</a> for details).
- For example, given the following setup of your Streams application:
</p>
</div>
<div class="section" id="security-example">