You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Ismael Juma (JIRA)" <ji...@apache.org> on 2017/07/17 10:39:00 UTC
[jira] [Commented] (KAFKA-5547) Return topic authorization failed
if no topic describe access
[ https://issues.apache.org/jira/browse/KAFKA-5547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16089617#comment-16089617 ]
Ismael Juma commented on KAFKA-5547:
------------------------------------
[~hachikuji], it seems like that could work. As long as we're careful to always return the same error code for topics that exist or don't exist when the user is not authorized, it should be fine. Also, we also have to make sure to restrict any topic regex to the authorized topics (which we do already).
> Return topic authorization failed if no topic describe access
> -------------------------------------------------------------
>
> Key: KAFKA-5547
> URL: https://issues.apache.org/jira/browse/KAFKA-5547
> Project: Kafka
> Issue Type: Improvement
> Reporter: Jason Gustafson
>
> We previously made a change to several of the request APIs to return UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to the topic. The thought was to avoid leaking information about which topics exist. The problem with this is that a client which sees this error will just keep retrying because it is usually treated as retriable. It seems, however, that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid leaking information as long as we ensure that the Describe authorization check comes before the topic existence check. This would avoid the ambiguity on the client.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)