You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/02/23 17:24:24 UTC
[GitHub] [kafka] hachikuji commented on a change in pull request #10183: KAFKA-12267; Implement `DescribeTransactions` API
hachikuji commented on a change in pull request #10183:
URL: https://github.com/apache/kafka/pull/10183#discussion_r581233455
##########
File path: core/src/main/scala/kafka/server/KafkaApis.scala
##########
@@ -3271,6 +3272,34 @@ class KafkaApis(val requestChannel: RequestChannel,
"Apache ZooKeeper mode.")
}
+ def handleDescribeTransactionsRequest(request: RequestChannel.Request): Unit = {
+ val describeTransactionsRequest = request.body[DescribeTransactionsRequest]
+ val response = new DescribeTransactionsResponseData()
+
+ describeTransactionsRequest.data.transactionalIds.forEach { transactionalId =>
+ val transactionState = if (!authHelper.authorize(request.context, DESCRIBE, TRANSACTIONAL_ID, transactionalId)) {
+ new DescribeTransactionsResponseData.TransactionState()
+ .setTransactionalId(transactionalId)
+ .setErrorCode(Errors.TRANSACTIONAL_ID_AUTHORIZATION_FAILED.code)
+ } else {
+ txnCoordinator.handleDescribeTransactions(transactionalId)
+ }
+
+ // Include only partitions which the principal is authorized to describe
Review comment:
The idea is to avoid exposing topic existence to unauthorized principals. We do the same thing in `Metadata` for example. I agree it is a little weird and I debated it for a little while. Should describe authorization on a transactionalId automatically imply describe authorization on all of the topics that it is writing to? A similar case is `OffsetFetch`: should describe authorization on the groupId imply describe authorization for all topics? We said "no" in that case, so I decided to be consistent.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org