Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-5750

Elevate log messages for denials to INFO in SimpleAclAuthorizer class

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.0.0
    • security
    • None

    Description

      Currently, the authorizer logs all messages at DEBUG level and logs every single authorization attempt, which can greatly decrease cluster performance, especially when Mirrormaker also produces to that cluster. Many InfoSec requirements, though, require that authorization denials be logged. The proposed solution is to elevate any denial in SimpleAclAuthorizer and any other relevant class to WARN while leaving approvals at their currently logging levels.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            omkreddy Manikumar
            pwalker Phillip Walker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment