Major Description
In sensitive environments, it would be interesting to be able to restrict the files that can be accessed by the built-in configuration providers.
For example:
config.providers=directory
config.providers.directory.class=org.apache.kafka.connect.configs.DirectoryConfigProvider
config.providers.directory.path=/var/run
Then if a caller tries to access another path, for example
ssl.keystore.password=${directory:/etc/passwd:keystore-password}
it would be rejected.
Attachments
Issue Links
- links to
- mentioned in
-
Page Loading...