Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-1682 Security for Kafka
  3. KAFKA-1688

Add authorization interface and naive implementation

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: 0.9.0.0
    • Component/s: security
    • Labels:
      None

      Description

      Add a PermissionManager interface as described here:
      https://cwiki.apache.org/confluence/display/KAFKA/Security
      (possibly there is a better name?)

      Implement calls to the PermissionsManager in KafkaApis for the main requests (FetchRequest, ProduceRequest, etc). We will need to add a new error code and exception to the protocol to indicate "permission denied".

      Add a server configuration to give the class you want to instantiate that implements that interface. That class can define its own configuration properties from the main config file.

      Provide a simple implementation of this interface which just takes a user and ip whitelist and permits those in either of the whitelists to do anything, and denies all others.

      Rather than writing an integration test for this class we can probably just use this class for the TLS and SASL authentication testing.

        Attachments

        1. KAFKA-1688_2015-04-10_11:08:39.patch
          192 kB
          Parth Brahmbhatt
        2. KAFKA-1688.patch
          315 kB
          Parth Brahmbhatt

          Activity

            People

            • Assignee:
              parth.brahmbhatt Parth Brahmbhatt
              Reporter:
              jkreps Jay Kreps
            • Votes:
              1 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: