Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-4454

Authorizer should also include the Principal generated by the PrincipalBuilder.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.10.0.1
    • None
    • None
    • None

    Description

      Currently kafka allows users to plugin a custom PrincipalBuilder and a custom Authorizer.
      The Authorizer.authorize() object takes in a Session object that wraps KafkaPrincipal and InetAddress.
      The KafkaPrincipal currently has a PrincipalType and Principal name, which is the name of Principal generated by the PrincipalBuilder.
      This Principal, generated by the pluggedin PrincipalBuilder might have other fields that might be required by the pluggedin Authorizer but currently we loose this information since we only extract the name of Principal while creating KaflkaPrincipal in SocketServer.

      It would be great if KafkaPrincipal has an additional field "channelPrincipal" which is used to store the Principal generated by the plugged in PrincipalBuilder.

      The pluggedin Authorizer can then use this "channelPrincipal" to do authorization.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-5783 Implement KafkaPrincipalBuilder interface with support for SASL (KIP-189)

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #2206

          Web Link GitHub Pull Request #2206

          Activity

            People

              mgharat Mayuresh Gharat
              mgharat Mayuresh Gharat
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: