[KAFKA-5259] TransactionalId authorization should imply ProducerId authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.11.0.0
Component/s: clients, core, producer
Labels:
- exactly-once

Description

There is not much point to only authorizing a transactionalId: without producerId authorization, a principal cannot actually write any transactional data. So we may as well make ProducerId authorization implicit if a transactionalId is authorized.

There are also a couple cases that we missed in the initial authorization patch which we may as well handle here.

1. FindCoordinatorRequest should authorize by transactionalId
2. TxnOffsetCommitRequest should also authorize by transactionalId. Currently this field is not included in the request type but it probably should be since then writing any transactional data requires authorization to some transactionalId.

Attachments

Issue Links

links to

GitHub Pull Request #3075

Activity

People

Assignee:: Jason Gustafson

Reporter:: Jason Gustafson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/May/17 20:53

Updated:: 24/May/17 22:30

Resolved:: 24/May/17 22:29