This is an automated email from the ASF dual-hosted git repository.
mjsax pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new a0fb4db MINOR: improve security docs for Kafka Streams (#4532)
a0fb4db is described below
commit a0fb4db40a5b4af915600d3a20081bb9e865a551
Author: Matthias J. Sax <[email protected]>
AuthorDate: Thu Feb 8 11:49:09 2018 -0800
MINOR: improve security docs for Kafka Streams (#4532)
Author: Matthias J. Sax <[email protected]>
Reviewers: Bill Bejeck <[email protected]>, Joel Hamill
<[email protected]>, Guozhang Wang <[email protected]>
---
docs/streams/developer-guide/security.html | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/docs/streams/developer-guide/security.html
b/docs/streams/developer-guide/security.html
index 2e9b387..0604747 100644
--- a/docs/streams/developer-guide/security.html
+++ b/docs/streams/developer-guide/security.html
@@ -67,6 +67,14 @@
<p>When applications are run against a secured Kafka cluster, the
principal running the application must have the ACL
<code class="docutils literal"><span
class="pre">--cluster</span> <span class="pre">--operation</span> <span
class="pre">Create</span></code> set so that the application has the
permissions to create
<a class="reference internal"
href="manage-topics.html#streams-developer-guide-topics-internal"><span
class="std std-ref">internal topics</span></a>.</p>
+ <p>To avoid providing this permission to your application, you can
create the required internal topics manually.
+ If the internal topics exist, Kafka Streams will not try to
recreate them.
+ Note, that the internal repartition and changelog topics must
be created with the correct number of partitions—otherwise, Kafka Streams
will fail on startup.
+ The topics must be created with the same number of partitions as
your input topic, or if there are multiple topics, the maximum number of
partitions across all input topics.
+ Additionally, changelog topics <emph>must</emph> be created
with log compaction enabled—otherwise, your application might lose data.
+ You can find out more about the names of the required internal
topics via <code>Topology#describe()</code>.
+ All internal topics follow the naming pattern
<code><application.id>-<operatorName>-<suffix></code> where
the <code>suffix</code> is either <code>repartition</code> or
<code>changelog</code>.
+ Note, that there is no guarantee about this naming pattern in
future releases—it's not part of the public API.</p>
</div>
<div class="section" id="security-example">
<span id="streams-developer-guide-security-example"></span><h2><a
class="toc-backref" href="#id2">Security example</a><a class="headerlink"
href="#security-example" title="Permalink to this headline"></a></h2>
@@ -173,4 +181,4 @@ Caused by: java.security.UnrecoverableKeyException:
Password verification failed
// Display docs subnav items
$('.b-nav__docs').parent().toggleClass('nav__item__with__subs--expanded');
});
- </script>
\ No newline at end of file
+ </script>
--
To stop receiving notification emails like this one, please contact
[email protected].
