Rajini Sivaram created KAFKA-6912:

             Summary: Add authorization tests for custom principal types
                 Key: KAFKA-6912
                 URL: https://issues.apache.org/jira/browse/KAFKA-6912
             Project: Kafka
          Issue Type: Task
          Components: core
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram
             Fix For: 2.0.0

KIP-290 proposes to add prefixed-wildcarded principals to enable ACLs to be 
configured for groups of principals. This doesn't work with all security 
protocols - e.g. SSL principals are of format CN=name,O=org,C=country where 
prefixes don't fit in terms of grouping. Kafka currently doesn't support the 
concept of user groups, but it is possible to use custom KafkaPrincipalBuilders 
to generate group principals during authentication. By default, Kafka generates 
principals of type User, but custom types (e.g. Group) are supported. This does 
currently have the restriction ACLs may be defined only at group level (cannot 
combine both user & group level ACLs for a connection), but it works currently 
for all security protocols.

We don't have any tests that verify custom principal types and authorization 
based on custom principal types. It will be good to add some tests.


This message was sent by Atlassian JIRA

Reply via email to