AndrewJSchofield commented on PR #21385: URL: https://github.com/apache/kafka/pull/21385#issuecomment-3859030895
> @AndrewJSchofield Thanks for tackling this! It seems that we have another similar issue. The ListConfigResources API requires DESCRIBE_CONFIGS on the CLUSTER. Any well configured cluster won't five that permissions to applications using the cluster. Only administrators will have it. It is also inconsistent with the DescribeConfigs API which requires DESCRIBE_CONFIGS on GROUP to describe configs of groups. Based on this, it seems that the `kafka-config` command line tool will never work for groups in practice. What do you think? @dajac Yes, I see what you mean. I think there are a couple of things we can do. First, we could handle `ClusterAuthorizationException` in this PR in a similar way as `UnsupportedVersionException` so that a user who can list groups but not list config resources will still get a meaningful if incomplete answer. Second, we could change the ACL operation for `LIST_CONFIG_RESOURCES` to `DESCRIBE` on `CLUSTER`, which of course would be a KIP. I think the former approach is sensible for this PR. wdyt? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
