[
https://issues.apache.org/jira/browse/KAFKA-20144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chia-Ping Tsai reassigned KAFKA-20144:
--------------------------------------
Assignee: Kuan Po Tseng (was: Chia-Ping Tsai)
> Authority for LIST_CONFIG_RESOURCES should be dependent upon resource type
> --------------------------------------------------------------------------
>
> Key: KAFKA-20144
> URL: https://issues.apache.org/jira/browse/KAFKA-20144
> Project: Kafka
> Issue Type: Improvement
> Affects Versions: 4.1.0, 4.2.0
> Reporter: Andrew Schofield
> Assignee: Kuan Po Tseng
> Priority: Major
> Labels: need-kip
>
> KIP-1142 introduced the LIST_CONFIG_RESOURCES RPC as a way of listing Kafka
> resources for which configuration properties can be described. It built upon
> KIP-1000 which was specifically concerned with client-metrics resources.
> Unfortunately, this RPC requires DESCRIBE_CONFIGS permission on the cluster
> resource for all resource types. This has the side-effect that you need
> different permission to list groups (DESCRIBE on CLUSTER) than to list which
> groups have configs (DESCRIBE_CONFIGS on CLUSTER). This is an unintentional
> anomaly which leads to incomplete results for the kafka-configs.sh tool for
> users who only have DESCRIBE authority.
> We need a KIP to examine the permissions required for each of the resource
> types and ensure that there are no such anomalies. Requiring DESCRIBE_CONFIGS
> on the CLUSTER to list client-metrics resources is fine, but it should
> probably be DESCRIBE on the CLUSTER to list the groups with configs (and then
> DESCRIBE_CONFIGS on the individual groups to describe the actual configs).
> Similarly, we should make sure that the behavior for topics and so on is
> sensible.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
