[jira] [Updated] (KAFKA-5259) TransactionalId authorization should imply ProducerId authorization
[ https://issues.apache.org/jira/browse/KAFKA-5259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Gustafson updated KAFKA-5259: --- Resolution: Fixed Status: Resolved (was: Patch Available) Issue resolved by pull request 3075 [https://github.com/apache/kafka/pull/3075] > TransactionalId authorization should imply ProducerId authorization > --- > > Key: KAFKA-5259 > URL: https://issues.apache.org/jira/browse/KAFKA-5259 > Project: Kafka > Issue Type: Sub-task > Components: clients, core, producer >Reporter: Jason Gustafson >Assignee: Jason Gustafson >Priority: Blocker > Labels: exactly-once > Fix For: 0.11.0.0 > > > There is not much point to only authorizing a transactionalId: without > producerId authorization, a principal cannot actually write any transactional > data. So we may as well make ProducerId authorization implicit if a > transactionalId is authorized. > There are also a couple cases that we missed in the initial authorization > patch which we may as well handle here. > 1. FindCoordinatorRequest should authorize by transactionalId > 2. TxnOffsetCommitRequest should also authorize by transactionalId. Currently > this field is not included in the request type but it probably should be > since then writing any transactional data requires authorization to some > transactionalId. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KAFKA-5259) TransactionalId authorization should imply ProducerId authorization
[ https://issues.apache.org/jira/browse/KAFKA-5259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Gustafson updated KAFKA-5259: --- Status: Patch Available (was: In Progress) > TransactionalId authorization should imply ProducerId authorization > --- > > Key: KAFKA-5259 > URL: https://issues.apache.org/jira/browse/KAFKA-5259 > Project: Kafka > Issue Type: Sub-task > Components: clients, core, producer >Reporter: Jason Gustafson >Assignee: Jason Gustafson >Priority: Blocker > Labels: exactly-once > Fix For: 0.11.0.0 > > > There is not much point to only authorizing a transactionalId: without > producerId authorization, a principal cannot actually write any transactional > data. So we may as well make ProducerId authorization implicit if a > transactionalId is authorized. > There are also a couple cases that we missed in the initial authorization > patch which we may as well handle here. > 1. FindCoordinatorRequest should authorize by transactionalId > 2. TxnOffsetCommitRequest should also authorize by transactionalId. Currently > this field is not included in the request type but it probably should be > since then writing any transactional data requires authorization to some > transactionalId. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (KAFKA-5259) TransactionalId authorization should imply ProducerId authorization
[ https://issues.apache.org/jira/browse/KAFKA-5259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Apurva Mehta updated KAFKA-5259: Labels: exactly-once (was: ) > TransactionalId authorization should imply ProducerId authorization > --- > > Key: KAFKA-5259 > URL: https://issues.apache.org/jira/browse/KAFKA-5259 > Project: Kafka > Issue Type: Sub-task > Components: clients, core, producer >Reporter: Jason Gustafson >Assignee: Jason Gustafson >Priority: Blocker > Labels: exactly-once > Fix For: 0.11.0.0 > > > There is not much point to only authorizing a transactionalId: without > producerId authorization, a principal cannot actually write any transactional > data. So we may as well make ProducerId authorization implicit if a > transactionalId is authorized. > There are also a couple cases that we missed in the initial authorization > patch which we may as well handle here. > 1. FindCoordinatorRequest should authorize by transactionalId > 2. TxnOffsetCommitRequest should also authorize by transactionalId. Currently > this field is not included in the request type but it probably should be > since then writing any transactional data requires authorization to some > transactionalId. -- This message was sent by Atlassian JIRA (v6.3.15#6346)