Rajini Sivaram created KAFKA-6912: ------------------------------------- Summary: Add authorization tests for custom principal types Key: KAFKA-6912 URL: https://issues.apache.org/jira/browse/KAFKA-6912 Project: Kafka Issue Type: Task Components: core Reporter: Rajini Sivaram Assignee: Rajini Sivaram Fix For: 2.0.0
KIP-290 proposes to add prefixed-wildcarded principals to enable ACLs to be configured for groups of principals. This doesn't work with all security protocols - e.g. SSL principals are of format CN=name,O=org,C=country where prefixes don't fit in terms of grouping. Kafka currently doesn't support the concept of user groups, but it is possible to use custom KafkaPrincipalBuilders to generate group principals during authentication. By default, Kafka generates principals of type User, but custom types (e.g. Group) are supported. This does currently have the restriction ACLs may be defined only at group level (cannot combine both user & group level ACLs for a connection), but it works currently for all security protocols. We don't have any tests that verify custom principal types and authorization based on custom principal types. It will be good to add some tests. -- This message was sent by Atlassian JIRA (v7.6.3#76005)