Rajini Sivaram created KAFKA-6912:
-------------------------------------
Summary: Add authorization tests for custom principal types
Key: KAFKA-6912
URL: https://issues.apache.org/jira/browse/KAFKA-6912
Project: Kafka
Issue Type: Task
Components: core
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Fix For: 2.0.0
KIP-290 proposes to add prefixed-wildcarded principals to enable ACLs to be
configured for groups of principals. This doesn't work with all security
protocols - e.g. SSL principals are of format CN=name,O=org,C=country where
prefixes don't fit in terms of grouping. Kafka currently doesn't support the
concept of user groups, but it is possible to use custom KafkaPrincipalBuilders
to generate group principals during authentication. By default, Kafka generates
principals of type User, but custom types (e.g. Group) are supported. This does
currently have the restriction ACLs may be defined only at group level (cannot
combine both user & group level ACLs for a connection), but it works currently
for all security protocols.
We don't have any tests that verify custom principal types and authorization
based on custom principal types. It will be good to add some tests.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
