kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hui happy <happyhi...@gmail.com>
Subject Is kafka support dynamic ACL rule
Date Thu, 27 Dec 2018 07:17:55 GMT
Hi

As I learned that kafka can use  '--resource-pattern-type prefixed'  to add
rule for prefixed topic.
For example an user 'kafkaclient', we could define a rule let the user can
access all topics start with that user name, i.e., 'kafkaclient--', such
as  'kafkaclient--topic1', 'kafkaclient--topic2', etc.

/opt/kafka/bin/kafka-acls.sh \

  --authorizer-properties zookeeper.connect=zookeeper:2181 \

  --add \

  --allow-principal User:"kafkaclient" \

  --operation All \

  --resource-pattern-type prefixed \

  --topic "kafkaclient--" \


But is it possible to define dynamic user name ?
In above case we know the username is 'kafkaclient', and if there are many
other users, we have to add rule for each user; these rules are similar,
except the user name.

So i want to know if it's possible to just define a single rule, using
dynamic user name, each user could access the topics start with itself
username. something likes:

/opt/kafka/bin/kafka-acls.sh \

  --authorizer-properties zookeeper.connect=zookeeper:2181 \

  --add \

  --allow-principal User:"*<USER>*" \

  --operation All \

  --resource-pattern-type prefixed \

  --topic "*<USER>*--" \


Then whatever to add user or add topic later, we don't need to add any
rules.

Thanks.
Hui

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message