XMLWordPrintable

    • MK - Sprint 226

      WHAT

      Authorizer improvements described in the Epic.

      HOW

      Change the authorizer validations imposed by createAcls in the following way:

      • Users with access to manage ACLs should not be restricted from creating ACLs with themselves as the named principal
      • Improve the error message returned by the authorizer when owners attempt to create ACLs for themselves

      In addition make change the #acls and #deleteAcl method so they are aware of the owner rules.  This is done to give the user a complete pictures of the ACLs applied to their instance.

      • Change #acls so that it additionally to the rules from Kafka's database, the list includes  'synthesized' AclBinding objects representing the owner rules from the static configuration.. 
      • Make a complimentary change to #deleteAcl so that attempts to the AclBinding objects belonging to owners are prevented with a clear error message that conveys the special nature of owner rules.
      • A new configuration item will be require so that plugin knows which principals are owners.

      ACLs rules for system principals such as the canary should remain hidden.

       

          There are no Sub-Tasks for this issue.

              rh-ee-robeyoun Robert Young
              keithbwall Keith Wall
              Kafka Integrations
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: