-
Notifications
You must be signed in to change notification settings - Fork 13.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAFKA-3722 : The PlaintextChannelBuilder should always use the DefaultPrincipalBuilder #1403
Conversation
What is the issue that you're having with the current approach. Can you not return the received |
At the moment, you can override the principal for PLAINTEXT, for instance, set principal based on IP. Or set a different principal for PLAINTEXT from an unauthenticated SSL client. Feels like a useful config even for PLAINTEXT. |
@ijuma @rajinisivaram
The basic idea is the PlainText channel should not be using the PrincipalBuilder meant for other types of channels. We should probably have separate builders and authorizers for each type of channel if there is a valid use case here. For my usecase having a DefaultPrincipalBuilder for PlainText would suffice. But now that I think more, having a clear separation for those configs might be a good idea as a broker can run on multiple types of ports in future. |
@MayureshGharat Isn't the code in your custom principal builder in the method |
@rajinisivaram Yeah right now I can have an "instanceOf" check or catch the downcasting exception and do the handling. Having a method in TransportLayer to return the type might be a good idea. But as the type of ports increase it means adding more checks to buildPrincipal right? Isn't it better to have separate configs for them instead? What do you think? That will be more cleaner IMO, though it increases the 2 configs (Authorizer and PrincipalBuilderClass) for each port type. |
@MayureshGharat Personally I prefer smaller number of configs, especially since it can be made to work. But I do see your point about separate configs being neater. It will be good to see what others think. |
I am personally in favour of less configs too. It may make sense to pass the security protocol as a parameter to |
@ijuma I think we have 4 options from the above discussions.
|
@MayureshGharat @ijuma Isn't 3) a breaking change of a public interface? I imagine 3) and 4) need a KIP since they change externals. |
@rajinisivaram If changing the existing method, yes. But we could introduce an overloaded one with additional parameter and an empty implementation. And have the existing one call that by default. This means that existing users that override the existing method would continue to work and new users could override the new method. This would require default methods that only exist in Java 8 though. So, given that, it's unlikely that this would be accepted. So, adding a method to @MayureshGharat, it makes sense to start a mailing list thread about this to get more opinions. |
@ijuma Sounds good. Will start a mailing list discussion on this. |
Closing since the issue was fixed with KIP-189 and the JIRA was resolved. |
Consider this scenario :
We have a Kafka Broker running on PlainText and SSL port simultaneously.
We try to plugin a custom principal builder using the config "principal.builder.class" for the request coming over the SSL port.
The ChannelBuilders.createPrincipalBuilder(configs) first checks if a config "principal.builder.class" is specified in the passed in configs and tries to use that even when it is building the instance of PrincipalBuilder for the PlainText port, when that custom principal class is only menat for SSL port.
IMO, having a DefaultPrincipalBuilder for PlainText port should be fine.