kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mj...@apache.org
Subject [kafka] branch 1.1 updated: MINOR: improve security docs for Kafka Streams (#4532)
Date Thu, 08 Feb 2018 19:51:11 GMT
This is an automated email from the ASF dual-hosted git repository.

mjsax pushed a commit to branch 1.1
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/1.1 by this push:
     new ae36127  MINOR: improve security docs for Kafka Streams (#4532)
ae36127 is described below

commit ae36127eaf5e7028d7b725101ecc814c559f722f
Author: Matthias J. Sax <mjsax@apache.org>
AuthorDate: Thu Feb 8 11:49:09 2018 -0800

    MINOR: improve security docs for Kafka Streams (#4532)
    
    Author: Matthias J. Sax <matthias@confluent.io>
    
    Reviewers: Bill Bejeck <bill@confluent.io>, Joel Hamill <joel@confluent.io>,
Guozhang Wang <guozhang@confluent.io>
---
 docs/streams/developer-guide/security.html | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/streams/developer-guide/security.html b/docs/streams/developer-guide/security.html
index 2e9b387..0604747 100644
--- a/docs/streams/developer-guide/security.html
+++ b/docs/streams/developer-guide/security.html
@@ -67,6 +67,14 @@
             <p>When applications are run against a secured Kafka cluster, the principal
running the application must have the ACL
                 <code class="docutils literal"><span class="pre">--cluster</span>
<span class="pre">--operation</span> <span class="pre">Create</span></code>
set so that the application has the permissions to create
                 <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span
class="std std-ref">internal topics</span></a>.</p>
+	    <p>To avoid providing this permission to your application, you can create the
required internal topics manually.
+               If the internal topics exist, Kafka Streams will not try to recreate them.
+               Note, that the internal repartition and changelog topics must be created with
the correct number of partitions&mdash;otherwise, Kafka Streams will fail on startup.
+	       The topics must be created with the same number of partitions as your input topic,
or if there are multiple topics, the maximum number of partitions across all input topics.
+               Additionally, changelog topics <emph>must</emph> be created with
log compaction enabled&mdash;otherwise, your application might lose data.
+               You can find out more about the names of the required internal topics via
<code>Topology#describe()</code>.
+	       All internal topics follow the naming pattern <code>&lt;application.id&gt;-&lt;operatorName&gt;-&lt;suffix&gt;</code>
where the <code>suffix</code> is either <code>repartition</code> or
<code>changelog</code>.
+               Note, that there is no guarantee about this naming pattern in future releases&mdash;it's
not part of the public API.</p>
         </div>
         <div class="section" id="security-example">
             <span id="streams-developer-guide-security-example"></span><h2><a
class="toc-backref" href="#id2">Security example</a><a class="headerlink" href="#security-example"
title="Permalink to this headline"></a></h2>
@@ -173,4 +181,4 @@ Caused by: java.security.UnrecoverableKeyException: Password verification
failed
                         // Display docs subnav items
                         $('.b-nav__docs').parent().toggleClass('nav__item__with__subs--expanded');
                     });
-              </script>
\ No newline at end of file
+              </script>

-- 
To stop receiving notification emails like this one, please contact
mjsax@apache.org.

Mime
View raw message