kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From guozh...@apache.org
Subject [kafka] branch trunk updated: HOTFIX: remove old security suggestions
Date Wed, 27 Jun 2018 16:35:47 GMT
This is an automated email from the ASF dual-hosted git repository.

guozhang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git

The following commit(s) were added to refs/heads/trunk by this push:
     new 7ea8a25  HOTFIX: remove old security suggestions
7ea8a25 is described below

commit 7ea8a25a4c03c0c5f342d621eacd07ff62489b06
Author: Guozhang Wang <wangguoz@gmail.com>
AuthorDate: Wed Jun 27 09:35:34 2018 -0700

    HOTFIX: remove old security suggestions
 docs/streams/developer-guide/security.html | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/streams/developer-guide/security.html b/docs/streams/developer-guide/security.html
index e196e14..821a34e 100644
--- a/docs/streams/developer-guide/security.html
+++ b/docs/streams/developer-guide/security.html
@@ -67,16 +67,15 @@
             <p>Kafka clusters can use ACLs to control access to resources (like the
ability to create topics), and for such clusters each client,
                 including Kafka Streams, is required to authenticate as a particular user
in order to be authorized with appropriate access.
                 In particular, when Streams applications are run against a secured Kafka
cluster, the principal running the application must have
-                the ACL
-                <code class="docutils literal"><span class="pre">--cluster</span>
<span class="pre">--operation</span> <span class="pre">Create</span></code>
set so that the application has the permissions to create
+                the ACL set so that the application has the permissions to create, read and
                 <a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span
class="std std-ref">internal topics</span></a>.</p>
             <p>Since all internal topics as well as the embedded consumer group name
are prefixed with the <a class="reference internal" href="/{{version}}/documentation/streams/developer-guide/config-streams.html#required-configuration-parameters"><span
class="std std-ref">application id</span></a>,
                 it is recommended to use ACLs on prefixed resource pattern
                 to configure control lists to allow client to manage all topics and consumer
groups started with this prefix
+                as <code class="docutils literal"><span class="pre">--resource-pattern-type
prefixed --topic your.application.id --operation All </span></code>
                 (see <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-277+-+Fine+Grained+ACL+for+CreateTopics+API">KIP-277</a>
                 and <a class="reference external" href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs">KIP-290</a>
for details).
-                For example, given the following setup of your Streams application:
         <div class="section" id="security-example">

View raw message