lucasbru commented on code in PR #19799:
URL: https://github.com/apache/kafka/pull/19799#discussion_r2137256983
##########
docs/streams/developer-guide/security.html:
##########
@@ -137,7 +138,25 @@
[...snip...]
Caused by: java.security.UnrecoverableKeyException: Password verification
failed</code></pre>
<p>Monitor your Kafka Streams application log files for such error
messages to spot any misconfigured applications quickly.</p>
-</div>
+ </div>
+ <div class="section" id="streams-rpc-acls">
+ <span
id="streams-developer-guide-security-rpc-acls"></span><h2>Security
Considerations for Streams Rebalance Protocol<a class="headerlink"
href="#streams-rpc-acls" title="Permalink to this headline"></a></h2>
+ <p>The Kafka Streams Rebalance Protocol (introduced in <a
class="reference external"
href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-1071%3A+Streams+Rebalance+Protocol";>KIP-1071</a>)
uses dedicated RPCs for group coordination. When running Streams applications
in a secured Kafka environment, you will need to ensure proper
authorization.</p>
+
+ <p>For detailed information about the required ACLs for the
Streams Rebalance Protocol, refer to the <a class="reference internal"
href="../../security.html#security_authz"><span class="std
std-ref">Authorization and ACLs</span></a> section in the main Kafka Security
documentation. This documentation lists all the operation permissions needed
for various Kafka RPCs, including the Streams Group Heartbeat and Streams Group
Describe operations.</p>
+
+ <h3>Interactive Queries Security</h3>
+ <p>If you are using <a class="reference internal"
href="interactive-queries.html"><span class="doc">Interactive
Queries</span></a> with a custom RPC layer (such as a REST API), you need to
ensure that your application has the necessary permissions to access state
stores and their changelog topics.</p>
+
+ <p>When implementing a custom query service that accesses state
stores remotely, ensure that:</p>
+ <ul class="simple">
+ <li>The Kafka Streams application has permission to read from
and write to the changelog topics that back the state stores</li>
+ <li>If your RPC service uses a different security principal
(user/identity) than your Streams application, you must explicitly grant that
principal the necessary permissions to read from the changelog topics</li>
Review Comment:
Again, why would the RPC service access the changelog topics?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
