Summary
The main question is how does one secure the setting of of ACLs on Kafka. ACLs can be used to restrict who can consume / produce to topics, but how is the setting of ACLs restricted? E.g. some user on another network machine using kafka-acls.sh
Details
I am quite new to kafka and I've just setup up my first kafka 1.0.0 cluster and I am using the Kafka admin CLI(kafka-acls.sh) to grant acls for principals.
Here is problem I found: I can use this kafka-acls.sh on any other machine to manipulate my kafka cluster, without any permission required?! Is this an existing security issue?
My requirement is, as an admin, for my kafka topics I would grant read permission to the consumers. But if the consumer owners can use the kafka-acls.sh, they could add that permission by themselves.
I've tried these:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --cluster --operation Create --deny-principal User:*
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --cluster --operation Alter--deny-principal User:*
Current ACLs for resource
Cluster:kafka-cluster:User:* has Deny permission for operations: Create from hosts: * User:* has Deny permission for operations: Alter from hosts: *
I was hoping this can stop anyone to change ACLs on any topics; but I still can grant permission to any principal. I am expecting some settings in kafka properties file that can do the work. My properties settings regarding ACL are:
# Switch to enable topic deletion or not, default value is false #delete.topic.enable=true
###To enable ZooKeeper authentication on brokers zookeeper.set.acl=true
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:Admin
Any Ideas to restrict the admin CLI, guys?
Any advice would be appreciated.
