kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guozhang Wang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (KAFKA-5750) Elevate log messages for denials to INFO in SimpleAclAuthorizer class
Date Sat, 23 Sep 2017 04:49:09 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-5750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Guozhang Wang updated KAFKA-5750:
---------------------------------

*Reminder to the contributor / reviewer of the PR*: please note that the code deadline for
1.0.0 is less than 2 weeks away (Oct. 4th). Please re-evaluate your JIRA and see if it still
makes sense to be merged into 1.0.0 or it could be pushed out to 1.1.0, or be closed directly
if the JIRA itself is not valid any more, or re-assign yourself as contributor / committer
if you are no longer working on the JIRA.

> Elevate log messages for denials to INFO in SimpleAclAuthorizer class
> ---------------------------------------------------------------------
>
>                 Key: KAFKA-5750
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5750
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Phillip Walker
>            Assignee: Manikumar
>             Fix For: 1.0.0
>
>
> Currently, the authorizer logs all messages at DEBUG level and logs every single authorization
attempt, which can greatly decrease cluster performance, especially when Mirrormaker also
produces to that cluster. Many InfoSec requirements, though, require that authorization denials
be logged. The proposed solution is to elevate any denial in SimpleAclAuthorizer and any other
relevant class to WARN while leaving approvals at their currently logging levels.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message