Strimzi
Guidance on Handling logAuditMessage in AclAuthorizer for Custom Kafka Authorizer with Kafka 3.9.0 #11014
Replies: 1 comment 1 reply
-
|
We have investigated further and found that the AclAuthorizer class was written in Java and later translated to Scala. In the translation, methods like logAuditMessage and isSuperUser were made private. This change, which occurred from Kafka v3.7.1 to v3.8.0, breaks our implementation as mentioned. Is this change intentional? Do you have any recommendations on how to handle logging or authorization in light of these changes? We’d appreciate any guidance or suggestions on how to adapt our custom authorizer. |
Beta Was this translation helpful? Give feedback.
-
|
I think this is more of an question for the Kafka community. While we can try to help you integrate something into Strimzi, we don't have anything to do with changes to the Kafka code and cannot explain the motivations behind them. But one thing to keep in mind is that there is yet another authorizer used in KRaft: |
Beta Was this translation helpful? Give feedback.
-
Hi Strimzi Team,
We’re currently upgrading from Kafka v3.7.1 to v3.9.0 and encountered a challenge with our custom Kafka Authorizer that extends AclAuthorizer.
In Kafka v3.7.1, we relied on the logAuditMessage method in AclAuthorizer.scala to log audit messages during authorization. However, in Kafka v3.8.0 and later, this method has been made private, which breaks our implementation.
Our custom logic is integrated into your Strimzi Kafka Operator setup as follows:
Given this change in Kafka, do you have any recommendations on how to handle logging for our custom authorizer?
• Should we implement our own custom logger?
• Does your pipeline provide a logging utility we could integrate with?
Any guidance or best practices you can share would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions