root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 3 Packages Projects Releases Wiki Activity

MINOR: improve security docs for Kafka Streams (#4532) 

Author: Matthias J. Sax <matthias@confluent.io>

Reviewers: Bill Bejeck <bill@confluent.io>, Joel Hamill <joel@confluent.io>, Guozhang Wang <guozhang@confluent.io>
This commit is contained in:
Matthias J. Sax 2018-02-08 11:49:09 -08:00 committed by Matthias J. Sax
parent e3dd8eb7f4
commit ae36127eaf
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/streams/developer-guide/security.html
View File

@ -67,6 +67,14 @@
<p>When applications are run against a secured Kafka cluster, the principal running the application must have the ACL
<code class="docutils literal"><span class="pre">--cluster</span> <span class="pre">--operation</span> <span class="pre">Create</span></code> set so that the application has the permissions to create
<a class="reference internal" href="manage-topics.html#streams-developer-guide-topics-internal"><span class="std std-ref">internal topics</span></a>.</p>
<p>To avoid providing this permission to your application, you can create the required internal topics manually.
If the internal topics exist, Kafka Streams will not try to recreate them.
Note, that the internal repartition and changelog topics must be created with the correct number of partitions&mdash;otherwise, Kafka Streams will fail on startup.
The topics must be created with the same number of partitions as your input topic, or if there are multiple topics, the maximum number of partitions across all input topics.
Additionally, changelog topics <emph>must</emph> be created with log compaction enabled&mdash;otherwise, your application might lose data.
You can find out more about the names of the required internal topics via <code>Topology#describe()</code>.
All internal topics follow the naming pattern <code>&lt;application.id&gt;-&lt;operatorName&gt;-&lt;suffix&gt;</code> where the <code>suffix</code> is either <code>repartition</code> or <code>changelog</code>.
Note, that there is no guarantee about this naming pattern in future releases&mdash;it's not part of the public API.</p>
</div>
<div class="section" id="security-example">
<span id="streams-developer-guide-security-example"></span><h2><a class="toc-backref" href="#id2">Security example</a><a class="headerlink" href="#security-example" title="Permalink to this headline"></a></h2>
@ -173,4 +181,4 @@ Caused by: java.security.UnrecoverableKeyException: Password verification failed
// Display docs subnav items
$('.b-nav__docs').parent().toggleClass('nav__item__with__subs--expanded');
});
</script>
</script>