2

I've a 3-node unsecured kafka(v0.10.2.1) cluster with topic auto creation and deletion disabled with the following in server.properties

auto.create.topics.enable=false
delete.topic.enable=true

Topics are then created/altered on the cluster using bin/kafka-topics.sh. However, it looks like anyone can create topics on the cluster once they know the end points.

Is there a way to lock down topic creation/alteration to specific hosts to prevent abuses?

Edit 1:
Since ACL was suggested, I tried to restrict topic creation to select hosts using kafka-acls.sh.

I restarted the brokers after adding the following to server.properties, .

authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer                                           
allow.everyone.if.no.acl.found=true

I tried the below to restrict topic creation on localhost. 

 bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --cluster --operation Create --allow-host 127.0.0.1

However, I was still able to create topics from an other host using kafka-topics.sh with the right endpoints. Is it the case that ACLs can't be used without authentication?

new_sys_admin
  • 315
  • 2
  • 5
  • 15
  • Were you able to get the hang of it? It seems like kafka allows you to create a topic despite an ACL, but then restricts to manage it – viktor.kudria Mar 23 '21 at 06:12

1 Answers1

2

You need to use access control lists (ACLs) to restrict such operations and that implies knowing who the caller is, so you need kafka to be secured by an authentication mechanism in the first place.

ACLs: http://kafka.apache.org/documentation.html#security_authz

Authentication can be done using SSL or SASL or by plugging in a custom provider, see the preceding sections of the same document.

Disabling auto-creation is not an access control mechanism, it only means that trying to produce to or consume from a topic will not create it automatically.

Michal Borowiecki
  • 4,244
  • 1
  • 11
  • 18