Skip to content

Auth acl v1.5 #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
novatechflow wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Auth acl v1.5 #80

novatechflow wants to merge 3 commits into from

Conversation

@novatechflow
Copy link
Collaborator

@novatechflow novatechflow commented Jan 28, 2026

PR v1.5 roadmap: Auth, ACL coverage, and proxy protocol hardening

Summary

This PR implements the v1.5 auth groundwork: broker-side ACL enforcement improvements, connection-level principal plumbing with PROXY protocol support, expanded ACL test coverage, and documentation updates. It also adds rate-limited auth denial logs and tightens proxy protocol parsing behavior.

Key Changes

  • Added connection-scoped auth context and PROXY protocol v1/v2 parsing for principal derivation.
  • New principal sources via env: client_id (default), remote_addr, proxy_addr; with fail‑closed behavior when PROXY protocol is enabled.
  • Rate-limited authorization‑denied logs + metrics for visibility.
  • Expanded ACL tests (admin ops + group write paths) and e2e ACL coverage.
  • Helm/operator wiring for new auth/principal envs.
  • Docs updates: operations/security/protocol alignments, trust boundary notes, proxy header limits, fail‑closed behavior.
  • Ignore local notes/ directory in .gitignore.

Details

  • Broker auth plumbing
    • Conn context + principal source selection.
    • PROXY protocol parsing with v1 max header length and v2 LOCAL handling.
    • Fail‑closed when KAFSCALE_PROXY_PROTOCOL=true and header missing/invalid.
  • ACL enforcement and tests
    • Unit/protocol tests for CreateTopics/DeleteTopics/AlterConfigs/CreatePartitions/DeleteGroups.
    • Unit/protocol tests for Join/Sync/Heartbeat/Leave/OffsetCommit.
    • e2e ACL test coverage (TestACLsE2E).
  • Docs
    • Operations: principal source options, trust boundary, fail‑closed behavior, header limits, LOCAL note.
    • Security: ACL posture and proxy protocol notes.
    • Protocol: SASL handshake behavior clarified.
  • Helm/Operator
    • New values + env passthrough for principal source and proxy protocol.

Tests

  • make test
  • make test-acl

Notes for Reviewers

  • PROXY v1 header length is capped at 256 bytes (rejects oversized headers).
  • PROXY v2 LOCAL is accepted (no identity); ensure LB health checks don’t require ACL-protected operations.
  • ACLs with client_id remain spoofable unless trusted edge auth is enforced; warnings are logged on startup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@novatechflow