KIP-507 — Securing Internal Connect REST Endpoints
Accepted Kafka 2.4 ConnectSecurity
Secures the internal Connect REST endpoint (/connectors/tasks/configs) used for follower-to-leader task config relay by requiring that only authenticated Connect workers (identified by mutual TLS or a shared principal) can call it. When the Connect REST API is secured, the internal endpoint is also exposed and can be called by unauthenticated external clients, bypassing task isolation.
Details
| Author | Chris Egerton |
| Status | Accepted |
| Kafka Version | 2.4 |
| JIRA | KAFKA-8804 |
| Wiki | View on Apache Wiki |
| Created | 2019-08-12 |
| Last Modified | 2019-10-02 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.