Quick navigation

Read Only Topic Policy

Introduction

The read only topic policy interceptor allows you to define some topics to be "Read-only".

This means that any mutating requests are denied. For example, produce requests are blocked, as are any requests that alter or delete topics.

The full list of Kafka API requests that this interceptor blocks for the specified topics is:

ProduceRequest
DeleteTopicsRequest
AlterConfigsRequest
AlterPartitionReassignmentsRequest
AlterPartitionRequest
CreatePartitionsRequest
IncrementalAlterConfigsRequest
DeleteRecordsRequest
ElectLeadersRequest
AlterReplicaLogDirsRequest

What happens when sending a request to a read-only topic

If an attempt is made to send a request to a read-only topic, the following error will be returned, such as:

org.apache.kafka.common.errors.TopicAuthorizationException: 
Not authorized to access topics: [topic name]

Configuration

config	type	default	description
topic	String	`.*`	Topics that match this regex will have the interceptor applied.
action	Action	`BLOCK`	Action to take if the value is outside the specified range.

Action

BLOCK → when fail, save in audit and return error.
INFO → execute API with wrong value, save in audit.

Example

{
  "name": "myReadOnlyTopicPolicyPlugin",
  "pluginClass": "io.conduktor.gateway.interceptor.safeguard.ReadOnlyTopicPolicyPlugin",
  "priority": 100,
  "config": {
    "topic": "client_topic_.*",
    "action": "BLOCK"
  }
}

Introduction​

What happens when sending a request to a read-only topic​

Configuration​

Action​

Example​

Introduction

What happens when sending a request to a read-only topic

Configuration

Action

Example