Page MenuHomePhabricator
Create Task
Maniphest T294264

Enforce authentication and authorization for webrequest_* topics in Kafka jumbo-eqiad cluster
Open, MediumPublic
Actions

Description

We'd love to one day enforce ACLs for all topics in Kafka. That's a huge task and requires a lot of thought.

In the meantime, we should at least lock down the webrequest_* topics. We should be able to do this with our existing TLS certificate based authentication. We'd just need to generate and deploy certificates for any consumers, and then set Kafka ACLs on the webrequest_* topics accordingly.

Related Objects
Search...

Event Timeline

Ottomata created this task.Oct 25 2021, 4:03 PM
Ottomata edited projects, added: Analytics; removed: Analytics-Clusters.

Perhaps this is a Q3 or Q4 task?

odimitrijevic added a project: Data-Engineering.Oct 28 2021, 4:29 PM
odimitrijevic moved this task from Incoming (new tickets) to Security & Governance on the Data-Engineering board.Oct 28 2021, 4:53 PM
odimitrijevic removed a project: Analytics.Jan 11 2022, 11:22 PM
JArguello-WMF moved this task from Security & Governance to Incoming (new tickets) on the Data-Engineering board.Jun 29 2023, 11:44 PM
JArguello-WMF moved this task from Incoming (new tickets) to Tag with Radar on the Data-Engineering board.Jun 29 2023, 11:51 PM
BTullis added a project: Data-Platform-SRE.Jul 14 2023, 11:35 PM
Gehel triaged this task as Medium priority.Oct 18 2023, 8:46 AM
Gehel moved this task from Incoming to Misc on the Data-Platform-SRE board.
lbowmaker moved this task from Tag with Radar to Tag with Icebox on the Data-Engineering board.Nov 10 2023, 1:24 PM
VirginiaPoundstone edited projects, added: Data-Engineering-Icebox-DEPRECATED; removed: Data-Engineering.Jan 6 2025, 9:21 PM
Ottomata edited projects, added: Data-Engineering, Data-Engineering-Icebox; removed: Data-Engineering-Icebox-DEPRECATED.Jan 10 2025, 2:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits