k/quotas: fix alter configs acl

The AlterClientQuotas handler requires alter configs ACL privileges on the cluster. Whereas the DescribeClientQuotas handler required describe configs ACL privileges on the cluster. Ref: https://github.com/apache/kafka/blob/93068264a1ac6381592f33a649f7784629131b9b/core/src/main/scala/kafka/server/KafkaApis.scala#L3480-L3524 This fixes a bug where the AlterClientQuotas handler incorrectly required describe configs privileges instead of alter configs privileges on the cluster.
vbotbuildovich · Jul 26, 2024 · 2d068e2 · 2d068e2
1 parent 68ca607
commit 2d068e2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/v/kafka/server/handlers/client_quotas.cc b/src/v/kafka/server/handlers/client_quotas.cc
@@ -425,7 +425,7 @@ ss::future<response_ptr> alter_client_quotas_handler::handle(
     }
 
     if (!ctx.authorized(
-          security::acl_operation::describe_configs,
+          security::acl_operation::alter_configs,
           security::default_cluster_name)) {
         for (auto& entry : response.data.entries) {
             entry.error_code = error_code::cluster_authorization_failed;