From 2d068e2a16524c3fdccddc6de9df37456656f40f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gell=C3=A9rt=20Peresztegi-Nagy?= <gellert.nagy@redpanda.com>
Date: Fri, 26 Jul 2024 12:34:32 +0100
Subject: [PATCH] k/quotas: fix alter configs acl

The AlterClientQuotas handler requires alter configs ACL privileges on
the cluster. Whereas the DescribeClientQuotas handler required describe
configs ACL privileges on the cluster.

Ref: https://github.com/apache/kafka/blob/93068264a1ac6381592f33a649f7784629131b9b/core/src/main/scala/kafka/server/KafkaApis.scala#L3480-L3524

This fixes a bug where the AlterClientQuotas handler incorrectly
required describe configs privileges instead of alter configs
privileges on the cluster.
---
 src/v/kafka/server/handlers/client_quotas.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/v/kafka/server/handlers/client_quotas.cc b/src/v/kafka/server/handlers/client_quotas.cc
index 43e208769dda..096e6dc65048 100644
--- a/src/v/kafka/server/handlers/client_quotas.cc
+++ b/src/v/kafka/server/handlers/client_quotas.cc
@@ -425,7 +425,7 @@ ss::future<response_ptr> alter_client_quotas_handler::handle(
     }
 
     if (!ctx.authorized(
-          security::acl_operation::describe_configs,
+          security::acl_operation::alter_configs,
           security::default_cluster_name)) {
         for (auto& entry : response.data.entries) {
             entry.error_code = error_code::cluster_authorization_failed;