Exclude DescribeConfigs and Describe ACLs from the needed roles for Neo4j Streams Source

[mroiter-larus]

According to Zendesk ticket 13887, we should find a way, if possible, to "exclude" the DescribeConfigs and Describe ACLs from the needed roles for Neo4j Streams Source.

The related use case is when a customer wants to grants to a user principal just the Write role and not the Describe and DescribeConfigs. Currently this is not possible as documented here, in particular:

To make the plugin work properly, the following operations must be authorized for Topic and Cluster resource types:

• Write, when you want to use the plugin as a Source
• Read, when you want to use the plugin as a Sink
• DescribeConfigs and Describe, because the plugin uses the following 2 Kafka AdminClient API:
  • listTopics
  • describeCluster

That roles are being used by the plugin just to check, leveraging the Kafka AdminClient API, if the auto.create.topics.enable property is enabled on Kafka and, if so, to obtain the topic list.

Could the introduction of a selectable configuration be a solution?