Hi Rajini, looks great and addresses a few gripes I had in the past, thanks for that!
One idea that I had while reading, but I am not sure if this is taking "being flexible" a step too far maybe.. Would it make sense to make the decision at which severity to log a decision pluggable/configurable? We have a few customers that have different regulatory requirements for auditing access depending on the type of data that is in topics. So for some topics they might actually need to log every access, for some just the denied ones and for some no one cares at all. Best regards, Sönke On Wed, 7 Aug 2019 at 12:28, Ron Dagostino <rndg...@gmail.com> wrote: > Looks great, Rajini — a detailed and complete KIP with a great > backwards-compatibility plan. Nothing came to mind aside from how easy it > was to read and understand. Thanks for writing it so clearly. > > Ron > > > On Aug 6, 2019, at 5:31 PM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > > > > Hi all, > > > > I have created a KIP to replace the Scala Authorizer API with a new Java > > API: > > > > - > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface > > > > This is replacement for KIP-50 which was accepted but never merged. Apart > > from moving to a Java API consistent with other pluggable interfaces in > the > > broker, KIP-504 also attempts to address known limitations in the > > authorizer. If you have come across other limitations that you would like > > to see addressed in the new API, please raise these on the discussion > > thread so that we can consider those too. All suggestions and feedback > are > > welcome. > > > > Thank you, > > > > Rajini > -- Sönke Liebau Partner Tel. +49 179 7940878 OpenCore GmbH & Co. KG - Thomas-Mann-Straße 8 - 22880 Wedel - Germany
