Hi Viktor, Thanks for the KIP. A few questions:
1) kafka-acls.sh has options like* --topic* that specifies a single topic. Is there a reason why we want to have *--users* instead of *--user *with a single user? 2) We use user principal rather than just the name everywhere else. Can we do the same here, or do we not want to treat this as a principal? 3) If we update AclCommand, don't we also need equivalent AdminClient changes to configure this ACL? I believe we are deprecating ZK-based ACL updates, so we need to add this to AdminClient? Regards, Rajini On Fri, Jan 17, 2020 at 3:15 PM Viktor Somogyi-Vass <viktorsomo...@gmail.com> wrote: > Hi Jun & Richard, > > Jun, thanks for your feedback and vote. > > 100. Thanks, I'll correct that. > > 101. (@Richard) in this case the principal names will be something like > "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown" unless > principal mapping or builder is defined (refer to [1]). I think Jun was > referring to this case which is correct, semicolon seems to be a better fit > in this case. > > Viktor > > https://docs.confluent.io/current/kafka/authorization.html > > On Thu, Jan 16, 2020 at 11:45 PM Richard Yu <yohan.richard...@gmail.com> > wrote: > > > Hi Jun, > > > > Can the SSL username really include the comma? > > > > From what I could tell, when I searched it up, I couldn't find anything > > that indicated comma can be a delimiter. > > A related doc below: > > https://knowledge.digicert.com/solution/SO12401.html > > > > Cheers, > > Richard > > > > > > > > > > On Thu, Jan 16, 2020 at 1:37 PM Jun Rao <j...@confluent.io> wrote: > > > > > Hi, Viktor, > > > > > > Thanks for the KIP. +1 from me. Just a couple of minor comments below. > > > > > > 100. CreateDelegationTokenResponse/DescribeDelegationTokenResponse. It > > > seems that "validVersions" should be "0-2". > > > > > > 101. The option --users "owner1,owner2" in AclCommand. Since SSL user > > name > > > can include comma, perhaps we could use semicolon as the separator. > > > > > > Jun > > > > > > On Wed, Jan 15, 2020 at 2:11 AM Viktor Somogyi-Vass < > > > viktorsomo...@gmail.com> > > > wrote: > > > > > > > Hey folks, bumping this again as KIP freeze is nearing and I hope to > > get > > > > this into the next release. > > > > We need only one binding vote. > > > > > > > > Thanks, > > > > Viktor > > > > > > > > On Thu, Jan 9, 2020 at 1:56 PM Viktor Somogyi-Vass < > > > > viktorsomo...@gmail.com> > > > > wrote: > > > > > > > > > Bumping this in the hope of a vote or additional feedback. > > > > > > > > > > Viktor > > > > > > > > > > On Tue, Dec 3, 2019 at 1:07 PM Viktor Somogyi-Vass < > > > > > viktorsomo...@gmail.com> wrote: > > > > > > > > > >> Hi Folks, > > > > >> > > > > >> I'd like to bump this once more in the hope of a binding vote or > any > > > > >> additional feedback. > > > > >> > > > > >> Thanks, > > > > >> Viktor > > > > >> > > > > >> On Fri, Oct 25, 2019 at 2:24 PM Viktor Somogyi-Vass < > > > > >> viktorsomo...@gmail.com> wrote: > > > > >> > > > > >>> Hi All, > > > > >>> > > > > >>> Would like to bump this in the hope of one binding vote (or any > > > > >>> additional feedback). > > > > >>> > > > > >>> Thanks, > > > > >>> Viktor > > > > >>> > > > > >>> On Wed, Sep 18, 2019 at 5:25 PM Viktor Somogyi-Vass < > > > > >>> viktorsomo...@gmail.com> wrote: > > > > >>> > > > > >>>> Hi All, > > > > >>>> > > > > >>>> Harsha, Ryanne: thanks for the vote! > > > > >>>> > > > > >>>> I'd like to bump this again as today is the KIP freeze date and > > > there > > > > >>>> is still one binding vote needed which I'm hoping to get in > order > > to > > > > have > > > > >>>> this included in 2.4. > > > > >>>> > > > > >>>> Thanks, > > > > >>>> Viktor > > > > >>>> > > > > >>>> On Tue, Sep 17, 2019 at 1:18 AM Ryanne Dolan < > > ryannedo...@gmail.com > > > > > > > > >>>> wrote: > > > > >>>> > > > > >>>>> +1 non-binding > > > > >>>>> > > > > >>>>> Ryanne > > > > >>>>> > > > > >>>>> On Mon, Sep 16, 2019, 5:11 PM Harsha Ch <harsha...@gmail.com> > > > wrote: > > > > >>>>> > > > > >>>>> > +1 (binding). Thanks for the KIP Viktor > > > > >>>>> > > > > > >>>>> > Thanks, > > > > >>>>> > > > > > >>>>> > Harsha > > > > >>>>> > > > > > >>>>> > On Mon, Sep 16, 2019 at 3:02 AM, Viktor Somogyi-Vass < > > > > >>>>> > viktorsomo...@gmail.com > wrote: > > > > >>>>> > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > Hi All, > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > I'd like to bump this again in order to get some more > binding > > > > votes > > > > >>>>> > and/or > > > > >>>>> > > feedback in the hope we can push this in for 2.4. > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > Thank you Manikumar, Gabor and Ryanne so far for the votes! > > > (the > > > > >>>>> last two > > > > >>>>> > > were on the discussion thread after starting the vote but I > > > think > > > > >>>>> it > > > > >>>>> > still > > > > >>>>> > > counts :) ) > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > Thanks, > > > > >>>>> > > Viktor > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > On Wed, Aug 21, 2019 at 1:44 PM Manikumar < manikumar. > reddy@ > > > > >>>>> gmail. > > > > >>>>> > com ( > > > > >>>>> > > manikumar.re...@gmail.com ) > wrote: > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> Hi, > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> +1 (binding). > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> Thanks for the updated KIP. LGTM. > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> Thanks, > > > > >>>>> > >> Manikumar > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> On Tue, Aug 6, 2019 at 3:14 PM Viktor Somogyi-Vass < > > > > >>>>> viktorsomogyi@ > > > > >>>>> > gmail. > > > > >>>>> > >> com ( viktorsomo...@gmail.com ) > > > > > >>>>> > >> wrote: > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> Hi All, > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> Bumping this, I'd be happy to get some additional > feedback > > > > and/or > > > > >>>>> > votes. > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> Thanks, > > > > >>>>> > >>> Viktor > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> On Wed, Jul 31, 2019 at 11:04 AM Viktor Somogyi-Vass < > > > > >>>>> viktorsomogyi@ > > > > >>>>> > gmail. > > > > >>>>> > >>> com ( viktorsomo...@gmail.com ) > wrote: > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> Hi All, > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> I'd like to start a vote on this KIP. > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >> https:/ / cwiki. apache. org/ confluence/ display/ KAFKA/ > > > > >>>>> > > > > KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > > > >>>>> > >> ( > > > > >>>>> > >> > > > > >>>>> > > > > > >>>>> > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > > > >>>>> > >> ) > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > >>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> To summarize it: the proposed feature would allow users > > > > (usually > > > > >>>>> > >>>> superusers) to create delegation tokens for other users. > > > This > > > > is > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>> especially > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> helpful in Spark where the delegation token created this > > way > > > > >>>>> can be > > > > >>>>> > >>>> distributed to workers. > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> I'd be happy to receive any votes or additional > feedback. > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>>> Viktor > > > > >>>>> > >>>> > > > > >>>>> > >>>> > > > > >>>>> > >>> > > > > >>>>> > >>> > > > > >>>>> > >> > > > > >>>>> > >> > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > > > >>>>> > > > > >>>> > > > > > > > > > >
