[
https://issues.apache.org/jira/browse/KAFKA-1688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14506469#comment-14506469
]
Parth Brahmbhatt commented on KAFKA-1688:
-----------------------------------------
I would like to create 3 subtasks so I can brake down the code reviews in more
manageable pieces but I don't see the option to add subtasks to this jira, may
be because it is already a subtask? I would like to create the following
subtasks:
* Public classes and interfaces with changes to KafkaServer and KafkaAPI. This
should unblock any custom authorization work like Ranger or Santry.
* Default out of box implementation of Authorizer.
* CLI for acl management.
> Add authorization interface and naive implementation
> ----------------------------------------------------
>
> Key: KAFKA-1688
> URL: https://issues.apache.org/jira/browse/KAFKA-1688
> Project: Kafka
> Issue Type: Sub-task
> Components: security
> Reporter: Jay Kreps
> Assignee: Parth Brahmbhatt
> Fix For: 0.8.3
>
> Attachments: KAFKA-1688_2015-04-10_11:08:39.patch
>
>
> Add a PermissionManager interface as described here:
> https://cwiki.apache.org/confluence/display/KAFKA/Security
> (possibly there is a better name?)
> Implement calls to the PermissionsManager in KafkaApis for the main requests
> (FetchRequest, ProduceRequest, etc). We will need to add a new error code and
> exception to the protocol to indicate "permission denied".
> Add a server configuration to give the class you want to instantiate that
> implements that interface. That class can define its own configuration
> properties from the main config file.
> Provide a simple implementation of this interface which just takes a user and
> ip whitelist and permits those in either of the whitelists to do anything,
> and denies all others.
> Rather than writing an integration test for this class we can probably just
> use this class for the TLS and SASL authentication testing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
