Grant Henke created KAFKA-3329:
----------------------------------
Summary: Validation script to test expected behavior of Authorizer
implementations
Key: KAFKA-3329
URL: https://issues.apache.org/jira/browse/KAFKA-3329
Project: Kafka
Issue Type: Wish
Reporter: Grant Henke
The authorizer interface and documentation defines some of the expected
behavior of an Authorizer implementation. However, having real tests for a user
implementing their own authorizer would be useful. A script like:
{code}
kafka-validate-authorizer.sh --authorizer-class ...
{code}
could be used to validate:
* Expected operation inheritance
** Example: READ or WRITE automatically grants DESCRIBE
* Expected exceptions or handling of edge cases
** When I add the same ACL twice
** When I remove an ACL that is not set
** When both Deny and Allow are set?
** When no Acl is attached to a resource?
* Expected support for concurrent requests against multiple instances
These same tests could be part of the Authorizer integration tests for Kafka's
SimpleAuthorizer implementation.
Users would not be required to follow all of the "default" expectations. But
they would at least know what assumptions their implementation breaks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
