Ashish, I'm neutral on this (+0), but would be good to have feedback from Harsha and Parth. If you can get their "sounds good", we can probably get it through fairly soon and in time for 0.10.0.
Gwen On Wed, Mar 2, 2016 at 9:47 AM, Ashish Singh <asi...@cloudera.com> wrote: > Here is link to the KIP, > https://cwiki.apache.org/confluence/display/KAFKA/KIP-50+-+Enhance+Authorizer+interface+to+be+aware+of+supported+Principal+Types > > On Wed, Mar 2, 2016 at 9:46 AM, Ashish Singh <asi...@cloudera.com> wrote: > >> Hi Guys, >> >> I would like to initiate a discuss thread on KIP-50. Kafka authorizer is >> agnostic of principal types it supports, so are the acls CRUD methods >> in kafka.security.auth.Authorizer. The intent behind is to keep Kafka >> authorization pluggable, which is really great. However, this leads to Acls >> CRUD methods not performing any check on validity of acls, as they are not >> aware of what principal types Authorizer implementation supports. This >> opens up space for lots of user errors, KAFKA-3097 >> <https://issues.apache.org/jira/browse/KAFKA-3097> for an instance. >> >> This KIP proposes adding a getSupportedPrincipalTypes method to authorizer >> and use that for acls verification during acls CRUD. >> >> Feedbacks and comments are welcome. >> >> -- >> >> Regards, >> Ashish >> > > > > -- > > Regards, > Ashish
