Since the KIP changed since my last vote, +1 (non-binding).
Rajini, do you want to wrap up the vote? It seems like we have 3 binding
+1s (Harsha, Gwen and Jun).
Ismael
On Tue, Mar 29, 2016 at 3:22 PM, Jun Rao <j...@confluent.io> wrote:
> Rajini,
>
> Thanks for the update. +1 on the proposal.
>
> Jun
>
> On Tue, Mar 29, 2016 at 3:32 AM, Rajini Sivaram <
> rajinisiva...@googlemail.com> wrote:
>
> > Jun,
> >
> > Thank you for reviewing the KIP. Answers below:
> >
> > 1. Yes, broker can specify *sasl.mechanism. *It is used for all
> client-mode
> > connections including that in inter-broker communication.
> >
> > 2. If *sasl.enabled.mechanisms* is not specified, the default value of
> > {'GSSAPI'} is used. If it is specified, only the protocols specified are
> > enabled. This enables brokers to be run with SASL without enabling GSSAPI
> > (as we do). Since GSSAPI requires complex Kerberos set up, it is useful
> to
> > have the ability to turn it off.
> >
> > 3. For the default SASL/PLAIN implementation included in Kafka, username
> > (authentication ID) is returned as principal.
> >
> > I will update the KIP to clarify these points.
> >
> > Thanks,
> >
> > Rajini
> >
> >
> > On Mon, Mar 28, 2016 at 6:17 PM, Jun Rao <j...@confluent.io> wrote:
> >
> > > Hi, Rajini,
> > >
> > > Sorry for the late response. The revised KIP looks good overall. Just a
> > few
> > > minor comments below.
> > >
> > > 1. Since the broker can also act as a client too (for inter broker
> > > communication), sasl.mechanism can also be specified in the broker
> > > configuration, right?
> > > 2. Since we enable GSSAPI by default, is it true that one only needs to
> > > specify non-GSSAPI mechanisms in sasl.enabled.mechanisms?
> > > 3. For SASL/PLAIN, could we describe what the Principal will
> > > Authenticator.principal()
> > > return?
> > >
> > > I will also take a look at the patch. However, since we are getting
> > pretty
> > > close to 0.10.0.0 release, I think we likely will have to leave this
> out
> > of
> > > 0.10.0.0.
> > >
> > > Thanks,
> > >
> > > Jun
> > >
> > > On Thu, Mar 24, 2016 at 2:21 PM, Gwen Shapira <g...@confluent.io>
> wrote:
> > >
> > > > I'm afraid it will be a challenge.
> > > >
> > > > I see few options:
> > > > 1. Jun should be back in the office tomorrow. If he votes +1 and
> agrees
> > > > that the PR is ready to merge and is safe and important enough to
> > > > double-commit - this could get in yet.
> > > > 2. Same as above, but not in time for the Monday release candidate.
> In
> > > this
> > > > case, we can get it into 0.10.0.0 if we find other blockers and need
> to
> > > > roll-out another RC.
> > > > 3. (most likely) We will finish the vote and review but not in time
> for
> > > > 0.10.0.0. In this case, 0.10.1.0.0 should be out in around 3 month,
> and
> > > > we'll get it in there. You'll be in good company with KIP-35, KIP-4,
> > > KIP-48
> > > > and few other things that are close to done, are super critical but
> are
> > > > just not ready in time. Thats why we are trying to release more
> often.
> > > >
> > > > Gwen
> > > >
> > > > On Thu, Mar 24, 2016 at 2:08 PM, Rajini Sivaram <
> > > > rajinisiva...@googlemail.com> wrote:
> > > >
> > > > > Gwen,
> > > > >
> > > > > Ah, I clearly don't know the rules. So it looks like it would not
> > > really
> > > > be
> > > > > possible to get this into 0.10.0.0 after all.
> > > > >
> > > > > Rajini
> > > > >
> > > > > On Thu, Mar 24, 2016 at 8:38 PM, Gwen Shapira <g...@confluent.io>
> > > wrote:
> > > > >
> > > > > > Rajini,
> > > > > >
> > > > > > I think the vote didn't pass yet?
> > > > > > If I can see correctly, Harsha and I are the only committers who
> > > voted,
> > > > > so
> > > > > > we are missing a 3rd vote.
> > > > > >
> > > > > > Gwen
> > > > > >
> > > > > > On Thu, Mar 24, 2016 at 11:24 AM, Rajini Sivaram <
> > > > > > rajinisiva...@googlemail.com> wrote:
> > > > > >
> > > > > > > Gwen,
> > > > > > >
> > > > > > > Thank you. I have pinged Ismael, Harsha and Jun Rao for PR
> > review.
> > > If
> > > > > any
> > > > > > > of them has time for reviewing the PR, I will update the PR
> over
> > > the
> > > > > > > weekend. If you can suggest any other reviewers, I can ping
> them
> > > too.
> > > > > > >
> > > > > > > Many thanks.
> > > > > > >
> > > > > > > On Thu, Mar 24, 2016 at 5:03 PM, Gwen Shapira <
> g...@confluent.io
> > >
> > > > > wrote:
> > > > > > >
> > > > > > > > This can be discussed in the review.
> > > > > > > > If there's good test coverage, is low risk and passes review
> > and
> > > > gets
> > > > > > > > merged before Monday morning...
> > > > > > > >
> > > > > > > > We won't be doing an extra release candidate just for this
> > > though.
> > > > > > > >
> > > > > > > > Gwen
> > > > > > > >
> > > > > > > > On Thu, Mar 24, 2016 at 1:21 AM, Rajini Sivaram <
> > > > > > > > rajinisiva...@googlemail.com> wrote:
> > > > > > > >
> > > > > > > > > Gwen,
> > > > > > > > >
> > > > > > > > > Is it still possible to include this in 0.10.0.0?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > >
> > > > > > > > > Rajini
> > > > > > > > >
> > > > > > > > > On Wed, Mar 23, 2016 at 11:08 PM, Gwen Shapira <
> > > > g...@confluent.io>
> > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > Sorry! Got distracted by the impending release!
> > > > > > > > > >
> > > > > > > > > > +1 on the current revision of the KIP.
> > > > > > > > > >
> > > > > > > > > > On Wed, Mar 23, 2016 at 3:33 PM, Harsha <ka...@harsha.io
> >
> > > > wrote:
> > > > > > > > > >
> > > > > > > > > > > Any update on this. Gwen since the KIP is adjusted to
> > > address
> > > > > the
> > > > > > > > > > > pluggable classes we should make a move on this.
> > > > > > > > > > >
> > > > > > > > > > > Rajini,
> > > > > > > > > > > Can you restart the voting thread.
> > > > > > > > > > >
> > > > > > > > > > > Thanks,
> > > > > > > > > > > Harsha
> > > > > > > > > > >
> > > > > > > > > > > On Wed, Mar 16, 2016, at 06:42 AM, Rajini Sivaram
> wrote:
> > > > > > > > > > > > As discussed in the KIP meeting yesterday, the scope
> of
> > > > > KIP-43
> > > > > > > has
> > > > > > > > > been
> > > > > > > > > > > > reduced so that it can be integrated into 0.10.0.0.
> The
> > > > > updated
> > > > > > > KIP
> > > > > > > > > is
> > > > > > > > > > > > here:
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-43%3A+Kafka+SASL+enhancements
> > > > > > > > > > > > .
> > > > > > > > > > > >
> > > > > > > > > > > > Can we continue the vote on the updated KIP?
> > > > > > > > > > > >
> > > > > > > > > > > > Thank you,
> > > > > > > > > > > >
> > > > > > > > > > > > Rajini
> > > > > > > > > > > >
> > > > > > > > > > > > On Thu, Mar 10, 2016 at 2:09 AM, Gwen Shapira <
> > > > > > g...@confluent.io
> > > > > > > >
> > > > > > > > > > wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > > Harsha,
> > > > > > > > > > > > >
> > > > > > > > > > > > > Since you are clearly in favor of the KIP, do you
> > mind
> > > > > > jumping
> > > > > > > > into
> > > > > > > > > > > > > the discussion thread and help me understand the
> > > decision
> > > > > > > behind
> > > > > > > > > the
> > > > > > > > > > > > > configuration parameters only allowing a single
> Login
> > > and
> > > > > > > > > > > > > CallbackHandler class? This seems too limiting to
> me,
> > > and
> > > > > > while
> > > > > > > > > > Rajini
> > > > > > > > > > > > > is trying hard to convince me otherwise, I remain
> > > > doubtful.
> > > > > > > > Perhaps
> > > > > > > > > > > > > (since we have similar experience with Hadoop), you
> > can
> > > > > help
> > > > > > me
> > > > > > > > see
> > > > > > > > > > > > > what I am missing.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Gwen
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Wed, Mar 9, 2016 at 12:02 PM, Harsha <
> > > ka...@harsha.io
> > > > >
> > > > > > > wrote:
> > > > > > > > > > > > > > +1 (binding)
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On Tue, Mar 8, 2016, at 02:37 AM, tao xiao wrote:
> > > > > > > > > > > > > >> +1 (non-binding)
> > > > > > > > > > > > > >>
> > > > > > > > > > > > > >> On Tue, 8 Mar 2016 at 05:33 Andrew Schofield <
> > > > > > > > > > > > > >> andrew_schofield_j...@outlook.com> wrote:
> > > > > > > > > > > > > >>
> > > > > > > > > > > > > >> > +1 (non-binding)
> > > > > > > > > > > > > >> >
> > > > > > > > > > > > > >> > ----------------------------------------
> > > > > > > > > > > > > >> > > From: ism...@juma.me.uk
> > > > > > > > > > > > > >> > > Date: Mon, 7 Mar 2016 19:52:11 +0000
> > > > > > > > > > > > > >> > > Subject: Re: [VOTE] KIP-43: Kafka SASL
> > > > enhancements
> > > > > > > > > > > > > >> > > To: dev@kafka.apache.org
> > > > > > > > > > > > > >> > >
> > > > > > > > > > > > > >> > > +1 (non-binding)
> > > > > > > > > > > > > >> > >
> > > > > > > > > > > > > >> > > On Thu, Mar 3, 2016 at 10:37 AM, Rajini
> > Sivaram
> > > <
> > > > > > > > > > > > > >> > > rajinisiva...@googlemail.com> wrote:
> > > > > > > > > > > > > >> > >
> > > > > > > > > > > > > >> > >> I would like to start the voting process
> for
> > > > > *KIP-43:
> > > > > > > > Kafka
> > > > > > > > > > > SASL
> > > > > > > > > > > > > >> > >> enhancements*. This KIP extends the SASL
> > > > > > implementation
> > > > > > > > in
> > > > > > > > > > > Kafka to
> > > > > > > > > > > > > >> > support
> > > > > > > > > > > > > >> > >> new SASL mechanisms to enable Kafka to be
> > > > > integrated
> > > > > > > with
> > > > > > > > > > > different
> > > > > > > > > > > > > >> > >> authentication servers.
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >> The KIP is available here for reference:
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> >
> > > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-43:+Kafka+SASL+enhancements
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >> And here's is a link to the discussion on
> the
> > > > > mailing
> > > > > > > > list:
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> >
> > > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://mail-archives.apache.org/mod_mbox/kafka-dev/201601.mbox/%3CCAOJcB39b9Vy7%3DZEM3tLw2zarCS4A_s-%2BU%2BC%3DuEcWs0712UaYrQ%40mail.gmail.com%3E
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >> Thank you...
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >> Regards,
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> > >> Rajini
> > > > > > > > > > > > > >> > >>
> > > > > > > > > > > > > >> >
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > --
> > > > > > > > > > > > Regards,
> > > > > > > > > > > >
> > > > > > > > > > > > Rajini
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Regards,
> > > > > > > > >
> > > > > > > > > Rajini
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Rajini
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Rajini
> > > > >
> > > >
> > >
> >
> >
> >
> > --
> > Regards,
> >
> > Rajini
> >
>
