Harsha, The sample configuration under https://cwiki.apache.org/confluence/display/KAFKA/KIP-55%3A+Secure+Quotas+for+Authenticated+Users#KIP-55:SecureQuotasforAuthenticatedUsers-QuotaConfiguration shows the Zookeeper data for different scenarios.
- *user1* (/users/user1 in ZK) has only user-level quotas - *user2* (/users/user2 in ZK) defines user-level quotas and sub-quotas for clients *clientA* and *clientB*. Other client-ids of *user2* share the remaining quota of *user2*. On Wed, Jun 15, 2016 at 5:30 PM, Harsha <ka...@harsha.io> wrote: > Rajini, > How does sub-quotas works in case of authenticated users. > Where are we maintaining the relation between users and their > client Ids. Can you add an example of zk data under /users. > Thanks, > Harsha > > On Mon, Jun 13, 2016, at 05:01 AM, Rajini Sivaram wrote: > > I have updated KIP-55 to reflect the changes from the discussions in the > > voting thread ( > > https://www.mail-archive.com/dev@kafka.apache.org/msg51610.html). > > > > Jun/Gwen, > > > > Existing client-id quotas will be used as default client-id quotas for > > users when no user quotas are configured - i.e., default user quota is > > unlimited and no user-specific quota override is specified. This enables > > user rate limits to be configured for ANONYMOUS if required in a cluster > > that has both PLAINTEXT and SSL/SASL. By default, without any user rate > > limits set, rate limits for client-ids will apply, retaining the current > > client-id quota configuration for single-user clusters. > > > > Zookeeper will have two paths /clients with client-id quotas that apply > > only when user quota is unlimited similar to now. And /users which > > persists > > user quotas for any user including ANONYMOUS. > > > > Comments and feedback are appreciated. > > > > Regards, > > > > Rajini > > > > > > On Wed, Jun 8, 2016 at 9:00 PM, Rajini Sivaram > > <rajinisiva...@googlemail.com > > > wrote: > > > > > Jun, > > > > > > Oops, sorry, I hadn't realized that the last note was on the discuss > > > thread. Thank you for pointing it out. I have sent another note for > voting. > > > > > > > > > On Wed, Jun 8, 2016 at 4:30 PM, Jun Rao <j...@confluent.io> wrote: > > > > > >> Rajini, > > >> > > >> Perhaps it will be clearer if you start the voting in a new thread > (with > > >> VOTE in the subject). > > >> > > >> Thanks, > > >> > > >> Jun > > >> > > >> On Tue, Jun 7, 2016 at 1:55 PM, Rajini Sivaram < > > >> rajinisiva...@googlemail.com > > >> > wrote: > > >> > > >> > I would like to initiate the vote for KIP-55. > > >> > > > >> > The KIP details are here: KIP-55: Secure quotas for authenticated > users > > >> > < > > >> > > > >> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-55%3A+Secure+Quotas+for+Authenticated+Users > > >> > > > > >> > . > > >> > > > >> > The JIRA KAFKA-3492 < > https://issues.apache.org/jira/browse/KAFKA-3492 > > >> > >has > > >> > a draft PR here: https://github.com/apache/kafka/pull/1256. > > >> > > > >> > Thank you... > > >> > > > >> > > > >> > Regards, > > >> > > > >> > Rajini > > >> > > > >> > > > > > > > > > > > > -- > > > Regards, > > > > > > Rajini > > > > > > > > > > > -- > > Regards, > > > > Rajini > -- Regards, Rajini
