Thank you, Grant. This is lovely :) Few comments / requests for clarifications below:
>> ListAcls Request (Version: 0) => principal resource >> principal => NULLABLE_STRING >> resource => resource_type resource_name >> resource_type => INT8 >> resource_name => STRING I am a bit confused about specifying resources. resource_type is something like "TOPIC" and resource_name is a name of a specific topic? Can you clarify a bit more about the use here? Can I have regexp? Can I leave resource_name empty and have the ACLs for everything in a resource type? Also, can you describe the interaction between principal and resource? I assume that if I specify both, I get all ACLs for a principal for the resources specified, but just making sure :) >> Alter ACLs Request >> >> 3. ACLs with a delete action will be processed first and the add >> action second. >> 1. This is to prevent confusion about sort order and final state when >> a batch message is sent. >> 2. If an add request was processed first, it could be deleted right >> after. >> 3. Grouping ACLs by their action allows batching requests to the >> authorizer via the Authorizer.addAcls and Authorizer.removeAcls calls. I like this decision >> - I suggest this be addressed in KIP-50 as well, though it has >> some compatibility concerns. Isn't KIP-50 itself one gigantic compatibility concern? I don't see how your suggestions make it any worse...
