> My goal in the protocol design was to keep the request simple and be able > to answer what I think are the 3 most common questions/requests > > - What ACLs are on the cluster? > - What access do I/they have? > - Who has access to this resource?
Thanks for clarifying. I think this is good. Perhaps just document this goal next to the protocol for the record :) > Isn't KIP-50 itself one gigantic compatibility concern? I don't see >> how your suggestions make it any worse... > > > >> Yes, I also think we should take this chance to improve the Authorizer >> interface >> to make it more suitable for the ACL Admin requests. > > > I agree we can address this in KIP-50. What I was getting at was that I > wanted to handle that discussion there. We voted on KIP-50 before 0.10 was > released with the intention that we could get it in. Now that 0.10 is > released and a longer time has gone by I am not sure if the opinion of > "breaking is okay" has changed. I will always prefer a backward compatible > approach if possible. Well, the entire KIP-50 discussion - both regarding compatibility and possible increased scope is probably out of context here. Especially since this proposal was written carefully to avoid any assumptions regarding other work. I suggest taking this in a separate thread. Gwen > Thank you, > Grant > > > On Fri, Jul 15, 2016 at 7:22 AM, Ismael Juma <ism...@juma.me.uk> wrote: > >> On Fri, Jul 15, 2016 at 6:45 AM, Gwen Shapira <g...@confluent.io> wrote: >> > >> > >> - I suggest this be addressed in KIP-50 as well, though it >> has >> > >> some compatibility concerns. >> > >> > Isn't KIP-50 itself one gigantic compatibility concern? I don't see >> > how your suggestions make it any worse... >> > >> >> Yes, I also think we should take this chance to improve the Authorizer >> interface to make it more suitable for the ACL Admin requests. >> >> Ismael >> > > > > -- > Grant Henke > Software Engineer | Cloudera > gr...@cloudera.com | twitter.com/gchenke | linkedin.com/in/granthenke
