+1. -Harsha On Fri, Feb 10, 2017 at 11:12 PM Manikumar <manikumar.re...@gmail.com> wrote:
> Yes, owners and the renewers can always describe their own tokens. Updated > the KIP. > > On Sat, Feb 11, 2017 at 3:12 AM, Jun Rao <j...@confluent.io> wrote: > > > Hi, Mani, > > > > Thanks for the update. Just a minor comment below. Otherwise, +1 from me. > > > > > > > > > > > > > > > 116. Could you document the ACL rules associated with those new > > requests? > > > > For example, do we allow any one to create, delete, describe > delegation > > > > tokens? > > > > > > > > > > > Currently we only allow a owner to create delegation token for that > owner > > > only. > > > Any thing the owner has permission to do, delegation tokens should be > > > allowed to do as well. We can also check renew and expire requests are > > > coming > > > from owner or renewers of the token. So we may not need ACLs for > > > create/renew/expire requests. > > > > > > For describe, we can add DESCRIBE operation on TOKEN Resource. In > future, > > > when we extend > > > the support to allow a user to acquire delegation tokens for other > users, > > > then we can enable > > > CREATE/DELETE operations. Updated the KIP. > > > > > > > > This sounds good. I guess the owner and the renewer can always describe > > their own tokens? > > > > Jun > > >
