Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2018-01-03 Thread Vahid S Hashemian
Thanks for the feedback and vote Ewen! Happy new year! --Vahid From: Ewen Cheslack-Postava To: dev@kafka.apache.org Date: 01/02/2018 09:49 PM Subject:Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API Late to the game here, but I'm +1 on this. Some o

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2018-01-02 Thread Ewen Cheslack-Postava
Date: 11/29/2017 03:18 PM > Subject:Re: [DISCUSS] KIP-231: Improve the Required ACL of > ListGroups API > > > > Completing the subject line :) > > > > From: "Vahid S Hashemian" > To: dev > Date: 11/29/2017 03:17 PM > Subject:

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-15 Thread Vahid S Hashemian
If there are no other feedback or suggestion on this KIP, I'll start a vote early next week. Thanks. --Vahid From: "Vahid S Hashemian" To: dev@kafka.apache.org Date: 11/29/2017 03:18 PM Subject: Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups AP

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-06 Thread Dong Lin
le to see the groups of my > > consumers without being exposed to other users' groups in the cluster. > > > > I hope I addressed your concerns. If I did not, or if I missed anything, > > please let me know. Thanks. > > > > Regards. > > --Vahid > > &g

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-05 Thread Vahid S Hashemian
Describe Group access is in place) an empty list is returned without any authorization error. --Vahid From: "Vahid S Hashemian" To: dev@kafka.apache.org Date: 12/05/2017 02:42 PM Subject: Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API Hi Dong,

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-05 Thread Vahid S Hashemian
:52 PM Subject:Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API Hey Vahid, Thank you for the explanation. I am still wondering whether you have a specific use-case for user to be able to list the groups for which he/she has Describe access. I tried to think through

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-05 Thread Vahid S Hashemian
Hi Ismael, Thanks for the pointer. That's a good example of how we already implemented a similar filtering. --Vahid From: Ismael Juma To: dev Date: 12/05/2017 01:24 AM Subject:Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API Sent by:

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-05 Thread Ismael Juma
One comment below. On Mon, Dec 4, 2017 at 11:40 PM, Dong Lin wrote: > In my opinion this changes the semantics of ListGroupsResponse in a > counter-intuitive way. Usually we use the ACL to determine whether the > operation on the specified object can be performed or not. The response > should pr

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Dong Lin
ns. If I did not, or if I missed anything, > please let me know. Thanks. > > Regards. > --Vahid > > > > > From: Dong Lin > To: dev@kafka.apache.org > Date: 12/04/2017 01:43 PM > Subject:Re: [DISCUSS] KIP-231: Improve the Required ACL of > ListGroup

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Ted Yu
he user should know > which group(s) he / she is allowed to describe." in relationship to the > KIP. Perhaps you can clarify? > > Thanks. > --Vahid > > > > > From: Ted Yu > To: dev@kafka.apache.org > Date: 12/04/2017 02:01 PM > Subject:Re: [

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Vahid S Hashemian
about "The user should know which group(s) he / she is allowed to describe." in relationship to the KIP. Perhaps you can clarify? Thanks. --Vahid From: Ted Yu To: dev@kafka.apache.org Date: 12/04/2017 02:01 PM Subject: Re: [DISCUSS] KIP-231: Improve the Required AC

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Vahid S Hashemian
r concerns. If I did not, or if I missed anything, please let me know. Thanks. Regards. --Vahid From: Dong Lin To: dev@kafka.apache.org Date: 12/04/2017 01:43 PM Subject: Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API I forgot another question. Can you

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Ted Yu
I agree with Dong on maintaining the semantics. The user should know which group(s) he / she is allowed to describe. Cheers On Mon, Dec 4, 2017 at 1:40 PM, Dong Lin wrote: > Hey Vahid, > > Thanks for the KIP. If I understand the you correctly, you want client to > be able to list all the group

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Dong Lin
I forgot another question. Can you provide a use-case where a user wants to list all groups for which he/she has the Describe access? Thanks, Dong On Mon, Dec 4, 2017 at 1:40 PM, Dong Lin wrote: > Hey Vahid, > > Thanks for the KIP. If I understand the you correctly, you want client to > be abl

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-12-04 Thread Dong Lin
Hey Vahid, Thanks for the KIP. If I understand the you correctly, you want client to be able to list all the groups for which it currently has the describe access. As of now the ListGroupRequest does not allow user to specify the group. If user does not have the Describe Cluster access, ListGroup

Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API

2017-11-29 Thread Vahid S Hashemian
Completing the subject line :) From: "Vahid S Hashemian" To: dev Date: 11/29/2017 03:17 PM Subject:[DISCUSS] KIP-231: Hi everyone, I started KIP-231 to propose a small change to the required ACL of ListGroups API (in response to KAFKA-5638): https://urldefense.proofpoint.