Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi all, KIP-430 proposed an new method to the Scala `Authorizer` trait with a default implementation so that existing implementations continue to work. But Scala 2.11 doesn't convert the default implementation in a trait to a default implementation in Java. So this breaks existing Java authorizer

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi All, While implementing KIP-430, we have added supportedOperations() method to kafka.security.auth.ResourceType public API. This will be used to maintain supported operations for a resourceType. Updated the KIP

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

If there are no other concerns or suggestions, I will start vote on this KIP later today. Thanks, Rajini On Mon, Feb 18, 2019 at 10:09 AM Rajini Sivaram wrote: > Hi Magnus, > > Have your concerns been addressed in the KIP? > > Thanks, > > Rajini > > On Wed, Feb 13, 2019 at 3:33 PM Satish Dugga

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi Magnus, Have your concerns been addressed in the KIP? Thanks, Rajini On Wed, Feb 13, 2019 at 3:33 PM Satish Duggana wrote: > Hi Rajini, > That makes sense, thanks for the clarification. > > Satish. > > On Wed, Feb 13, 2019 at 7:30 PM Rajini Sivaram > wrote: > > > > Thanks for the reviews!

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi Rajini, That makes sense, thanks for the clarification. Satish. On Wed, Feb 13, 2019 at 7:30 PM Rajini Sivaram wrote: > > Thanks for the reviews! > > Hi Satish, > > The authorised operations returned will use the same values as the > operations returned by the existing DescribeAclsResponse. A

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Thanks for the reviews! Hi Satish, The authorised operations returned will use the same values as the operations returned by the existing DescribeAclsResponse. AdminClient will return these using the existing enum AclOperation. Hi Magnus, The MetadataResponse contains these two lines: - Met

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi, Thanks for the KIP. 1. Can't we include IdempotentWrite/ClusterResource Operations for Cluster resource. 2. What will be the API behaviour when the authorizer is not configured?. I assume we return empty list. Thanks, Manikumar On Wed, Feb 13, 2019 at 12:33 AM Rajini Sivaram wrote: > Hi a

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hey Rajini, good work on the KIP! I'm personally not thrilled with piggy-backing the authorized_operations on existing APIs, it seems like a mix of concerns. Since there is already the notion of generic ResourceType,ResourceName tuples in the Admin API, I believe it would make more sense to add a

Re: [DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi Rajini, Thanks for the KIP. KIP proposes to add a new field called `authorized_operations` which is an array of Byte values. I guess these are APIKeys#id for respective operations. Do you plan to have an array of ids or an array of respective ApiKeys enum values in MetadataResponse/DescribGroups

[DISCUSS] KIP-430 - Return Authorized Operations in Describe Responses

Hi all, I have created a KIP to optionally request authorised operations on resources when describing resources: https://cwiki.apache.org/confluence/display/KAFKA/KIP-430+-+Return+Authorized+Operations+in+Describe+Responses This includes only information that users with Describe access can obtai