Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-05-19 Thread parth brahmbhatt
the wiki. I think that we > > >> can decouple the problem of "token distribution" from "shared secret > > >> distribution" and use the controller as the only token generator to > > >> solve the second issue, while still using ZK async to distr

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-05-23 Thread parth brahmbhatt
meeting invite. We can discuss this in the meeting > > tomorrow. > > > > Thanks, > > > > Jun > > > > On Thu, May 19, 2016 at 8:47 AM, Harsha wrote: > > > >> Hi All, > >>Can we have a KIP meeting around this. The KIP is u

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-05-24 Thread parth brahmbhatt
gt; https://tools.ietf.org/html/rfc7677 describes the protocol for > > > > SCRAM-SHA-256. > > > > > > > > On Tue, May 24, 2016 at 2:37 AM, Jun Rao wrote: > > > > > > > > > Parth, > > > > > > > > > &

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-06-21 Thread parth brahmbhatt
PM, Harsha wrote: > >> > Jun & Ismael, > >> > Unfortunately I couldn't attend the KIP > meeting > >> > when delegation tokens discussed. Appreciate > if > >> >

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-06-28 Thread parth brahmbhatt
>> 1. Who / how are tokens renewed? By original requester only? or > using > > > >> Kerberos auth only? > > > >> 2. Are tokens stored on each broker or in ZK? > > > >> 3. How are tokens invalidated / expired? > > > >> 4. Which e

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-29 Thread Parth Brahmbhatt
ation Uis like (Ranger-Argus not sure what are they calling it now). On Wed, Mar 25, 2015 at 9:26 PM, Neha Narkhede mailto:n...@confluent.io>> wrote: Parth, We can make some 15 mins or so to discuss this at the next KIP hangout. Thanks, Neha On Wed, Mar 25, 2015 at 1:07 PM, Parth Brahm

Re: Review Request 32460: Patch for KAFKA-2035

2015-03-31 Thread Parth Brahmbhatt
EATION Diff: https://reviews.apache.org/r/32460/diff/ Testing (updated) --- unit tests added. Thanks, Parth Brahmbhatt

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-31 Thread Parth Brahmbhatt
n encoding/decoding used by kafka is already failing for me when I try to parse a map that has an already json encoded string as value for some key. Jun On Sun, Mar 29, 2015 at 3:56 PM, Parth Brahmbhatt < pbrahmbh...@hortonworks.com<mailto:pbrahmbh...@hortonworks.com>> wrote: Hi Gw

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-31 Thread Parth Brahmbhatt
ementation can be reused. >>> >>>23. Authorizer: >>>23.1 Do cluster level operations go through authorize() too? If so, what >>>will be the resource? >>>23.2 I assume that the authorize() check will be called on every >>>request. >>>So,

Review Request 32942: Patch for KAFKA-1688

2015-04-07 Thread Parth Brahmbhatt
mmands and TopicConfigCache. Thanks, Parth Brahmbhatt

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-15 Thread Parth Brahmbhatt
a round trip to a DNS server, which is insecure anyway). On 3/25/15, 1:07 PM, "Parth Brahmbhatt" mailto:pbrahmbh...@hortonworks.com>> wrote: Hi all, I have modified the KIP to reflect the recent change request from the reviewers. I have been working on the code and I have the

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-15 Thread Parth Brahmbhatt
ere isn’t a way to map >>that to a hostname without a round trip to a DNS server, which is >>insecure >>anyway). >> >> >>On 3/25/15, 1:07 PM, "Parth Brahmbhatt" >>wrote: >> >>>Hi all, >>> >>>I have modified the KIP to re

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-15 Thread Parth Brahmbhatt
gt;is today? > >Thanks. > >Tong > >Sent from my iPhone > >> On Apr 15, 2015, at 1:51 PM, Parth Brahmbhatt > wrote: >> >> Hi Michael, >> >> There is code in kafka codebase that reads and interprets the topic >config JSON which has acls, owner and lo

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-15 Thread Parth Brahmbhatt
proposed broker configs, their types and names * The Authorizer interface and the Acl structure * The command line options being added, their name and types * The new structure of topic config which is being stored in zookeeper Thanks Parth On 4/15/15, 12:53 PM, "Parth Brahmbhatt" wr

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-15 Thread Parth Brahmbhatt
m a little confused: why would Kafka need to interpret the JSON? IIRC >KIP-11 even says that the TopicConfigData will just store the JSON. I’m >not really making a design recommendation here, just trying to understand >what you’re proposing. > >On 4/15/15, 11:20 AM, "Parth Brahmbha

Re: [DISCUSSION] KIP-11: ACL Management

2015-04-17 Thread Parth Brahmbhatt
I was following the storm model but I think this is a reasonable change. I recommend changing the API names to addAcls, removeAcls and getAcls. Couple of points to ensure we are on same page: * With this approach the kafka command line will not provide a way to add/edit acls during topic creatio

Re: [DISCUSSION] KIP-11: ACL Management

2015-04-17 Thread Parth Brahmbhatt
AM, "Gwen Shapira" wrote: >On Fri, Apr 17, 2015 at 9:31 AM, Parth Brahmbhatt > wrote: >> I was following the storm model but I think this is a reasonable >>change. I recommend changing the API names to addAcls, removeAcls and >>getAcls. > >And they p

Re: [DISCUSSION] KIP-11: ACL Management

2015-04-17 Thread Parth Brahmbhatt
) > >Or maybe including the json parsing code in TopicCommand is not so bad? > > > >On Fri, Apr 17, 2015 at 10:30 AM, Parth Brahmbhatt > wrote: >> * Yes, Acl pretty much captures everything. Originally I had resource as >> part of Acls, we can go back to that. >>

Re: [DISCUSSION] KIP-11: ACL Management

2015-04-17 Thread Parth Brahmbhatt
ith >Ranger(Argus), does Hive do authorization through a separate CLI? > >Thanks, > >Jun > > >On Fri, Apr 17, 2015 at 11:01 AM, Parth Brahmbhatt < >pbrahmbh...@hortonworks.com> wrote: > >> We could do this but I think its too simplistic plus now we are adding

Re: [DISCUSSION] KIP-11: ACL Management

2015-04-17 Thread Parth Brahmbhatt
I looked into the consumer offset storage and it seems like for acl storage we should not need something as complex. Consumer offset has different throughput requirements which is why I think it made sense to move away from zookeeper. Acls on the other hand seldom change and because of the caching

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-20 Thread Parth Brahmbhatt
arth, >> >>Sorry to chime in so late, but I’ve got a minor question on the KIP. >> >>Several methods take a parameter named “host” of type String. Is that >>intended to be a hostname, or an IP address? If the former, I’m curious >>as >>to how that’s found (i

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-20 Thread Parth Brahmbhatt
and rule2 denies user2. Does user3 have access? If not, does removing >rule1 >enable user3 access? > >Thanks, > >Jun > >On Mon, Apr 20, 2015 at 1:34 PM, Parth Brahmbhatt < >pbrahmbh...@hortonworks.com> wrote: > >> >> Hi Joel, >> >> Thanks for th

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-20 Thread Parth Brahmbhatt
hanks >> Parth >> >> On 4/20/15, 12:03 PM, "Jun Rao" wrote: >> >> >Just a followup question. Suppose there are two rules. Rule1 allows >>user1 >> >and rule2 denies user2. Does user3 have access? If not, does removing >> >rule1 >

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-20 Thread Parth Brahmbhatt
The iptables on unix supports the DENY operator, not that it should matter. The deny operator can also be used to specify ³allow user1 to READ from topic1 from all hosts but host1,host2². Again we could add a host group semantic and extra complexity around that, not sure if its worth it. In additio

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-21 Thread Parth Brahmbhatt
Perhaps we can clarify >>>the >>> meaning of those rules in the wiki. >>> >>> Related to this, it seems that we need to support wildcard in >>>cli/request >>> protocol for topics? >>> >>> Jun >>> >>> On Mon, A

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-21 Thread Parth Brahmbhatt
ki. > >Related to this, it seems that we need to support wildcard in cli/request >protocol for topics? > >Jun > >On Mon, Apr 20, 2015 at 9:07 PM, Parth Brahmbhatt < >pbrahmbh...@hortonworks.com> wrote: > >> The iptables on unix supports the DENY operator, not th

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-21 Thread Parth Brahmbhatt
-a malicious person >>can >> cause data loss or duplicates for another consumer by committing offset. >> >> I think I favor (2) but it's worth it to think it through. >> >> -Jay >> >> On Tue, Apr 21, 2015 at 2:43 PM, Parth Brahmbhatt < &g

Review Request 33431: Patch for KAFKA-1688

2015-04-21 Thread Parth Brahmbhatt
2c768e762f61f92448c6a6 Diff: https://reviews.apache.org/r/33431/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-22 Thread Parth Brahmbhatt
) are there configs for cluster level acl defaults? Or does it default >to superusers on bringing up new cluster and you have to modify with cli. >thanks,Tom No defaults, the default is superusers will have full access. I don’t think making assumptions about ones security requirement should

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-22 Thread Parth Brahmbhatt
mailto:tgraves...@yahoo.com>> Reply-To: Tom Graves mailto:tgraves...@yahoo.com>> Date: Wednesday, April 22, 2015 at 11:02 AM To: Parth Brahmbhatt mailto:pbrahmbh...@hortonworks.com>>, "dev@kafka.apache.org<mailto:dev@kafka.apache.org>" mailto:dev@kafka.apache.o

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-22 Thread Parth Brahmbhatt
class API will just scan all topic acls and apply filtering logic. Thanks Parth On 4/22/15, 11:08 AM, "Parth Brahmbhatt" wrote: >Please see all the available options here >https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+I >nterface#KIP-11-Authorizati

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-22 Thread Parth Brahmbhatt
You are right , I forgot to mention the ―operation option in CLI , I just added it. Sorry for about the confusion. Thanks Parth On 4/22/15, 11:22 AM, "Parth Brahmbhatt" wrote: >Sorry I missed your last questions. I am +0 on adding ―host option for >―list, we could add it for sy

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-04-22 Thread Parth Brahmbhatt
y standardize on group >authorization anyway, are we complicating that issue with the inclusion of >hosts attached to users? Additionally I worry about the debt of big JSON >configs in the first place, most non-developers find them non-intuitive >already, so anything to ease this I think

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
Hi, I would like to open KIP-11 for voting. Thanks Parth On 4/22/15, 1:56 PM, "Parth Brahmbhatt" wrote: >Hi Jeff, > >Thanks a lot for the review. I think you have a valid point about acls >being duplicated and the simplest solution would be to modify acls class

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
;* Can you clearly separate which parts are the API (common to every >Authorizer) and which parts are DefaultAuthorizer implementation? It >will make reviews and Authorizer implementations a bit easier to know >exactly which is which. > >Gwen > >On Fri, Apr 24, 2015 at 9:28 AM, Parth

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
gt;Am I wrong? Or is it the KIP? > >On Fri, Apr 24, 2015 at 9:49 AM, Parth Brahmbhatt > wrote: >> Thanks for clarifying Gwen, KIP updated. >> >> I tried to make the distinction by creating a section for all public >>APIs >> >>https://cwiki.apache.org

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
quot;], >> "principals":["alice","kafka-devs" >> >> >> >> >> >> 3) The advantage of all of this is that it now provides more flexibility >> for custom modules for both authentication and authorization movin

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
of it getting created? > >Its all small details, but it will be difficult to implement KIP-11 >without knowing the answers :) > >Gwen > > >On Fri, Apr 24, 2015 at 9:58 AM, Parth Brahmbhatt > wrote: >> You are right, moved it to the default implementation section.

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-24 Thread Parth Brahmbhatt
talking about same Groups :) > >I meant, Groups of consumers (which KIP-11 lists as a separate >resource in the Privilege table) > >On Fri, Apr 24, 2015 at 11:31 AM, Parth Brahmbhatt > wrote: >> I see Groups as something we can add incrementally in the current model. >>

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-27 Thread Parth Brahmbhatt
it also be at >topic level? For example, perhaps it's useful to allow only user X to >create topic X. > >Thanks, > >Jun > > >On Sun, Apr 26, 2015 at 12:36 AM, Gwen Shapira >wrote: > >> Thanks for clarifying, Parth. I think you are taking the right app

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-27 Thread Parth Brahmbhatt
confused with user group. > >101. Currently, create is only at the cluster level. Should it also be at >topic level? For example, perhaps it's useful to allow only user X to >create topic X. > >Thanks, > >Jun > > >On Sun, Apr 26, 2015 at 12:36 AM, Gwen Shap

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-27 Thread Parth Brahmbhatt
lso, with the current api, what would the admin do to replicate the acls >from one cluster to another? Will she just list all acls from cli and >reissue them to another cluster periodically? > >Thanks, > >Jun > >On Mon, Apr 27, 2015 at 10:56 AM, Parth Brahmbhatt < >pbrahmbh

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-30 Thread Parth Brahmbhatt
>> > > >* Acl storage is indexed by resource right now because that is the >> > > primary lookup id for all authorize operations. Given acls are >>cached >> > > I don't see the need to optimized the storage layer any further for >> > lo

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-30 Thread Parth Brahmbhatt
I also wanted to send ping to all he committers. This voting thread has been open for > 1 week and has 2 non-bindng +1s. I would appreciate if the committers raised their concerns or casted their votes. Thanks Parth On 4/30/15, 9:52 AM, "Parth Brahmbhatt" wrote: >Hi Joe, Thank

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-30 Thread Parth Brahmbhatt
it - Many systems intentionally don't return AuthorizationException >>when >> READ privilege is missing, since this already gives too much information >> (that the topic exists and that you don't have privileges on it). >>Instead >> they return a variant of

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-30 Thread Parth Brahmbhatt
have clis so should be fine. * If you are concerned about json parsing , given authorizer is going to cache acls on its end this should be relatively infrequent. Let me know if you were pointing at something completely different. Thanks Parth On 4/30/15, 12:15PM, "Parth Brahmbhatt" w

Re: [VOTE] KIP-11- Authorization design for kafka security

2015-04-30 Thread Parth Brahmbhatt
n how "Mirror maker will have to start using new acl >management tool") and it not affect any other client. If you aren't >changing the wire protocol then how do clients use it? > >~ Joe stein > > >On Thu, Apr 30, 2015 at 3:15 PM, Parth Brahmbhatt < >pbrahmbh

Re: [DISCUSS] Using GitHub Pull Requests for contributions and code review

2015-05-01 Thread Parth Brahmbhatt
+1. Thanks Parth On 5/1/15, 12:38 AM, "Ewen Cheslack-Postava" wrote: >Also +1. There are some drawbacks to using Github for reviews, e.g. lots >of >emails for each review because they don't let you publish your entire >review in one go like RB does, but it drastically lowers the barrier to >co

[GitHub] kafka pull request: KAFKA-2169: Moving to zkClient 0.5 release.

2015-05-07 Thread Parth-Brahmbhatt
GitHub user Parth-Brahmbhatt opened a pull request: https://github.com/apache/kafka/pull/61 KAFKA-2169: Moving to zkClient 0.5 release. You can merge this pull request into a Git repository by running: $ git pull https://github.com/Parth-Brahmbhatt/kafka KAFKA-2169

Review Request 34047: Patch for KAFKA-2169

2015-05-11 Thread Parth Brahmbhatt
861b7f644941f88ce04a4e95f6b28d18bf1db16d Diff: https://reviews.apache.org/r/34047/diff/ Testing --- Thanks, Parth Brahmbhatt

Review Request 34050: Patch for KAFKA-2169

2015-05-11 Thread Parth Brahmbhatt
/KafkaHealthcheck.scala 861b7f644941f88ce04a4e95f6b28d18bf1db16d Diff: https://reviews.apache.org/r/34050/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 34050: Patch for KAFKA-2169

2015-05-11 Thread Parth Brahmbhatt
/KafkaController.scala a6351163f5b6f080d6fa50bcc3533d445fcbc067 core/src/main/scala/kafka/server/KafkaHealthcheck.scala 861b7f644941f88ce04a4e95f6b28d18bf1db16d Diff: https://reviews.apache.org/r/34050/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 34050: Patch for KAFKA-2169

2015-05-11 Thread Parth Brahmbhatt
ent134200> Why would we want to do this? If the listeners are invoked twice as long as both of them exit whichever one gets invoked first will just kill the process and the other one will not be invoked. Why would we care which System.exit kills the process? - Parth Brahmbhatt On May 11, 20

Re: Review Request 34050: Patch for KAFKA-2169

2015-05-12 Thread Parth Brahmbhatt
tps://reviews.apache.org/r/34050/#comment134408> I don't understand why this needs to be done which is why I haven't addressed it. Can you elloborate why would it matter which one of the 2 calls exits the process? - Parth Brahmbhatt On May 11, 2015, 8:53 p.m., Parth

[Vote] KIP-11 Authorization design for kafka security

2015-05-15 Thread Parth Brahmbhatt
Hi, Opening the voting thread for KIP-11. Link to the KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface Link to Jira: https://issues.apache.org/jira/browse/KAFKA-1688 Thanks Parth

Re: Review Request 34050: Patch for KAFKA-2169

2015-05-15 Thread Parth Brahmbhatt
38f4ec0bd1b388cc8fc04b38bbb2e7aaa1c3f43b core/src/main/scala/kafka/controller/KafkaController.scala a6351163f5b6f080d6fa50bcc3533d445fcbc067 core/src/main/scala/kafka/server/KafkaHealthcheck.scala 861b7f644941f88ce04a4e95f6b28d18bf1db16d Diff: https://reviews.apache.org/r/34050/diff/ Testing --- Thanks, Parth

Review Request 34492: Patch for KAFKA-2210

2015-05-20 Thread Parth Brahmbhatt
/server/KafkaConfigConfigDefTest.scala 8014a5a6c362785539f24eb03d77278434614fe6 Diff: https://reviews.apache.org/r/34492/diff/ Testing --- Thanks, Parth Brahmbhatt

Review Request 34493: Patch for KAFKA-2211

2015-05-20 Thread Parth Brahmbhatt
/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala PRE-CREATION Diff: https://reviews.apache.org/r/34493/diff/ Testing --- Thanks, Parth Brahmbhatt

Review Request 34494: Patch for KAFKA-2212

2015-05-20 Thread Parth Brahmbhatt
://reviews.apache.org/r/34494/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: [Vote] KIP-11 Authorization design for kafka security

2015-05-20 Thread Parth Brahmbhatt
This vote is now Closed with 4 binding +1s and 4 non binding +1s. Thanks Parth On 5/20/15, 12:04 PM, "Joel Koshy" wrote: >+1 > >On Fri, May 15, 2015 at 04:18:49PM +0000, Parth Brahmbhatt wrote: >> Hi, >> >> Opening the voting thread for KI

Re: [Vote] KIP-11 Authorization design for kafka security

2015-05-21 Thread Parth Brahmbhatt
e status of the KIP in the >wiki? > >Thanks, > >Jun > >On Wed, May 20, 2015 at 2:37 PM, Parth Brahmbhatt < >pbrahmbh...@hortonworks.com> wrote: > >> This vote is now Closed with 4 binding +1s and 4 non binding +1s. >> >> Thanks >> Parth >&g

[Bump] Code review for KIP-11

2015-05-29 Thread Parth Brahmbhatt
Hi, Can someone please review the following CRs: Public entities and interfaces with changes to KafkaAPI and KafkaServer: https://reviews.apache.org/r/34492/diff/ Actual Implementation: https://reviews.apache.org/r/34493/diff/ CLI: https://reviews.apache.org/r/34494/diff/ Thanks Parth

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt
/ResourceTest.scala PRE-CREATION core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 8014a5a6c362785539f24eb03d77278434614fe6 Diff: https://reviews.apache.org/r/34492/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt
PRE-CREATION core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 71f48c07723e334e6489efab500a43fa93a52d0c Diff: https://reviews.apache.org/r/34492/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt
kafka/security/auth/ResourceTest.scala <https://reviews.apache.org/r/34492/#comment138523> Same rationale as mentioned few times before for case senstivity. - Parth Brahmbhatt On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote: > >

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-04 Thread Parth Brahmbhatt
, Parth Brahmbhatt

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
KAFKA-1805 Handling the case where al the fields in ProducerRecord can be null. Diffs (updated) - clients/src/main/java/org/apache/kafka/clients/producer/ProducerRecord.java 065d4e6c6a4966ac216e98696782e2714044df29 Diff: https://reviews.apache.org/r/29468/diff/ Testing --- Than

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
lients/src/test/java/org/apache/kafka/clients/producer/ProducerRecordTest.java PRE-CREATION Diff: https://reviews.apache.org/r/29468/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
view72032 --- On Feb. 11, 2015, 10:49 p.m., Parth Brahmbhatt wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://revie

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
a/org/apache/kafka/clients/producer/ProducerRecord.java <https://reviews.apache.org/r/29468/#comment117967> nulls are handled now. - Parth Brahmbhatt On Feb. 11, 2015, 10:53 p.m., Parth Brahmbhatt wrote: > > --- > This is

Re: Review Request 29468: Patch for KAFKA-1805

2015-02-11 Thread Parth Brahmbhatt
org/apache/kafka/clients/producer/ProducerRecordTest.java PRE-CREATION Diff: https://reviews.apache.org/r/29468/diff/ Testing (updated) --- Unit tests added. Thanks, Parth Brahmbhatt

Re: Review Request 29467: Patch for KAFKA-1660

2015-02-17 Thread Parth Brahmbhatt
s/producer/Producer.java 17fe541588d462c68c33f6209717cc4015e9b62f clients/src/main/java/org/apache/kafka/clients/producer/internals/Sender.java ed9c63a6679e3aaf83d19fde19268553a4c107c2 Diff: https://reviews.apache.org/r/29467/diff/ Testing --- existing unit tests passed. Thanks, Parth Brahmbhatt

Re: Review Request 29467: Patch for KAFKA-1660

2015-02-17 Thread Parth Brahmbhatt
ducer.java 17fe541588d462c68c33f6209717cc4015e9b62f clients/src/main/java/org/apache/kafka/clients/producer/internals/Sender.java ed9c63a6679e3aaf83d19fde19268553a4c107c2 Diff: https://reviews.apache.org/r/29467/diff/ Testing --- existing unit tests passed. Thanks, Parth Brahmbhatt

Re: Review Request 29467: Patch for KAFKA-1660

2015-03-02 Thread Parth Brahmbhatt
//reviews.apache.org/r/29467/diff/ Testing --- existing unit tests passed. Thanks, Parth Brahmbhatt

Re: Review Request 29467: Patch for KAFKA-1660

2015-03-02 Thread Parth Brahmbhatt
afka/clients/producer/KafkaProducer.java <https://reviews.apache.org/r/29467/#comment121525> changed log level to suggested value. - Parth Brahmbhatt On March 2, 2015, 6:41 p.m., Parth Brahmbhatt wrote: > > --- > This is an aut

Re: Review Request 29467: Patch for KAFKA-1660

2015-03-03 Thread Parth Brahmbhatt
rote: > > clients/src/main/java/org/apache/kafka/clients/producer/KafkaProducer.java, > > line 554 > > <https://reviews.apache.org/r/29467/diff/4/?file=882247#file882247line554> > > > > It's probably worth adding an > > if(timeout > 0)

Re: Review Request 29467: Patch for KAFKA-1660

2015-03-03 Thread Parth Brahmbhatt
-- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/29467/#review74897 ------- On March 2, 2015, 6:41 p.m., Parth Brahmbhatt wrote: > > --

[DISCUSS] KIP-11- Authorization design for kafka security

2015-03-05 Thread Parth Brahmbhatt
Hi, KIP-11 is open for discussion , I have updated the wiki with the design and open questions. Thanks Parth

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-05 Thread Parth Brahmbhatt
Forgot to add links to wiki and jira. Link to wiki: https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface Link to Jira: https://issues.apache.org/jira/browse/KAFKA-1688 Thanks Parth From: Parth Brahmbhatt mailto:pbrahmbh...@hortonworks.com>> Date: Thursday,

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-09 Thread Parth Brahmbhatt
>Hi Parth, >>Thanks for putting this together. Overall it looks good to >>me. Although AdminUtils is a concern KIP-4 can probably fix >>that part. >>Thanks, >>Harsha >> >>On Thu, Mar 5, 2015, at 10:39 AM, Parth Brahmbhatt w

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-18 Thread Parth Brahmbhatt
for? And plan it as a future feature >>request? >> >>Thanks >> >>Bosco >> >> >> >>On 3/6/15, 8:10 AM, "Harsha" wrote: >> >>>Hi Parth, >>>Thanks for putting this together. Overall it looks good to >>

Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
42c72198a0325e234cf1d428b687663099de884e core/src/main/scala/kafka/consumer/ConsumerConfig.scala 9ebbee6c16dc83767297c729d2d74ebbd063a993 Diff: https://reviews.apache.org/r/32251/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
42c72198a0325e234cf1d428b687663099de884e core/src/main/scala/kafka/consumer/ConsumerConfig.scala 9ebbee6c16dc83767297c729d2d74ebbd063a993 Diff: https://reviews.apache.org/r/32251/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
42c72198a0325e234cf1d428b687663099de884e core/src/main/scala/kafka/consumer/ConsumerConfig.scala 9ebbee6c16dc83767297c729d2d74ebbd063a993 Diff: https://reviews.apache.org/r/32251/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
------- On March 19, 2015, 7:19 p.m., Parth Brahmbhatt wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/32251/ >

Re: Review Request 32251: Patch for KAFKA-2032

2015-03-19 Thread Parth Brahmbhatt
42c72198a0325e234cf1d428b687663099de884e core/src/main/scala/kafka/consumer/ConsumerConfig.scala 9ebbee6c16dc83767297c729d2d74ebbd063a993 Diff: https://reviews.apache.org/r/32251/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: [VOTE] KIP-7 Security - IP Filtering

2015-03-20 Thread Parth Brahmbhatt
I can confirm that KAFKA-1688 will cover this use case. Please go over https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+In terface and let me know if you think there is a different use case being covered by KIP-7. Thanks Parth On 3/20/15, 9:26 AM, "Jun Rao" wrote: >Yes,

Re: [VOTE] KIP-7 Security - IP Filtering

2015-03-20 Thread Parth Brahmbhatt
I am not entirely sure what you mean by integrating KIP-7 work with KAFKA-1688. Wouldn¹t the work done as part of KIP-7 become obsolete once KAFKA-1688 is done? Multiple ways of controlling these authorization just seems extra configuration that will confuse admins/users. If timing is the only is

Re: [VOTE] KIP-7 Security - IP Filtering

2015-03-20 Thread Parth Brahmbhatt
just need to wait >until >KIP-7 is done? If we add the small change now, we will have to worry about >migrating existing users and deprecating some configs when KIP-7 is done. > >Thanks, > >Jun > >On Fri, Mar 20, 2015 at 10:36 AM, Parth Brahmbhatt < >pbrahmbh...@

Review Request 32460: Patch for KAFKA-2032

2015-03-24 Thread Parth Brahmbhatt
://reviews.apache.org/r/32460/diff/ Testing --- Thanks, Parth Brahmbhatt

Re: [DISCUSS] KIP-11- Authorization design for kafka security

2015-03-25 Thread Parth Brahmbhatt
>>the server side, can we de-scope it for? And plan it as a future feature >>request? >> >>Thanks >> >>Bosco >> >> >> >>On 3/6/15, 8:10 AM, "Harsha" wrote: >> >>>Hi Parth, >>>Thanks for puttin

Re: [VOTE] KIP-50 - Enhance Authorizer interface to be aware of supported Principal Types

2016-03-31 Thread parth brahmbhatt
+1 Thanks Parth On Wed, Mar 30, 2016 at 8:22 PM, Ewen Cheslack-Postava wrote: > +1 > > -Ewen > > On Wed, Mar 30, 2016 at 7:20 PM, Gwen Shapira wrote: > > > So my +1 is back :) > > > > On Wed, Mar 30, 2016 at 4:51 PM, Ashish Singh > wrote: > > > > > My bad, I moved the config option to rejecte

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-04-19 Thread parth brahmbhatt
gt; >3. In catastrophic failures where all brokers go down, the > > tokens will > > > >> > >be lost even if servers are restarted as tokens are not > > persisted > > > >> > anywhere. > > > >> > >If this happens, then the

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-05-03 Thread parth brahmbhatt
, Apr 19, 2016, at 09:57 AM, parth brahmbhatt wrote: > > Thanks for review Jitendra. > > > > I don't like the idea of infinite lifetime but I see the Streaming use > > case. Even for Streaming use case I was hoping there will be some notion > > of > > maste

Re: [DISCUSS] KIP-48 Support for delegation tokens as an authentication mechanism

2016-05-04 Thread parth brahmbhatt
it Storm > >> job as my user), we will need a producer for every job (we can't share > >> them between multiple jobs running on same node), since we only > >> authenticate when connecting. Is there a plan to change this for > >> delegation tokens, in order to allow m

Re: Reg: Kafka-Acls

2016-05-05 Thread parth brahmbhatt
Acls will be written in zookeeper but you are using getAcl , what you need is get /kafka-acl/Topic/permissiontopic Thanks Parth On Thu, May 5, 2016 at 3:28 PM, BigData dev wrote: > Hi, > When I run the command > /bin/kafka-acls.sh --topic permissiontopic --add --allow-host {host} > --allow-p

  1   2   3   4   5   >