I am working on the List/Alter ACLs patch ( https://github.com/apache/kafka/pull/1005) for KIP-4 and have a few questions around expectations for an Authorizer implementation:
- What is the expected behavior when I add the same ACL twice? - What is the expected behavior when I remove an ACL that is not set? - What type of "permission inheritance" is an implementer of the Authorizer interface supposed to follow: - Example: READ or WRITE automatically grants DESCRIBE - Is the Authorizer implementation expected to manage blocking/local cache consistency across all instances? - Or should all requests go to 1 instance? - This is related to the bug found while working on this patch: KAFKA-3328 <https://issues.apache.org/jira/browse/KAFKA-3328> Thanks, Grant -- Grant Henke Software Engineer | Cloudera gr...@cloudera.com | twitter.com/gchenke | linkedin.com/in/granthenke