I am working on the List/Alter ACLs patch (
https://github.com/apache/kafka/pull/1005) for KIP-4 and have a few
questions around expectations for an Authorizer implementation:
- What is the expected behavior when I add the same ACL twice?
- What is the expected behavior when I remove an ACL that is not set?
- What type of "permission inheritance" is an implementer of the
Authorizer interface supposed to follow:
- Example: READ or WRITE automatically grants DESCRIBE
- Is the Authorizer implementation expected to manage blocking/local
cache consistency across all instances?
- Or should all requests go to 1 instance?
- This is related to the bug found while working on this patch:
KAFKA-3328 <https://issues.apache.org/jira/browse/KAFKA-3328>
Thanks,
Grant
--
Grant Henke
Software Engineer | Cloudera
gr...@cloudera.com | twitter.com/gchenke | linkedin.com/in/granthenke
