Hi Folks, I took over this issue from Manikumar. Recently another motivation have been raised in Spark for this (SPARK-28173) and I think it'd be great to continue this task. I updated the KIP and will wait for a few days to get some feedback then proceed for the vote.
Thanks, Viktor On Tue, Dec 11, 2018 at 8:29 AM Manikumar <manikumar.re...@gmail.com> wrote: > Hi Harsha, > > Thanks for the review. > > With this KIP a designated superuser can create tokens without requiring > individual user credentials. > Any client can authenticate brokers using the created tokens. We may not > call this as impersonation, > since the clients API calls are executing on their own authenticated > connections. > > Thanks, > Manikumar > > On Fri, Dec 7, 2018 at 11:56 PM Harsha <ka...@harsha.io> wrote: > > > Hi Mani, > > Overall KIP looks good to me. Can we call this Impersonation > > support, which is what the KIP is doing? > > Also instead of using super.uses as the config which essentially giving > > cluster-wide support to the users, we can introduce impersonation.users > as > > a config and users listed in the config are allowed to impersonate other > > users. > > > > Thanks, > > Harsha > > > > > > On Fri, Dec 7, 2018, at 3:58 AM, Manikumar wrote: > > > Bump up! to get some attention. > > > > > > BTW, recently Apache Spark added support for Kafka delegation token. > > > https://issues.apache.org/jira/browse/SPARK-25501 > > > > > > On Fri, Dec 7, 2018 at 5:27 PM Manikumar <manikumar.re...@gmail.com> > > wrote: > > > > > > > Bump up! to get some attention. > > > > > > > > BTW, recently Apache Spark added for Kafka delegation token support. > > > > https://issues.apache.org/jira/browse/SPARK-25501 > > > > > > > > On Tue, Sep 25, 2018 at 9:56 PM Manikumar <manikumar.re...@gmail.com > > > > > > wrote: > > > > > > > >> Hi all, > > > >> > > > >> I have created a KIP that proposes to allow users to create > delegation > > > >> tokens for other users. > > > >> > > > >> > > > >> > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > > >> > > > >> Please take a look when you get a chance. > > > >> > > > >> Thanks, > > > >> Manikumar > > > >> > > > > > > >
