[jira] [Commented] (KAFKA-3329) Validation script to test expected behavior of Authorizer implementations
[
https://issues.apache.org/jira/browse/KAFKA-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15178613#comment-15178613
]
Grant Henke commented on KAFKA-3329:
[~singhashish] Sure ducktape tests would work and could likely help test more.
You are right that you would need some way to define the jar and authorizer
class you are testing.
> Validation script to test expected behavior of Authorizer implementations
> -
>
> Key: KAFKA-3329
> URL: https://issues.apache.org/jira/browse/KAFKA-3329
> Project: Kafka
> Issue Type: Wish
>Reporter: Grant Henke
>
> The authorizer interface and documentation defines some of the expected
> behavior of an Authorizer implementation. However, having real tests for a
> user implementing their own authorizer would be useful. A script like:
> {code}
> kafka-validate-authorizer.sh --authorizer-class ...
> {code}
> could be used to validate:
> * Expected operation inheritance
> ** Example: READ or WRITE automatically grants DESCRIBE
> * Expected exceptions or handling of edge cases
> ** When I add the same ACL twice
> ** When I remove an ACL that is not set
> ** When both Deny and Allow are set?
> ** When no Acl is attached to a resource?
> * Expected support for concurrent requests against multiple instances
> These same tests could be part of the Authorizer integration tests for
> Kafka's SimpleAuthorizer implementation.
> Users would not be required to follow all of the "default" expectations. But
> they would at least know what assumptions their implementation breaks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (KAFKA-3329) Validation script to test expected behavior of Authorizer implementations
[
https://issues.apache.org/jira/browse/KAFKA-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15178443#comment-15178443
]
Ashish K Singh commented on KAFKA-3329:
---
Do you think adding ducktape tests will work? It will probably require ducktape
to allow adding resources, like JARs, config files, etc. [~granders] is it
possible to do that?
> Validation script to test expected behavior of Authorizer implementations
> -
>
> Key: KAFKA-3329
> URL: https://issues.apache.org/jira/browse/KAFKA-3329
> Project: Kafka
> Issue Type: Wish
>Reporter: Grant Henke
>
> The authorizer interface and documentation defines some of the expected
> behavior of an Authorizer implementation. However, having real tests for a
> user implementing their own authorizer would be useful. A script like:
> {code}
> kafka-validate-authorizer.sh --authorizer-class ...
> {code}
> could be used to validate:
> * Expected operation inheritance
> ** Example: READ or WRITE automatically grants DESCRIBE
> * Expected exceptions or handling of edge cases
> ** When I add the same ACL twice
> ** When I remove an ACL that is not set
> ** When both Deny and Allow are set?
> ** When no Acl is attached to a resource?
> * Expected support for concurrent requests against multiple instances
> These same tests could be part of the Authorizer integration tests for
> Kafka's SimpleAuthorizer implementation.
> Users would not be required to follow all of the "default" expectations. But
> they would at least know what assumptions their implementation breaks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
