[jira] [Commented] (KAFKA-3329) Validation script to test expected behavior of Authorizer implementations
[ https://issues.apache.org/jira/browse/KAFKA-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15178613#comment-15178613 ] Grant Henke commented on KAFKA-3329: [~singhashish] Sure ducktape tests would work and could likely help test more. You are right that you would need some way to define the jar and authorizer class you are testing. > Validation script to test expected behavior of Authorizer implementations > - > > Key: KAFKA-3329 > URL: https://issues.apache.org/jira/browse/KAFKA-3329 > Project: Kafka > Issue Type: Wish >Reporter: Grant Henke > > The authorizer interface and documentation defines some of the expected > behavior of an Authorizer implementation. However, having real tests for a > user implementing their own authorizer would be useful. A script like: > {code} > kafka-validate-authorizer.sh --authorizer-class ... > {code} > could be used to validate: > * Expected operation inheritance > ** Example: READ or WRITE automatically grants DESCRIBE > * Expected exceptions or handling of edge cases > ** When I add the same ACL twice > ** When I remove an ACL that is not set > ** When both Deny and Allow are set? > ** When no Acl is attached to a resource? > * Expected support for concurrent requests against multiple instances > These same tests could be part of the Authorizer integration tests for > Kafka's SimpleAuthorizer implementation. > Users would not be required to follow all of the "default" expectations. But > they would at least know what assumptions their implementation breaks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KAFKA-3329) Validation script to test expected behavior of Authorizer implementations
[ https://issues.apache.org/jira/browse/KAFKA-3329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15178443#comment-15178443 ] Ashish K Singh commented on KAFKA-3329: --- Do you think adding ducktape tests will work? It will probably require ducktape to allow adding resources, like JARs, config files, etc. [~granders] is it possible to do that? > Validation script to test expected behavior of Authorizer implementations > - > > Key: KAFKA-3329 > URL: https://issues.apache.org/jira/browse/KAFKA-3329 > Project: Kafka > Issue Type: Wish >Reporter: Grant Henke > > The authorizer interface and documentation defines some of the expected > behavior of an Authorizer implementation. However, having real tests for a > user implementing their own authorizer would be useful. A script like: > {code} > kafka-validate-authorizer.sh --authorizer-class ... > {code} > could be used to validate: > * Expected operation inheritance > ** Example: READ or WRITE automatically grants DESCRIBE > * Expected exceptions or handling of edge cases > ** When I add the same ACL twice > ** When I remove an ACL that is not set > ** When both Deny and Allow are set? > ** When no Acl is attached to a resource? > * Expected support for concurrent requests against multiple instances > These same tests could be part of the Authorizer integration tests for > Kafka's SimpleAuthorizer implementation. > Users would not be required to follow all of the "default" expectations. But > they would at least know what assumptions their implementation breaks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)