Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Ismael Juma 


> On Sept. 2, 2015, 1:11 p.m., Ismael Juma wrote:
> > Hi Parth, I finally had a bit of time to look into this in more detail and 
> > I pushed a commit with my suggestions to make the `KafkaApis` code a bit 
> > more readable:
> > 
> > https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154
> > 
> > As you said, it's difficult to do much better given the lack of common 
> > interfaces.
> > 
> > Please incorporate the changes if you agree. Also, note that I added a 
> > FIXME in one case where we don't seem to use the data produced by the 
> > `partition` call.
> 
> Parth Brahmbhatt wrote:
> Cherry picked. The FIXME does not need any change if you see 
> https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L195
>  it uses unauthorized partiton in constructing respoinse. where as the 
> authorized part gets used 
> https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L214
>  and 
> https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L255
>  and the actual call back finally gets called here 
> https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L273.

Thanks for cherry-picking the changes. Regarding the FIXME, indeed my bad 
(tricked by IntelliJ's unused field syntax highlighting). I realised my mistake 
once you posted the updated patch a few minutes ago. :)


- Ismael


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
---


On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 3, 2015, 12:36 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Addressing comments from Jun.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Various tweaks that make the code more readable
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Fixing compilation errors after cherry-pocking.
> 
> 
> Removing FIXME.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> 641afa1b2474150fa1002e9fedca13ff55175a7e 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/s

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 


> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/common/ErrorMapping.scala, lines 55-57
> > 
> >
> > Could you add the missing error cords 23-28 in the comment?

copied the error constant from Error.java and added in comments. I am not sure 
if you already have a jira to actually fix this. If you do can you assign that 
to me? If you don't have a jira yet can I create one and assign it to myself?


> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 680
> > 
> >
> > Unused val?

unused call given we agreed for offset topic creation we are not going to check 
for authorization.


> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaServer.scala, line 187
> > 
> >
> > space after if

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97466
---


On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 3, 2015, 12:36 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Addressing comments from Jun.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Various tweaks that make the code more readable
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Fixing compilation errors after cherry-pocking.
> 
> 
> Removing FIXME.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> 641afa1b2474150fa1002e9fedca13ff55175a7e 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafk

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 


> On Sept. 2, 2015, 1:11 p.m., Ismael Juma wrote:
> > Hi Parth, I finally had a bit of time to look into this in more detail and 
> > I pushed a commit with my suggestions to make the `KafkaApis` code a bit 
> > more readable:
> > 
> > https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154
> > 
> > As you said, it's difficult to do much better given the lack of common 
> > interfaces.
> > 
> > Please incorporate the changes if you agree. Also, note that I added a 
> > FIXME in one case where we don't seem to use the data produced by the 
> > `partition` call.

Cherry picked. The FIXME does not need any change if you see 
https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L195
 it uses unauthorized partiton in constructing respoinse. where as the 
authorized part gets used 
https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L214
 and 
https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L255
 and the actual call back finally gets called here 
https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L273.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
---


On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 3, 2015, 12:36 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Addressing comments from Jun.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Various tweaks that make the code more readable
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Fixing compilation errors after cherry-pocking.
> 
> 
> Removing FIXME.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> 641afa1b2474150fa1002e9fedca13ff55175a7e 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97582
---

Ship it!


Thanks Parth, LGTM.

- Ismael Juma


On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 3, 2015, 12:36 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Addressing comments from Jun.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Various tweaks that make the code more readable
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Fixing compilation errors after cherry-pocking.
> 
> 
> Removing FIXME.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> 641afa1b2474150fa1002e9fedca13ff55175a7e 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 756cf775cadbcaf01df7f691d8d01d9ff75db291 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 


> On Sept. 2, 2015, 11:13 p.m., Jun Rao wrote:
> > Hmm, did you attach the right patch? It doesn't seem to apply to trunk and 
> > my last round of minor comments didn't seem to get addressed. Also, one 
> > more suggestion below.

Can you take a look now? I am not sure why the patch looked weird the first 
time around. I have cherry picked Ismeal's change but I had to fix some 
compilation errors so you will see couple more commits on top of his commit.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
---


On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 3, 2015, 12:36 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Addressing comments from Jun.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Various tweaks that make the code more readable
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Fixing compilation errors after cherry-pocking.
> 
> 
> Removing FIXME.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> 641afa1b2474150fa1002e9fedca13ff55175a7e 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 756cf775cadbcaf01df7f691d8d01d9ff75db291 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> --

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Sept. 3, 2015, 12:36 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az

Conflicts:

clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java

clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala

Making Acl structure take only one principal, operation and host.


Merge remote-tracking branch 'origin/trunk' into az


Reverting uninteded new line change.


Addressing comments from Jun.


Merge remote-tracking branch 'origin/trunk' into az


Various tweaks that make the code more readable

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala

Fixing compilation errors after cherry-pocking.


Removing FIXME.


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
  clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
641afa1b2474150fa1002e9fedca13ff55175a7e 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
756cf775cadbcaf01df7f691d8d01d9ff75db291 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Sept. 3, 2015, 12:32 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az

Conflicts:

clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java

clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala

Making Acl structure take only one principal, operation and host.


Merge remote-tracking branch 'origin/trunk' into az


Reverting uninteded new line change.


Addressing comments from Jun.


Merge remote-tracking branch 'origin/trunk' into az


Various tweaks that make the code more readable

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala

Fixing compilation errors after cherry-pocking.


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
  clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
641afa1b2474150fa1002e9fedca13ff55175a7e 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
756cf775cadbcaf01df7f691d8d01d9ff75db291 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Ismael Juma 


> On Sept. 2, 2015, 11:13 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 676
> > 
> >
> > Could we change the test to the following to make it more consistent 
> > with the rest of places where we test authorization?
> > 
> > if (! authorizer.map(az => az.authorize(request.session, Read, new 
> > Resource(ConsumerGroup, consumerMetadataRequest.group))).getOrElse(true))

By the way, the changes in the commit I suggested solve this issue too. Parth 
hasn't included them yet.


- Ismael


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
---


On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 2, 2015, 9:50 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 039c7eb919edeedbf8f1342c6e2fdf4736e224cd 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
---


Hmm, did you attach the right patch? It doesn't seem to apply to trunk and my 
last round of minor comments didn't seem to get addressed. Also, one more 
suggestion below.


core/src/main/scala/kafka/server/KafkaApis.scala (line 675)


Could we change the test to the following to make it more consistent with 
the rest of places where we test authorization?

if (! authorizer.map(az => az.authorize(request.session, Read, new 
Resource(ConsumerGroup, consumerMetadataRequest.group))).getOrElse(true))



core/src/main/scala/kafka/server/KafkaApis.scala (line 739)


Ditto as the above.


- Jun Rao


On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 2, 2015, 9:50 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 039c7eb919edeedbf8f1342c6e2fdf4736e224cd 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97481
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 296)


nope. reverted.


- Parth Brahmbhatt


On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 2, 2015, 9:50 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> 
> Reverting uninteded new line change.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 039c7eb919edeedbf8f1342c6e2fdf4736e224cd 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Sept. 2, 2015, 9:50 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az

Conflicts:

clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java

clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala

Making Acl structure take only one principal, operation and host.


Merge remote-tracking branch 'origin/trunk' into az


Reverting uninteded new line change.


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
  clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
e17e390c507eca0eba28a2763c0e35d66077d1f2 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
039c7eb919edeedbf8f1342c6e2fdf4736e224cd 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97466
---

Ship it!


Parth, thanks a lot for the latest patch. Overall, it looks pretty good. I only 
have a few minor comments below. Also, do you want to include the changes 
recommended by Ismael?


core/src/main/scala/kafka/common/ErrorMapping.scala (lines 54 - 56)


Could you add the missing error cords 23-28 in the comment?



core/src/main/scala/kafka/server/KafkaApis.scala (line 679)


Unused val?



core/src/main/scala/kafka/server/KafkaServer.scala (line 187)


space after if


- Jun Rao


On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 1, 2015, 10:36 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
---


Hi Parth, I finally had a bit of time to look into this in more detail and I 
pushed a commit with my suggestions to make the `KafkaApis` code a bit more 
readable:

https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154

As you said, it's difficult to do much better given the lack of common 
interfaces.

Please incorporate the changes if you agree. Also, note that I added a FIXME in 
one case where we don't seem to use the data produced by the `partition` call.


clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
(line 10)


Was this change intended?


- Ismael Juma


On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 1, 2015, 10:36 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-02 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97431
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 296)


Is this intentional?


- Ismael Juma


On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 1, 2015, 10:36 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-01 Thread Parth Brahmbhatt 


> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 99
> > 
> >
> > I had a comment on this earlier that the current ACL representation 
> > makes it a bit hard to do dedup. Also, this makes it a bit inconvenient to 
> > remove ACLs. Basically, you have to specify the exact set of principals, 
> > hosts and operations to remove an existing ACL. Your reply is that this 
> > makes it convenient when an admin wants to add the same permission to say 5 
> > principals.
> > 
> > I was thinking that perhaps we can separate the CLI options from the 
> > underlying ACL representation. For the ACL representation, it seems that 
> > it's more natural to represent each ACL as either a  > permissionType, operation> or a  tuple. 
> > This will allow ACLs to be represented uniquely and makes dedupping easy. 
> > On the CLI side, we can take batch options for convenience, but translate 
> > them to a set of unique ACLs.

Changed.


> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 53
> > 
> >
> > principal => principals

fixed.


> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 48-51
> > 
> >
> > DENY, READ, WRITE should probably be camel case?

fixed.


> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/common/ErrorMapping.scala, line 57
> > 
> >
> > We will need to add the new error code and the exception in 
> > org.apache.kafka.common.errors in the client as well. Currently, there are 
> > a few error codes in Errors that are missing in ErrorMapping. This will be 
> > fixed in a separate jira. In this jira, we can just start with error code 
> > 29, which is the next unused error code in Errors. The exception in the 
> > client should be of ApiException.

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96909
---


On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Sept. 1, 2015, 10:36 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> Making Acl structure take only one principal, operation and host.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
> e17e390c507eca0eba28a2763c0e35d66077d1f2 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/

Re: Review Request 34492: Patch for KAFKA-2210

2015-09-01 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Sept. 1, 2015, 10:36 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az

Conflicts:

clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java

clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala

Making Acl structure take only one principal, operation and host.


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
  clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 
e17e390c507eca0eba28a2763c0e35d66077d1f2 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-31 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96909
---


Thanks for the patch. We are getting pretty close. A few more comments below.


core/src/main/scala/kafka/common/ErrorMapping.scala (line 56)


We will need to add the new error code and the exception in 
org.apache.kafka.common.errors in the client as well. Currently, there are a 
few error codes in Errors that are missing in ErrorMapping. This will be fixed 
in a separate jira. In this jira, we can just start with error code 29, which 
is the next unused error code in Errors. The exception in the client should be 
of ApiException.



core/src/main/scala/kafka/security/auth/Acl.scala (lines 48 - 51)


DENY, READ, WRITE should probably be camel case?



core/src/main/scala/kafka/security/auth/Acl.scala (line 53)


principal => principals



core/src/main/scala/kafka/security/auth/Acl.scala (line 99)


I had a comment on this earlier that the current ACL representation makes 
it a bit hard to do dedup. Also, this makes it a bit inconvenient to remove 
ACLs. Basically, you have to specify the exact set of principals, hosts and 
operations to remove an existing ACL. Your reply is that this makes it 
convenient when an admin wants to add the same permission to say 5 principals.

I was thinking that perhaps we can separate the CLI options from the 
underlying ACL representation. For the ACL representation, it seems that it's 
more natural to represent each ACL as either a  or a  tuple. This will allow ACLs 
to be represented uniquely and makes dedupping easy. On the CLI side, we can 
take batch options for convenience, but translate them to a set of unique ACLs.


- Jun Rao


On Aug. 26, 2015, 9:29 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 26, 2015, 9:29 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> Conflicts:
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>   core/src/main/scala/kafka/server/KafkaApis.scala
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> a3a8df0545

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-26 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Aug. 26, 2015, 9:29 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az

Conflicts:

clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java

clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 35d41685dd178bbdf77b2476e03ad51fc4adcbb6 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
a3a8df0545c3f9390e0e04b8d2fab0134f5fd019 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-25 Thread Parth Brahmbhatt 


> On Aug. 23, 2015, 9:29 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 21
> > 
> >
> > There is a java version of KafkaPrincipal. Could we consolidate?

consolidated. Converted Authorizer's principal to Java class and moved under 
client/common/security/auth. Let me know if I misunderstood what you meant by 
this comment.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96129
---


On Aug. 26, 2015, 12:59 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 26, 2015, 12:59 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
> 
> 
> Consolidating KafkaPrincipal.
> 
> 
> Diffs
> -
> 
>   
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
>  a3567af96e4f90d62587b31d5b14e7911ba9baf4 
>   
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
>  277b6efb8cf4ad2c81fdcf694bf7c233e48cf214 
>   
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
>  PRE-CREATION 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 67f0cad802f901f255825aa2158545d7f5e7cc3d 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-25 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Aug. 26, 2015, 12:59 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az


Consolidating KafkaPrincipal.


Diffs (updated)
-

  
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
 a3567af96e4f90d62587b31d5b14e7911ba9baf4 
  
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 
277b6efb8cf4ad2c81fdcf694bf7c233e48cf214 
  
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java
 PRE-CREATION 
  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
67f0cad802f901f255825aa2158545d7f5e7cc3d 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
17db4fa3c3a146f03a35dd7671ad1b06d122bb59 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-23 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96129
---



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 21)


There is a java version of KafkaPrincipal. Could we consolidate?


- Jun Rao


On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 20, 2015, 6:27 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 67f0cad802f901f255825aa2158545d7f5e7cc3d 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 0e7ba3ede78dbc995c404e0387a6be687703836a 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Parth Brahmbhatt 


> On Aug. 20, 2015, 10:30 a.m., Ismael Juma wrote:
> > One more thing: it may be a good idea to rebase against trunk since the 
> > large SSL/TLS patch has now been merged (not sure if there are any 
> > conflicts).

Done.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95942
---


On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 20, 2015, 6:27 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 67f0cad802f901f255825aa2158545d7f5e7cc3d 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> d547a01cf7098f216a3775e1e1901c5794e1b24c 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 0e7ba3ede78dbc995c404e0387a6be687703836a 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
> 3da666f73227fc7ef7093e3790546344065f6825 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Parth Brahmbhatt 


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 84-87
> > 
> >
> > Do we need the case match here since acls is always a Set?

Fixed.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/ResourceType.scala, line 21
> > 
> >
> > Not needed.

Fixed.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > 
> >
> > If authorizer is not specified, getOrElse() should return true, right? 
> > There are a few other places like that.

Fixed.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 189-192
> > 
> >
> > For coding style, to be consistent with most existing code, it seems 
> > it's better to do authorizer.map{ ... }.getOrElse().

Done.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 641-644
> > 
> >
> > The current logic requires that we grant CREATE on CLUSTER to the 
> > consumer, which is a bit weird. Perhaps we should just always allow the 
> > consumer to create the offset topic as long as it has the permission to 
> > read the topic and the consumer group. That way, we don't have to grant 
> > CREATE permssion to the consumer.

Done.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 677
> > 
> >
> > It seems the test on errorCode == ErrorMapping.NoError is unnecessary.

The code tries to priortize non authoirzation errors above authorization error. 
We can only send one error code and IMO if we have an error other than 
Authorization error we should propogate that to the user.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 553
> > 
> >
> > Currently, metadataCache.getTopicMetadata() will return all the 
> > metadata of all topics if the input topic is empty. This causes a couple of 
> > issues here. (1) If authorizedTopics is empty, we end up returning more 
> > topics than needed. (2) If the original request has an empty topic list, we 
> > will return the metadata of all topics whether the client has the DESCRIBE 
> > permission or not.

Fixed.


> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala, line 
> > 30
> > 
> >
> > We removed this class in KAFKA-2288 since it's no longer necessary.

Removed the class.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95801
---


On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 20, 2015, 6:27 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Addressing Jun's comments.
> 
> 
> Merge remote-tracking branch 'origin/trunk' into az
> 
> Conflicts:
>   core/src/main/scala/kafka/server/KafkaApis.scala
>   core/src/main/scala/kafka/server/KafkaServer.scala
> 
> Deleting KafkaConfigDefTest
> 
> 
> Addressing comments from Ismael.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/s

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Parth Brahmbhatt 


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/network/RequestChannel.scala, line 48
> > 
> >
> > Normally one would use `Option[Session]` here. Are we using `null` due 
> > to efficiency concerns? Sorry if I am missing some context.

My bad, This class is not suppose to be part of this PR but the dependent jira. 
Removed this class.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > 
> >
> > Generally a good idea to set the result type for public methods. This 
> > makes it possible to change the underlying implementation without affecting 
> > binary compatibility. For example, here we may set the result type as 
> > `Seq[Operation]`, which would give us the option of changing the underlying 
> > implementation to `Vector` if that turned out to be better. In `Scala`, 
> > `List` is a concrete type unlike `Java`.
> > 
> > Not sure what is the usual policy for Kafka though, would be useful to 
> > have some input from Jun. If we decide to change it, there are other places 
> > where the same comment would apply.
> 
> Jun Rao wrote:
> We don't have a policy on that yet. I think explicitly defining return 
> types in this case makes sense.

Fixed in Operation, PermissionType and ResourceType.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 24
> > 
> >
> > Nitpick: space before `:` should be removed.

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 25
> > 
> >
> > Nitpick: space before `:` should be removed.

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 116
> > 
> >
> > Nitpick: no need for `()` and space before `:` should be removed.

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > 
> >
> > This code exists in 4 places, how about we introduce an method like:
> > 
> > ```
> > def authorizeClusterAction(authorizer, request): Unit = {
> >   if (authorizer.map(_.authorizer(request.session, ClusterAction, 
> > Resource.ClusterResource)).getOrElse(false))
> > throw new AuthorizationException(s"Request $request is not 
> > authorized.")
> > }
> > ```
> > 
> > And then callers can just do (as an example):
> > 
> > `authorizeClusterAction(authorizer, leaderAndIsrRequest)`
> > 
> > 
> > Am I missing something?

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 189-192
> > 
> >
> > Nitpick: space after `case`. There are a number of other cases like 
> > this.

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 549
> > 
> >
> > Nitpick: val instead of var.

I am actually changing these values later so they need to be vars.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 24
> > 
> >
> > We don't use `JUnit3Suite` anymore. Either use `JUnitSuite` or don't 
> > inherit from anything (we have both examples in the codebase now). This 
> > applies to all the tests. I noticed that Jun already mentioned this in 
> > another test.

Fixed.


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 30
> > 
> >
> > @Test annotation is needed after you remove `JUnit3Suite`. This applies 
> > to all the tests.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
---


On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Aug. 20, 2015, 6:27 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Addressing Jun's comments.


Merge remote-tracking branch 'origin/trunk' into az

Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala

Deleting KafkaConfigDefTest


Addressing comments from Ismael.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
67f0cad802f901f255825aa2158545d7f5e7cc3d 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
d547a01cf7098f216a3775e1e1901c5794e1b24c 
  core/src/main/scala/kafka/server/KafkaServer.scala 
0e7ba3ede78dbc995c404e0387a6be687703836a 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 
3da666f73227fc7ef7093e3790546344065f6825 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Jun Rao 


> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > 
> >
> > Generally a good idea to set the result type for public methods. This 
> > makes it possible to change the underlying implementation without affecting 
> > binary compatibility. For example, here we may set the result type as 
> > `Seq[Operation]`, which would give us the option of changing the underlying 
> > implementation to `Vector` if that turned out to be better. In `Scala`, 
> > `List` is a concrete type unlike `Java`.
> > 
> > Not sure what is the usual policy for Kafka though, would be useful to 
> > have some input from Jun. If we decide to change it, there are other places 
> > where the same comment would apply.

We don't have a policy on that yet. I think explicitly defining return types in 
this case makes sense.


- Jun


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
---


On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 11, 2015, 1:32 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/network/RequestChannel.scala 
> 20741281dcaa76374ea6f86a2185dad27b515339 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 7ea509c2c41acc00430c74e025e069a833aac4e7 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 84d4730ac634f9a5bf12a656e422fea03ad72da8 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95942
---


One more thing: it may be a good idea to rebase against trunk since the large 
SSL/TLS patch has now been merged (not sure if there are any conflicts).

- Ismael Juma


On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 11, 2015, 1:32 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/network/RequestChannel.scala 
> 20741281dcaa76374ea6f86a2185dad27b515339 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 7ea509c2c41acc00430c74e025e069a833aac4e7 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 84d4730ac634f9a5bf12a656e422fea03ad72da8 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-20 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
---


Thanks for addressing the issues raised in the previous review. We are getting 
closer. I left a few comments (many of them minor style issues).

The important question for me is how can we make the authorization logic that 
is spread over many methods simpler by perhaps introducing some utility 
methods. I provided a suggestion for one of the cases, but I didn't spend the 
time to work it out for the `partition` case that is more important (and 
probably harder). I would be interested in your thoughts as you are more 
familiar with the code. I'd be happy to spend a bit more time on this to see if 
I can come up with something, if you prefer. Just let me know.


core/src/main/scala/kafka/network/RequestChannel.scala (line 48)


Normally one would use `Option[Session]` here. Are we using `null` due to 
efficiency concerns? Sorry if I am missing some context.



core/src/main/scala/kafka/security/auth/Acl.scala (line 116)


Nitpick: no need for `()` and space before `:` should be removed.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 25)


Nitpick: space before `:` should be removed.



core/src/main/scala/kafka/security/auth/Operation.scala (line 42)


Generally a good idea to set the result type for public methods. This makes 
it possible to change the underlying implementation without affecting binary 
compatibility. For example, here we may set the result type as 
`Seq[Operation]`, which would give us the option of changing the underlying 
implementation to `Vector` if that turned out to be better. In `Scala`, `List` 
is a concrete type unlike `Java`.

Not sure what is the usual policy for Kafka though, would be useful to have 
some input from Jun. If we decide to change it, there are other places where 
the same comment would apply.



core/src/main/scala/kafka/security/auth/Resource.scala (line 24)


Nitpick: space before `:` should be removed.



core/src/main/scala/kafka/server/KafkaApis.scala (line 101)


This code exists in 4 places, how about we introduce an method like:

```
def authorizeClusterAction(authorizer, request): Unit = {
  if (authorizer.map(_.authorizer(request.session, ClusterAction, 
Resource.ClusterResource)).getOrElse(false))
throw new AuthorizationException(s"Request $request is not authorized.")
}
```

And then callers can just do (as an example):

`authorizeClusterAction(authorizer, leaderAndIsrRequest)`

Am I missing something?



core/src/main/scala/kafka/server/KafkaApis.scala (lines 186 - 189)


Nitpick: space after `case`. There are a number of other cases like this.



core/src/main/scala/kafka/server/KafkaApis.scala (line 282)


We have a lot of these `partition` calls like this. Is there no way to 
extract a utility method so that the call is simpler and there is less 
duplication?



core/src/main/scala/kafka/server/KafkaApis.scala (line 545)


Nitpick: val instead of var.



core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 24)


We don't use `JUnit3Suite` anymore. Either use `JUnitSuite` or don't 
inherit from anything (we have both examples in the codebase now). This applies 
to all the tests. I noticed that Jun already mentioned this in another test.



core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 30)


@Test annotation is needed after you remove `JUnit3Suite`. This applies to 
all the tests.


- Ismael Juma


On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 11, 2015, 1:32 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-19 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95801
---


Thanks for the patch. A few comments below. There is a unit test failure.

kafka.server.KafkaConfigTest > testFromPropsInvalid FAILED
org.scalatest.junit.JUnitTestFailedError: Expected exception 
java.lang.Exception to be thrown, but no exception was thrown.
at 
org.scalatest.junit.AssertionsForJUnit$class.newAssertionFailedException(AssertionsForJUnit.scala:102)
at 
org.scalatest.junit.JUnit3Suite.newAssertionFailedException(JUnit3Suite.scala:147)
at org.scalatest.Assertions$class.intercept(Assertions.scala:1014)
at org.scalatest.junit.JUnit3Suite.intercept(JUnit3Suite.scala:147)
at 
kafka.server.KafkaConfigTest$$anonfun$kafka$server$KafkaConfigTest$$assertPropertyInvalid$1.apply(KafkaConfigTest.scala:529)
at 
kafka.server.KafkaConfigTest$$anonfun$kafka$server$KafkaConfigTest$$assertPropertyInvalid$1.apply(KafkaConfigTest.scala:526)
at 
scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33)
at scala.collection.mutable.WrappedArray.foreach(WrappedArray.scala:34)
at 
kafka.server.KafkaConfigTest.kafka$server$KafkaConfigTest$$assertPropertyInvalid(KafkaConfigTest.scala:526)
at 
kafka.server.KafkaConfigTest$$anonfun$testFromPropsInvalid$1.apply(KafkaConfigTest.scala:484)
at 
kafka.server.KafkaConfigTest$$anonfun$testFromPropsInvalid$1.apply(KafkaConfigTest.scala:395)
at scala.collection.immutable.List.foreach(List.scala:318)
at 
kafka.server.KafkaConfigTest.testFromPropsInvalid(KafkaConfigTest.scala:395)


core/src/main/scala/kafka/security/auth/Acl.scala (lines 84 - 87)


Do we need the case match here since acls is always a Set?



core/src/main/scala/kafka/security/auth/ResourceType.scala (line 21)


Not needed.



core/src/main/scala/kafka/server/KafkaApis.scala (line 101)


If authorizer is not specified, getOrElse() should return true, right? 
There are a few other places like that.



core/src/main/scala/kafka/server/KafkaApis.scala (lines 186 - 189)


For coding style, to be consistent with most existing code, it seems it's 
better to do authorizer.map{ ... }.getOrElse().



core/src/main/scala/kafka/server/KafkaApis.scala (line 549)


Currently, metadataCache.getTopicMetadata() will return all the metadata of 
all topics if the input topic is empty. This causes a couple of issues here. 
(1) If authorizedTopics is empty, we end up returning more topics than needed. 
(2) If the original request has an empty topic list, we will return the 
metadata of all topics whether the client has the DESCRIBE permission or not.



core/src/main/scala/kafka/server/KafkaApis.scala (lines 637 - 640)


The current logic requires that we grant CREATE on CLUSTER to the consumer, 
which is a bit weird. Perhaps we should just always allow the consumer to 
create the offset topic as long as it has the permission to read the topic and 
the consumer group. That way, we don't have to grant CREATE permssion to the 
consumer.



core/src/main/scala/kafka/server/KafkaApis.scala (line 673)


It seems the test on errorCode == ErrorMapping.NoError is unnecessary.



core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala (line 30)


We removed this class in KAFKA-2288 since it's no longer necessary.


- Jun Rao


On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Aug. 11, 2015, 1:32 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-10 Thread Edward Ribeiro 


> On Julho 21, 2015, 1:30 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 71
> > 
> >
> > Disclaimer: I am not claiming that you should change the code commented 
> > here.
> > 
> > Okay, for getting rid of the dreaded 
> > ``collection.mutable.HashSet[Acl]()``, you have two options, afaik:
> > 
> > 1. use ``(for (i <- list) yield i).toSet``. In the current code it 
> > would be something like:
> > 
> > ```
> > val acls = (for (item <- aclSet) {
> > val principals: List[KafkaPrincipal] = 
> > item(PrincipalKey).asInstanceOf[List[String]].map(principal => 
> > KafkaPrincipal.fromString(principal))
> > val permissionType: PermissionType = 
> > PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
> > val operations: List[Operation] = 
> > item(OperationKey).asInstanceOf[List[String]].map(operation => 
> > Operation.fromString(operation))
> > val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]
> > 
> > yield new Acl(principals.toSet, permissionType, hosts.toSet, 
> > operations.toSet)
> > }).toSet
> > ```
> > 
> > The surrounding parenthesis around the ``for`` comprehesion are 
> > important as ``yield`` would return the same Collection type from aclSet (a 
> > List in this case).
> > 
> > 
> > 2. To use a (private) helper recursive function like, for example:
> > 
> > ```
> > private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
> > list match {
> >case item::tail => {
> >  
> >  // L#72 - L#75 processing over `item`
> >  
> >  Set(new Acl(...)) ++ listToSet(tail)
> >}
> >case Nil => Set.empty[Acl]
> > }
> > }
> > ```
> > 
> > can call it from ``fromJson`` on ``aclSet`` instead of doing a 
> > ``foreach``.
> > 
> > 
> > In fact, most of lines  L#72 - L#75 are composed of Lists that 
> > eventually get converted to set (principals, hosts, operations and acls), 
> > so you could "generify" the helper function above, so that you could pass a 
> > 'convertion' function, but here I am wary of the complexity of the code 
> > starting to outweight the benefits (?) of not using mutable data 
> > structures... Nevertheless, it would look like:
> > 
> > ```
> > def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
> > list match {
> > case head::tail => Set(f(head)) ++ listToSet(tail, f)
> > case Nil => Set.empty[K]
> >  }
> > }
> > ```
> 
> Parth Brahmbhatt wrote:
> I haven't changed it for now dont really think to .toSet will be that bad.

Agree! All the other options leave the code more obfuscated than it needs to 
be, imo. Only if there was some strict code guideline to use "pure" Functional 
Programming we would need to resort to one of those options I described.


- Edward


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
---


On Ago. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated Ago. 11, 2015, 1:32 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Now addressing Ismael's comments. Case sensitive checks.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/network/RequestChannel.scala 
> 20741281dcaa76374ea6f86a2185dad27b515339 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala P

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-10 Thread Parth Brahmbhatt 


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/common/AuthorizationException.scala, line 24
> > 
> >
> > Exceptions without a message are discouraged, so I would remove the 
> > no-args constructor.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 64
> > 
> >
> > Should this be called `removeResource` instead? Good to avoid method 
> > overloads when possible.

its actually not removing the resource itself though, it is only removing acls 
attached to the acls. Want to avoid naming it somehting that will be misleading.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 26
> > 
> >
> > Type annotations are usually not used for local vals.

done for all classes under auth package.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 28
> > 
> >
> > Code contention: no braces for single expression.

again done for all classed under auth package.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 32
> > 
> >
> > This could be written in a nicer way like this:
> > 
> > ```
> > str.split(Separator, 2) match {
> >   case Array(principalType, name, _*) => new 
> > KafkaPrincipal(principalType, name)
> >   case s => throw IllegalArgumentException(...)
> > }
> > ```

made changes at KafkaPrincipal and Resource.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > 
> >
> > If you make this a case class, you get decent `toString`, `equals` and 
> > `hashCode` by default. Also, the `val` is then not needed for the fields.

I have changed all the classes to case class. This basically means all the 
equalities are now case sensitive.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 38
> > 
> >
> > `find` is better than `filter` here as it stops once the match is 
> > found. Also, `headOption` is not needed then.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > 
> >
> > Code convention: no braces needed for single expression.
> > 
> > Also, no need for `()` since there is no side-effect here.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 38
> > 
> >
> > Same points as the ones in `Operation`.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 22
> > 
> >
> > Space after `,`.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 31
> > 
> >
> > Same comments as in `KafkaPrincipal.fromString`.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 41
> > 
> >
> > Make it a case class?

mixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/ResourceType.scala, line 52
> > 
> >
> > Same comments as in `Operation`.

fixed.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 44
> > 
> >
> > Type annotation is generally not needed for local `vals` (there are a 
> > number of instances of this).

Fixed all instances that I could find.


> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > 
> >
> > In general, `Opt

Re: Review Request 34492: Patch for KAFKA-2210

2015-08-10 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated Aug. 11, 2015, 1:32 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Now addressing Ismael's comments. Case sensitive checks.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/network/RequestChannel.scala 
20741281dcaa76374ea6f86a2185dad27b515339 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
7ea509c2c41acc00430c74e025e069a833aac4e7 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
  core/src/main/scala/kafka/server/KafkaServer.scala 
84d4730ac634f9a5bf12a656e422fea03ad72da8 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
PRE-CREATION 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-28 Thread Ismael Juma 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review93302
---


I did an initial pass and left some comments. Some of them are questions and a 
lot of them are around idiomatic Scala. I didn't go until the end because I was 
seeing similar issues to the ones I had already raised and I thought it would 
be better to wait for feedback before continuing.


core/src/main/scala/kafka/common/AuthorizationException.scala (line 24)


Exceptions without a message are discouraged, so I would remove the no-args 
constructor.



core/src/main/scala/kafka/security/auth/Authorizer.scala (line 64)


Should this be called `removeResource` instead? Good to avoid method 
overloads when possible.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 26)


Type annotations are usually not used for local vals.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 28)


Code contention: no braces for single expression.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 32)


This could be written in a nicer way like this:

```
str.split(Separator, 2) match {
  case Array(principalType, name, _*) => new KafkaPrincipal(principalType, 
name)
  case s => throw IllegalArgumentException(...)
}
```



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 41)


If you make this a case class, you get decent `toString`, `equals` and 
`hashCode` by default. Also, the `val` is then not needed for the fields.



core/src/main/scala/kafka/security/auth/Operation.scala (line 38)


`find` is better than `filter` here as it stops once the match is found. 
Also, `headOption` is not needed then.



core/src/main/scala/kafka/security/auth/Operation.scala (line 42)


Code convention: no braces needed for single expression.

Also, no need for `()` since there is no side-effect here.



core/src/main/scala/kafka/security/auth/PermissionType.scala (line 38)


Same points as the ones in `Operation`.



core/src/main/scala/kafka/security/auth/Resource.scala (line 22)


Space after `,`.



core/src/main/scala/kafka/security/auth/Resource.scala (line 31)


Same comments as in `KafkaPrincipal.fromString`.



core/src/main/scala/kafka/security/auth/Resource.scala (line 41)


Make it a case class?



core/src/main/scala/kafka/security/auth/ResourceType.scala (line 52)


Same comments as in `Operation`.



core/src/main/scala/kafka/server/KafkaApis.scala (line 101)


In general, `Option.get` should be avoided. Instead of manually checking if 
it's defined, use safer methods. For example:

```authorizer.foreach { a =>
if (!a.authorize(...)
  throw new ...
```

`filter`/`filterNot` could also be used before `foreach` instead of the 
`if`, but it doesn't give much in this case.



core/src/main/scala/kafka/server/KafkaApis.scala (line 164)


This code is duplicated in a number of places, can we not extract it into a 
method?



core/src/main/scala/kafka/server/KafkaApis.scala (line 185)


Use `case` like in the `requestInfo.filter` call to make the code more 
readable. Also good to avoid `Option.get` as mentioned above.



core/src/main/scala/kafka/server/KafkaApis.scala (line 341)


Use `map` or `fold` instead of `Option.get`.



core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 44)


Type annotation is generally not needed for local `vals` (there are a 
number of instances of this).


- Ismael Juma


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 14, 2015, 11:09 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 40
> > 
> >
> > Same comment of Operation.scala also applies here. In addition, the 
> > return is redundant, right?

Done


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91675
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 14, 2015, 11:12 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 25
> > 
> >
> > In KafkaPrincipal you split like:
> > 
> > val arr: Array[String] = str.split(Separator, 2) //only split in two 
> > parts
> > 
> > But here you just call split without a second parameter. Choose one way 
> > and uniform the use. :)

done.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91676
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:30 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 71
> > 
> >
> > Disclaimer: I am not claiming that you should change the code commented 
> > here.
> > 
> > Okay, for getting rid of the dreaded 
> > ``collection.mutable.HashSet[Acl]()``, you have two options, afaik:
> > 
> > 1. use ``(for (i <- list) yield i).toSet``. In the current code it 
> > would be something like:
> > 
> > ```
> > val acls = (for (item <- aclSet) {
> > val principals: List[KafkaPrincipal] = 
> > item(PrincipalKey).asInstanceOf[List[String]].map(principal => 
> > KafkaPrincipal.fromString(principal))
> > val permissionType: PermissionType = 
> > PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
> > val operations: List[Operation] = 
> > item(OperationKey).asInstanceOf[List[String]].map(operation => 
> > Operation.fromString(operation))
> > val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]
> > 
> > yield new Acl(principals.toSet, permissionType, hosts.toSet, 
> > operations.toSet)
> > }).toSet
> > ```
> > 
> > The surrounding parenthesis around the ``for`` comprehesion are 
> > important as ``yield`` would return the same Collection type from aclSet (a 
> > List in this case).
> > 
> > 
> > 2. To use a (private) helper recursive function like, for example:
> > 
> > ```
> > private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
> > list match {
> >case item::tail => {
> >  
> >  // L#72 - L#75 processing over `item`
> >  
> >  Set(new Acl(...)) ++ listToSet(tail)
> >}
> >case Nil => Set.empty[Acl]
> > }
> > }
> > ```
> > 
> > can call it from ``fromJson`` on ``aclSet`` instead of doing a 
> > ``foreach``.
> > 
> > 
> > In fact, most of lines  L#72 - L#75 are composed of Lists that 
> > eventually get converted to set (principals, hosts, operations and acls), 
> > so you could "generify" the helper function above, so that you could pass a 
> > 'convertion' function, but here I am wary of the complexity of the code 
> > starting to outweight the benefits (?) of not using mutable data 
> > structures... Nevertheless, it would look like:
> > 
> > ```
> > def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
> > list match {
> > case head::tail => Set(f(head)) ++ listToSet(tail, f)
> > case Nil => Set.empty[K]
> >  }
> > }
> > ```

I haven't changed it for now dont really think to .toSet will be that bad.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5f

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 12:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 86
> > 
> >
> > It's better to return None here, no?

Can't return None or nil where a Map[String, Any] is expected :-(.


> On July 21, 2015, 12:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > 
> >
> > Please, put a space between ``if`` and ``(``.

done.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92341
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 14, 2015, 10:59 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 35
> > 
> >
> > Scala's match is a powerful mechanism but using it to decode as below 
> > seems boilterplate-ish. Why not use something like:
> > 
> > def fromString(operation: String): Operation = {
> >   val op = 
> > values().filter(_.name.equalsIgnoreCase(operation)).headOption
> >   op match {
> >  Some(x) => x
> >   }
> > }
> > 
> > or even:
> > 
> > def fromString(operation: String): Operation = {
> >   val Some(op) = 
> > values().filter(_.name.equalsIgnoreCase(operation)).headOption
> >   op
> > }

new to the whole scala thing and so I still find some of these options too 
cryptic to read but I am going to assume you know the idioms better than me. 
Changed it to second option you proposed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91671
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 14, 2015, 11:26 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 110
> > 
> >
> > As the values are fixed you could have written toMap() as below so that 
> > we can save ourselves from creating a mutable Map just to convert it to an 
> > immutable Map at the end:
> > 
> >  def toMap() : Map[String, Any] = {
> > Map(Acl.PrincipalKey -> principals.map(principal => 
> > principal.toString),
> > Acl.PermissionTypeKey -> permissionType.name),
> > Acl.OperationKey -> operations.map(operation => operation.name),
> > Acl.HostsKey -> hosts)
> >   }

Done.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91679
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 14, 2015, 11:01 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 24
> > 
> >
> > nit: what about switch this lines 23 and 24 and then use WildCardHost 
> > as replacement for the second literal parameter of new KafkaPrincipal?

I actually like it the way it is right now.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91672
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:37 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 47
> > 
> >
> > The ``return`` here is redundant. In fact the L#46 - L#48 could be 
> > rewritten as either:
> > 
> > ```
> > def values() : List[PermissionType] = {
> >List(Allow, Deny)
> > }
> > ```
> > 
> > or just
> > 
> > ```
> > def values = List(Allow, Deny)
> > ```
> > 
> > please, check with the committers what they prefer. In any case the 
> > return is a unnecessary. ;)

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92347
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:40 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 136
> > 
> >
> > The return is redundant here.

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92349
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 55
> > 
> >
> > the parenthesis after the ``!`` is not required.

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92352
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:47 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 86
> > 
> >
> > Or maybe an Map.empty[String, Any]

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92351
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:50 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 28
> > 
> >
> > Please, put a space between ``if`` and ``(``.

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92353
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:59 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 540
> > 
> >
> > Please, put a space between ``if`` and ``(``.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92356
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:43 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 624
> > 
> >
> > Lines L#620 and L#621 could be merged (with a &&)  into a single 
> > if-condition. No need for nested if-conditions here. ;-)

fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92350
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:55 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 43
> > 
> >
> > The ``return`` here is redundant.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92354
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 2:02 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 139
> > 
> >
> > Put a space between ``if`` and ``(``.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92357
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 1:57 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 151
> > 
> >
> > Please, put a space between ``if`` and ``(`` here.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92355
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 2:09 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 166
> > 
> >
> > Please, put a space between ``if`` and ``(``.

Fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92358
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 2:15 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 21
> > 
> >
> > Just kidding, please remove it.

removed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92361
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On July 21, 2015, 2:13 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 21
> > 
> >
> > the semi-colon is trying to scape here, catch it! :)

Indeed it was, removed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92359
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 


> On June 1, 2015, 1:11 a.m., Jun Rao wrote:
> > Thanks for that patch. A few comments below.
> > 
> > Also, two common types of users are consumers and publishers. Currently, if 
> > you want to allow a user to consume from topic t in consumer group g, you 
> > have to grant (1) read permission on topic t; (2) read permission on group 
> > g; (3) describe permission on topic t; (4) describe permission on group g; 
> > (5) create permission on offset topic; (6) describe permission on offset 
> > topic. Similarly, if you want to allow a user to publish to a topic t, you 
> > need to grant (1) write permission to topic t; (2) create permission on the 
> > cluster; (3) describe permission on topic t. These are a quite a few 
> > individual permission for the admin to remember and set. I am wondering if 
> > we can grant permissions to these two types of users in a simpler way, at 
> > least through the cli. For example, for a consumer, based on the topics and 
> > the consumer group, it would be nice if the cli can grant the necessary 
> > permissions automatically, instead of having to require the admin to set 
> > each indivial permission.

I will handle this as part of the CLI PR.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review85791
---


On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 22, 2015, 12:08 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Addressing more comments.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-21 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated July 22, 2015, 12:08 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Addressing more comments.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
18f5b5b895af1469876b2223841fd90a2dd255e0 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
  core/src/main/scala/kafka/server/KafkaServer.scala 
18917bc4464b9403b16d85d20c3fd4c24893d1d3 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
04a02e08a54139ee1a298c5354731bae009efef3 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92361
---



core/src/main/scala/kafka/security/auth/PermissionType.scala (line 21)


Just kidding, please remove it.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92359
---



core/src/main/scala/kafka/security/auth/PermissionType.scala (line 21)


the semi-colon is trying to scape here, catch it! :)


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92358
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 163)


Please, put a space between ``if`` and ``(``.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92357
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 136)


Put a space between ``if`` and ``(``.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92356
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 536)


Please, put a space between ``if`` and ``(``.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92355
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 148)


Please, put a space between ``if`` and ``(`` here.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92354
---



core/src/main/scala/kafka/security/auth/Operation.scala (line 43)


The ``return`` here is redundant.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92353
---



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 28)


Please, put a space between ``if`` and ``(``.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92352
---



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 55)


the parenthesis after the ``!`` is not required.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92351
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 86)


Or maybe an Map.empty[String, Any]


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92350
---



core/src/main/scala/kafka/server/KafkaApis.scala (line 620)


Lines L#620 and L#621 could be merged (with a &&)  into a single 
if-condition. No need for nested if-conditions here. ;-)


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92349
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 136)


The return is redundant here.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92347
---



core/src/main/scala/kafka/security/auth/PermissionType.scala (line 47)


The ``return`` here is redundant. In fact the L#46 - L#48 could be 
rewritten as either:

```
def values() : List[PermissionType] = {
   List(Allow, Deny)
}
```

or just

```
def values = List(Allow, Deny)
```

please, check with the committers what they prefer. In any case the return 
is a unnecessary. ;)


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 71)


Disclaimer: I am not claiming that you should change the code commented 
here.

Okay, for getting rid of the dreaded ``collection.mutable.HashSet[Acl]()``, 
you have two options, afaik:

1. use ``(for (i <- list) yield i).toSet``. In the current code it would be 
something like:

```
val acls = (for (item <- aclSet) {
val principals: List[KafkaPrincipal] = 
item(PrincipalKey).asInstanceOf[List[String]].map(principal => 
KafkaPrincipal.fromString(principal))
val permissionType: PermissionType = 
PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
val operations: List[Operation] = 
item(OperationKey).asInstanceOf[List[String]].map(operation => 
Operation.fromString(operation))
val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]

yield new Acl(principals.toSet, permissionType, hosts.toSet, 
operations.toSet)
}).toSet
```

The surrounding parenthesis around the ``for`` comprehesion are important 
as ``yield`` would return the same Collection type from aclSet (a List in this 
case).

2. To use a (private) helper recursive function like, for example:

```
private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
list match {
   case item::tail => {
 
 // L#72 - L#75 processing over `item`
 
 Set(new Acl(...)) ++ listToSet(tail)
   }
   case Nil => Set.empty[Acl]
}
}
```

can call it from ``fromJson`` on ``aclSet`` instead of doing a ``foreach``.

In fact, most of lines  L#72 - L#75 are composed of Lists that eventually 
get converted to set (principals, hosts, operations and acls), so you could 
"generify" the helper function above, so that you could pass a 'convertion' 
function, but here I am wary of the complexity of the code starting to 
outweight the benefits (?) of not using mutable data structures... 
Nevertheless, it would look like:

```
def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
list match {
case head::tail => Set(f(head)) ++ listToSet(tail, f)
case Nil => Set.empty[K]
 }
}
```


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92341
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 86)


It's better to return None here, no?



core/src/main/scala/kafka/server/KafkaApis.scala (line 101)


Please, put a space between ``if`` and ``(``.


- Edward Ribeiro


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Parth Brahmbhatt 


> On July 16, 2015, 10:32 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, lines 43-44
> > 
> >
> > +1. As of today, it spills out a Match error that can be confusing to 
> > figure out. An KafkaException with a proper error message is best, imo.

Done. Also added unit tests.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91980
---


On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 20, 2015, 11:42 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Addressing more comments from Jun.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/OperationTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 04a02e08a54139ee1a298c5354731bae009efef3 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated July 20, 2015, 11:42 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Addressing more comments from Jun.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
18f5b5b895af1469876b2223841fd90a2dd255e0 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
  core/src/main/scala/kafka/server/KafkaServer.scala 
18917bc4464b9403b16d85d20c3fd4c24893d1d3 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
04a02e08a54139ee1a298c5354731bae009efef3 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-20 Thread Parth Brahmbhatt 


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > Thanks for the patch. A few comments below.
> > 
> > Also,
> > 1. For making user/group case-insensitive, could you start a discussion 
> > thread on the dev mailing list to see if anyone has concerns on this?
> > 2. Got the following compilation error. It seems that some files like 
> > Session are missing.
> > 
> > /Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:20:
> >  value Session is not a member of object kafka.network.RequestChannel
> > import kafka.network.RequestChannel.Session
> >^
> > /Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:44:
> >  not found: type Session
> >   def authorize(session: Session, operation: Operation, resource: 
> > Resource): Boolean

1. Ok, but based on my experience any discussion thread would mean we will end 
up holding up this PR for longer and KafkaAPI class keeps changing which makes 
upmerging to trunk a PITA. Can we go with case sensitive for now which is more 
restrictive and if the discussion thread comes back with case insensitive vote 
I can change the behavior at that point. 
2. This change assumes https://issues.apache.org/jira/browse/KAFKA-1683 is 
committed and uses session object from that Patch.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 23
> > 
> >
> > Intead of using "user", it's probably better to reference 
> > KafkaPrincipal.UserType.

Done.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 52
> > 
> >
> > principal should be principals.
> > 
> > Also, would it be better to represent each principal as {"type": 
> > "user", "name": "alice"}?

fixed principal -> principals.

I like it the way it is right now, easier on my eyes but dont mind changing it.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 80
> > 
> >
> > Is this needed? acls is already a set.

This is where scala is baffelling me right now and I need to read up. 

acls is collection.mutable.HashSet and it won't let me return that where a Set 
is expected so I must do a .toSet


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 91-101
> > 
> >
> > Since during the authorization, we are already dealing with a set of 
> > Acls. Would it be better to just model each Acl as a single KafkaPrincipal, 
> > with a single permission, on a single host and single operation? 
> > Intuitively, an Acl should probably also include a Resource.
> > 
> > This will make deduping Acls easier. In the current data structure. You 
> > can have 
> > 
> > acl1 = {principal1,principal2) ALLOW READ
> > 
> > acl2 = {principal1) ALLOW READ
> > 
> > They are not equal, but Acl2 is redundant given acl1. It's a bit 
> > involved to determine that Acl2 is redundant. Instead, if you have 
> > 
> > acl1 = principal1 ALLOW READ
> > acl2 = principal2 ALLOW READ
> > 
> > you can't add redundant acl2 again.

The problem with that approach is increased Admin pain when trying to grant 
same access to multiple principals. When an admin wants to add same permission 
to say 5 principals he will now have to issue the same command 5 times with 
only the principal param changing. I think if we want to avoid duplicate acls, 
the implementation might get a bit more complicated but it is still doable and 
it might be better to reduce the admin pain given the added complexity for 
de-duping is probably very small.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 101
> > 
> >
> > To be consistent, need space after comma. There are a few other places 
> > like that. Could you address them all?

Done.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 120
> > 
> >
> > No need for the bracket on isInstanceOf.

done


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > 
> >
> > Space after comma.

done.


> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 104-106
> >

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-16 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91980
---



core/src/main/scala/kafka/security/auth/Operation.scala (lines 43 - 44)


+1. As of today, it spills out a Match error that can be confusing to 
figure out. An KafkaException with a proper error message is best, imo.


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-15 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91836
---


Thanks for the patch. A few comments below.

Also,
1. For making user/group case-insensitive, could you start a discussion thread 
on the dev mailing list to see if anyone has concerns on this?
2. Got the following compilation error. It seems that some files like Session 
are missing.

/Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:20:
 value Session is not a member of object kafka.network.RequestChannel
import kafka.network.RequestChannel.Session
   ^
/Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:44:
 not found: type Session
  def authorize(session: Session, operation: Operation, resource: Resource): 
Boolean


core/src/main/scala/kafka/security/auth/Acl.scala (line 23)


Intead of using "user", it's probably better to reference 
KafkaPrincipal.UserType.



core/src/main/scala/kafka/security/auth/Acl.scala (line 52)


principal should be principals.

Also, would it be better to represent each principal as {"type": "user", 
"name": "alice"}?



core/src/main/scala/kafka/security/auth/Acl.scala (line 70)


aclMap.get(AclsKey).get can just be aclMap(AclsKey).



core/src/main/scala/kafka/security/auth/Acl.scala (line 80)


Is this needed? acls is already a set.



core/src/main/scala/kafka/security/auth/Acl.scala (lines 91 - 101)


Since during the authorization, we are already dealing with a set of Acls. 
Would it be better to just model each Acl as a single KafkaPrincipal, with a 
single permission, on a single host and single operation? Intuitively, an Acl 
should probably also include a Resource.

This will make deduping Acls easier. In the current data structure. You can 
have 

acl1 = {principal1,principal2) ALLOW READ

acl2 = {principal1) ALLOW READ

They are not equal, but Acl2 is redundant given acl1. It's a bit involved 
to determine that Acl2 is redundant. Instead, if you have 

acl1 = principal1 ALLOW READ
acl2 = principal2 ALLOW READ

you can't add redundant acl2 again.



core/src/main/scala/kafka/security/auth/Acl.scala (line 101)


To be consistent, need space after comma. There are a few other places like 
that. Could you address them all?



core/src/main/scala/kafka/security/auth/Acl.scala (line 120)


No need for the bracket on isInstanceOf.



core/src/main/scala/kafka/security/auth/Authorizer.scala (line 36)


It's better to make the Authorizer implement the Configurable interface.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 23)






core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 41)


Space after comma.



core/src/main/scala/kafka/security/auth/Operation.scala (lines 43 - 44)


Should we throw KafkaException to the caller if the input doesn't match any 
operation?



core/src/main/scala/kafka/server/KafkaApis.scala (lines 101 - 103)


Our current coding convention is not to wrap single line statement with {}. 
Also, in the message string, we should use the specific leaderAndIsrRequest.

Ditto below.



core/src/main/scala/kafka/server/KafkaApis.scala (line 207)


This is not introduced in this patch, but could you change map(_._1 to map 
{case(topicAndPartition, _ ?



core/src/main/scala/kafka/server/KafkaApis.scala (line 624)


space after if.



core/src/main/scala/kafka/server/KafkaApis.scala (lines 653 - 658)


Hmm, since there is a single error code in JoinGroupResponse, we should 
probably just return with an error and an empty partition list if at least one 
of the topics is not authorized. Returning an error with a non-empty partition 
list will make it hard for the clients to deal with.



core/src/main/scala/kafka/server/KafkaConfig.scala (line 170)


Now that KafkaConfig is an AbstractConfig, it's better to embed the 
authorizer specific properties through KafkaConfig itself and make the

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91682
---



core/src/main/scala/kafka/security/auth/ResourceType.scala (line 45)


Same comment as Permission, and PermissionType, plus the 'return' is 
redundant, no?


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91680
---



core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 24)


This test class only tests for a well formed JSON string. Wouldn't be nice 
to include some tests for when a JSON String has wrong values, like an invalid 
permissionType or operation? Or even when some of those key-values are lacking? 
Just a guess.


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91679
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 110)


As the values are fixed you could have written toMap() as below so that we 
can save ourselves from creating a mutable Map just to convert it to an 
immutable Map at the end:

 def toMap() : Map[String, Any] = {
Map(Acl.PrincipalKey -> principals.map(principal => principal.toString),
Acl.PermissionTypeKey -> permissionType.name),
Acl.OperationKey -> operations.map(operation => operation.name),
Acl.HostsKey -> hosts)
  }


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91676
---



core/src/main/scala/kafka/security/auth/Resource.scala (line 25)


In KafkaPrincipal you split like:

val arr: Array[String] = str.split(Separator, 2) //only split in two parts

But here you just call split without a second parameter. Choose one way and 
uniform the use. :)


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91675
---



core/src/main/scala/kafka/security/auth/PermissionType.scala (line 40)


Same comment of Operation.scala also applies here. In addition, the return 
is redundant, right?


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91672
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 24)


nit: what about switch this lines 23 and 24 and then use WildCardHost as 
replacement for the second literal parameter of new KafkaPrincipal?


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91671
---



core/src/main/scala/kafka/security/auth/Operation.scala (line 35)


Scala's match is a powerful mechanism but using it to decode as below seems 
boilterplate-ish. Why not use something like:

def fromString(operation: String): Operation = {
  val op = values().filter(_.name.equalsIgnoreCase(operation)).headOption
  op match {
 Some(x) => x
  }
}

or even:

def fromString(operation: String): Operation = {
  val Some(op) = 
values().filter(_.name.equalsIgnoreCase(operation)).headOption
  op
}


- Edward Ribeiro


On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 9:13 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated July 14, 2015, 9:13 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
18f5b5b895af1469876b2223841fd90a2dd255e0 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
  core/src/main/scala/kafka/server/KafkaServer.scala 
18917bc4464b9403b16d85d20c3fd4c24893d1d3 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
98a5b042a710d3c1064b0379db1d152efc9eabee 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Edward Ribeiro 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91638
---



core/src/main/scala/kafka/security/auth/Acl.scala (line 24)


nit: you could swap this line with the previous one and use 
''WildcardHost'' instead on a String literal on WildCardPrincipal declaration.


- Edward Ribeiro


On July 14, 2015, 5:02 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 14, 2015, 5:02 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Moving PermissionType to trait instead of enum. Following the convention for 
> defining constants.
> 
> 
> Adding authorizer.config.path back.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-14 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated July 14, 2015, 5:02 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Moving PermissionType to trait instead of enum. Following the convention for 
defining constants.


Adding authorizer.config.path back.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
18f5b5b895af1469876b2223841fd90a2dd255e0 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
dbe170f87331f43e2dc30165080d2cb7dfe5fdbf 
  core/src/main/scala/kafka/server/KafkaServer.scala 
18917bc4464b9403b16d85d20c3fd4c24893d1d3 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
98a5b042a710d3c1064b0379db1d152efc9eabee 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-09 Thread Parth Brahmbhatt 


> On June 11, 2015, 7:19 a.m., Dapeng Sun wrote:
> > core/src/main/scala/kafka/server/KafkaConfig.scala, line 160
> > 
> >
> > Why add a new config file path? could authorization related config 
> > options be merged into Kafka Config?

Not until https://issues.apache.org/jira/browse/KAFKA-2249 is fixed.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review87532
---


On July 10, 2015, 1 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 10, 2015, 1 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> c1f0ccad4900d74e41936fae4c6c2235fe9314fe 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-09 Thread Parth Brahmbhatt 


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 57-62
> > 
> >
> > I tried exactly that but it tunrs out our current Json parser does not 
> > work when a json string has other special characters, somehow gets into 
> > some double parsing and fails. Has been long since I wrote this code so 
> > dont exactly remember why it was failing but I did try it and with current 
> > JsonUtil it does not work.
> 
> Jun Rao wrote:
> Could you explain a bit which part doesn't work? The following simple 
> test works for me.
> 
> scala> val a = "[{\"a\": \"aa\"}]"
> a: String = [{"a": "aa"}]
> 
> scala> JSON.parseFull(a)
> res4: Option[Any] = Some(List(Map(a -> aa)))

So I tried this again and found out the issue. Nothing to do with double 
parsing ( I was probably mixing some other project here) but our current 
JSON.parseFull does not support custom objects. it only supports primitive 
types , lists, maps and iterables. It throws IllegalArg if I try to pass the 
Acl object as is because of following lines.

case other: AnyRef => throw new IllegalArgumentException("Unknown arguement of 
type " + other.getClass + ": " + other)


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 36
> > 
> >
> > In the KIP dicussion it was proposed to add a config 
> > authoizer.config.path which will contain path to a property files on all 
> > broker hosts. This is how the plugin specific property file gets passed on. 
> > Do we want to instead use configurable?
> 
> Jun Rao wrote:
> Sorry, but I missed this in the KIP review. I think it's probably better 
> NOT to have another config.path inside a configuration file. We already have 
> other pluggable logic such as the MetrisReporter and will be adding other 
> pluggable logic such as PrincipalExtractor in KAFKA-1690. Introducing a 
> separate config path for each pluggable logic may not be ideal. Also, 
> currently, we allow people to instantiate KafkaServerStartble directly so 
> that people can obtain the properties from any configuration system and pass 
> them to Kafka, instead of assuming that the properties are always specified 
> in a file. So, it's probably better to specify the properties needed by any 
> pluggable logic in the same property file, then pass them to the pluggable 
> logic through the configure() api. We have KAFKA-2249 filed to allow 
> KafkaConfig to do this. Perhaps, we can fix KAFKA-2249 first.

can we file another jira so this one is not blocked on KAFKA-2249? Or you feel 
as this is a config change we are better off just waiting for KAFKA-2249.


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 22
> > 
> >
> > I haven't added Group support yet but they will be of the form 
> > Group:. Why did you get the impression that groups will not 
> > have ":"
> 
> Jun Rao wrote:
> Oh, I was just saying that if the group name itself can contain ":", 
> parsing will be more difficult if ":" is the separator.

Fixed, users and groups can have ":" in them, also added a unit test to verify 
the same.


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > 
> >
> > Yes we can and as mentioned in the design doc when no authentication is 
> > configured it will be set as User:DrWho?.
> 
> Jun Rao wrote:
> So, I guess authentication will always authenticate at the user level and 
> it's up to the Authorization model to implement the user to group mapping?

The design it self does not assume that so the authentication layer could 
authenticate with some other principalType. My current implementation of 
authorizer makes this assumption (I think) but that is easy to fix and its part 
of another review request.


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Operation.java, line 22
> > 
> >
> > I grepped through kafka code base to understand how enums were used in 
> > other parts and all places used java enums. I assumed that was the 
> > convention . If that is not the case I can change all enum classes in core 
> > to use http://www.scala-lang.org/api/current/index.html#scala.Enumeration
> 
> Jun Rao wrote:
> Under core/, we don't have java files except when defining the java api. 
> We implement enum using case object in scala (see BrokerStates as an example).

Done.


> On June 3, 2015, 11:36 p.m., Parth B

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-09 Thread Parth Brahmbhatt 


> On June 9, 2015, 7:13 a.m., Dapeng Sun wrote:
> > core/src/main/scala/kafka/common/ErrorMapping.scala, line 57
> > 
> >
> > Why not use 23 here?

I have changed it so it now uses 23.


> On June 9, 2015, 7:13 a.m., Dapeng Sun wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 32
> > 
> >
> > Resource related operations are authorized, but authorizer itself seems 
> > not be authorized. Could a normal user  operated the ACL? we may need to 
> > add something (eg. Session) to addACL, removeACL and etc.

Given add/edit/remove acls will be invoked from CLI and these are not server 
side APIs (how I wish I would have started with that) that authorization will 
be done in a different way. Its not really part of this CR but essentially we 
will have to rely on the acl storage layer's authorization for this (zookeeper 
in case of default authorizer implementation).


> On June 9, 2015, 7:13 a.m., Dapeng Sun wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 60
> > 
> >
> > I didn't found any code invoke "removeAcls", it seems Acl entities are 
> > not cleaned when resource(eg. topic) is deleting, is that really so? or I 
> > missed?

It is part of the PR that implements CLI.


> On June 9, 2015, 7:13 a.m., Dapeng Sun wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 23
> > 
> >
> > I think it is better to use constants or enum to stand for UserType

We are using constants by using val. Enum is avoided so a custom authorizer 
implementation could add any principalType that they wish without having to 
change code in kafka codebase.


- Parth


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review86541
---


On July 10, 2015, 1 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated July 10, 2015, 1 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Addressing some more comments.
> 
> 
> Removing acl.json file
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> f418868046f7c99aefdccd9956541a0cb72b1500 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 18f5b5b895af1469876b2223841fd90a2dd255e0 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> c1f0ccad4900d74e41936fae4c6c2235fe9314fe 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> 18917bc4464b9403b16d85d20c3fd4c24893d1d3 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 98a5b042a710d3c1064b0379db1d152efc9eabee 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-07-09 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated July 10, 2015, 1 a.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Addressing some more comments.


Removing acl.json file


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
f418868046f7c99aefdccd9956541a0cb72b1500 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
18f5b5b895af1469876b2223841fd90a2dd255e0 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
c1f0ccad4900d74e41936fae4c6c2235fe9314fe 
  core/src/main/scala/kafka/server/KafkaServer.scala 
18917bc4464b9403b16d85d20c3fd4c24893d1d3 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
98a5b042a710d3c1064b0379db1d152efc9eabee 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-11 Thread Dapeng Sun 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review87532
---



core/src/main/scala/kafka/server/KafkaConfig.scala


Why add a new config file path? could authorization related config options 
be merged into Kafka Config?


- Dapeng Sun


On 六月 5, 2015, 7:07 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated 六月 5, 2015, 7:07 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> 3d483bc7518ad76f9548772522751afb4d046b78 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 387e387998fc3a6c9cb585dab02b5f77b0381fbf 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> 6f25afd0e5df98258640252661dee271b1795111 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> e66710d2368334ece66f70d55f57b3f888262620 
>   core/src/test/resources/acl.json PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 71f48c07723e334e6489efab500a43fa93a52d0c 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-09 Thread Dapeng Sun 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review86541
---


Hi Parth, thank you for your patch of authorization, and could you use "add 
comments" for replying Jun's comments? it will be easy to let the other person 
track the comments.


core/src/main/scala/kafka/common/ErrorMapping.scala


Why not use 23 here?



core/src/main/scala/kafka/security/auth/Authorizer.scala


Resource related operations are authorized, but authorizer itself seems not 
be authorized. Could a normal user  operated the ACL? we may need to add 
something (eg. Session) to addACL, removeACL and etc.



core/src/main/scala/kafka/security/auth/Authorizer.scala


I didn't found any code invoke "removeAcls", it seems Acl entities are not 
cleaned when resource(eg. topic) is deleting, is that really so? or I missed?



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


I think it is better to use constants or enum to stand for UserType


Thanks
Dapeng

- Dapeng Sun


On 六月 5, 2015, 7:07 a.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated 六月 5, 2015, 7:07 a.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
> 
> 
> Diffs
> -
> 
>   core/src/main/scala/kafka/api/OffsetRequest.scala 
> 3d483bc7518ad76f9548772522751afb4d046b78 
>   core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
>   core/src/main/scala/kafka/common/ErrorMapping.scala 
> c75c68589681b2c9d6eba2b440ce5e58cddf6370 
>   core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
>   core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
>   core/src/main/scala/kafka/server/KafkaApis.scala 
> 387e387998fc3a6c9cb585dab02b5f77b0381fbf 
>   core/src/main/scala/kafka/server/KafkaConfig.scala 
> 6f25afd0e5df98258640252661dee271b1795111 
>   core/src/main/scala/kafka/server/KafkaServer.scala 
> e66710d2368334ece66f70d55f57b3f888262620 
>   core/src/test/resources/acl.json PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala 
> PRE-CREATION 
>   core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
> 71f48c07723e334e6489efab500a43fa93a52d0c 
> 
> Diff: https://reviews.apache.org/r/34492/diff/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Parth Brahmbhatt
> 
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-08 Thread Jun Rao 


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 57-62
> > 
> >
> > I tried exactly that but it tunrs out our current Json parser does not 
> > work when a json string has other special characters, somehow gets into 
> > some double parsing and fails. Has been long since I wrote this code so 
> > dont exactly remember why it was failing but I did try it and with current 
> > JsonUtil it does not work.

Could you explain a bit which part doesn't work? The following simple test 
works for me.

scala> val a = "[{\"a\": \"aa\"}]"
a: String = [{"a": "aa"}]

scala> JSON.parseFull(a)
res4: Option[Any] = Some(List(Map(a -> aa)))


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 22
> > 
> >
> > I haven't added Group support yet but they will be of the form 
> > Group:. Why did you get the impression that groups will not 
> > have ":"

Oh, I was just saying that if the group name itself can contain ":", parsing 
will be more difficult if ":" is the separator.


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > 
> >
> > Yes we can and as mentioned in the design doc when no authentication is 
> > configured it will be set as User:DrWho?.

So, I guess authentication will always authenticate at the user level and it's 
up to the Authorization model to implement the user to group mapping?


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Operation.java, line 22
> > 
> >
> > I grepped through kafka code base to understand how enums were used in 
> > other parts and all places used java enums. I assumed that was the 
> > convention . If that is not the case I can change all enum classes in core 
> > to use http://www.scala-lang.org/api/current/index.html#scala.Enumeration

Under core/, we don't have java files except when defining the java api. We 
implement enum using case object in scala (see BrokerStates as an example).


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 36
> > 
> >
> > can you elloborate why do you think that is a better approach?

I was thinking of just embedding the acl json string in the code.


> On June 3, 2015, 11:36 p.m., Parth Brahmbhatt wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 36
> > 
> >
> > In the KIP dicussion it was proposed to add a config 
> > authoizer.config.path which will contain path to a property files on all 
> > broker hosts. This is how the plugin specific property file gets passed on. 
> > Do we want to instead use configurable?

Sorry, but I missed this in the KIP review. I think it's probably better NOT to 
have another config.path inside a configuration file. We already have other 
pluggable logic such as the MetrisReporter and will be adding other pluggable 
logic such as PrincipalExtractor in KAFKA-1690. Introducing a separate config 
path for each pluggable logic may not be ideal. Also, currently, we allow 
people to instantiate KafkaServerStartble directly so that people can obtain 
the properties from any configuration system and pass them to Kafka, instead of 
assuming that the properties are always specified in a file. So, it's probably 
better to specify the properties needed by any pluggable logic in the same 
property file, then pass them to the pluggable logic through the configure() 
api. We have KAFKA-2249 filed to allow KafkaConfig to do this. Perhaps, we can 
fix KAFKA-2249 first.


- Jun


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review86267
---


On June 4, 2015, 11:07 p.m., Parth Brahmbhatt wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> ---
> 
> (Updated June 4, 2015, 11:07 p.m.)
> 
> 
> Review request for kafka.
> 
> 
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
> 
> 
> Repository: kafka
> 
> 
> Description
> ---
> 
> Addressing review comments from Jun.
> 
> 
> Adding CREATE check for offset topic only if the topic does not exist already.
>

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-04 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated June 4, 2015, 11:07 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Adding CREATE check for offset topic only if the topic does not exist already.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
3d483bc7518ad76f9548772522751afb4d046b78 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
387e387998fc3a6c9cb585dab02b5f77b0381fbf 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
6f25afd0e5df98258640252661dee271b1795111 
  core/src/main/scala/kafka/server/KafkaServer.scala 
e66710d2368334ece66f70d55f57b3f888262620 
  core/src/test/resources/acl.json PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
71f48c07723e334e6489efab500a43fa93a52d0c 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review86267
---



core/src/main/scala/kafka/security/auth/Acl.scala


Do you mean example json or the zk Path? I have added the example json here 
I think the zk path should not be mentioned here as that is specific to default 
implementation.



core/src/main/scala/kafka/security/auth/Acl.scala


updated.



core/src/main/scala/kafka/security/auth/Acl.scala


updated.



core/src/main/scala/kafka/security/auth/Acl.scala


I tried exactly that but it tunrs out our current Json parser does not work 
when a json string has other special characters, somehow gets into some double 
parsing and fails. Has been long since I wrote this code so dont exactly 
remember why it was failing but I did try it and with current JsonUtil it does 
not work.



core/src/main/scala/kafka/security/auth/Acl.scala


I wanted to keep the equality check case insensitive for things like hosts 
which will be specified using CLI by users and its easy to make mistakes on CLI 
which is why I did not go with case class. If you disagree that this is 
improtatn I can fall back to case class.



core/src/main/scala/kafka/security/auth/Acl.scala


Its used for both encode and decode. It gets encoded when we write to 
zookeeper and decoded when we read from it. As I mentioned above there was some 
double parsing invovled but do not remember the exact details now.



core/src/main/scala/kafka/security/auth/Authorizer.scala


In the KIP dicussion it was proposed to add a config authoizer.config.path 
which will contain path to a property files on all broker hosts. This is how 
the plugin specific property file gets passed on. Do we want to instead use 
configurable?



core/src/main/scala/kafka/security/auth/Authorizer.scala


Updated the java doc.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


I haven't added Group support yet but they will be of the form 
Group:. Why did you get the impression that groups will not have ":"



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


I am sorry I should have read the styling guide more carefully. Updated.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


Yes we can and as mentioned in the design doc when no authentication is 
configured it will be set as User:DrWho?.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


Added a null check as part of object construction.

Again I made all the equality check case insensitive as these will be 
specified on CLI by users and are easy to get incorrect. If you think this is a 
potential security hole given most systems have user/principal names as case 
sensitive I can change this to a case class.



core/src/main/scala/kafka/security/auth/Operation.java


I grepped through kafka code base to understand how enums were used in 
other parts and all places used java enums. I assumed that was the convention . 
If that is not the case I can change all enum classes in core to use 
http://www.scala-lang.org/api/current/index.html#scala.Enumeration



core/src/main/scala/kafka/security/auth/Resource.scala


Done.



core/src/main/scala/kafka/security/auth/Resource.scala


Done.



core/src/main/scala/kafka/server/KafkaApis.scala


Done.



core/src/main/scala/kafka/server/KafkaApis.scala


I originally had this as a write request for each topic partition , later I 
realized this API is only called by controller but forgot to update the code 
accordingly. Fixed.



core/src/main/scala/kafka/server/KafkaApis.scala


I think we agreed in KIP that in order to commit offset the client needs 
read permission on Topic and READ permission on GROUP.Are you suggesting we 
should not check for topic READ access?



core/src/main/scala/kafka/server/KafkaApis.scala


Done.



co

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated June 3, 2015, 11:36 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description
---

Addressing review comments from Jun.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
3d483bc7518ad76f9548772522751afb4d046b78 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
387e387998fc3a6c9cb585dab02b5f77b0381fbf 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
6f25afd0e5df98258640252661dee271b1795111 
  core/src/main/scala/kafka/server/KafkaServer.scala 
e66710d2368334ece66f70d55f57b3f888262620 
  core/src/test/resources/acl.json PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
71f48c07723e334e6489efab500a43fa93a52d0c 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-06-03 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

(Updated June 3, 2015, 11:34 p.m.)


Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description (updated)
---

Addressing review comments from Jun.


Diffs (updated)
-

  core/src/main/scala/kafka/api/OffsetRequest.scala 
3d483bc7518ad76f9548772522751afb4d046b78 
  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
387e387998fc3a6c9cb585dab02b5f77b0381fbf 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
9efa15ca5567b295ab412ee9eea7c03eb4cdc18b 
  core/src/main/scala/kafka/server/KafkaServer.scala 
e66710d2368334ece66f70d55f57b3f888262620 
  core/src/test/resources/acl.json PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
8014a5a6c362785539f24eb03d77278434614fe6 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt

Re: Review Request 34492: Patch for KAFKA-2210

2015-05-31 Thread Jun Rao 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review85791
---


Thanks for that patch. A few comments below.

Also, two common types of users are consumers and publishers. Currently, if you 
want to allow a user to consume from topic t in consumer group g, you have to 
grant (1) read permission on topic t; (2) read permission on group g; (3) 
describe permission on topic t; (4) describe permission on group g; (5) create 
permission on offset topic; (6) describe permission on offset topic. Similarly, 
if you want to allow a user to publish to a topic t, you need to grant (1) 
write permission to topic t; (2) create permission on the cluster; (3) describe 
permission on topic t. These are a quite a few individual permission for the 
admin to remember and set. I am wondering if we can grant permissions to these 
two types of users in a simpler way, at least through the cli. For example, for 
a consumer, based on the topics and the consumer group, it would be nice if the 
cli can grant the necessary permissions automatically, instead of having to 
require the admin to set each indivial permission.


core/src/main/scala/kafka/security/auth/Acl.scala


Could we document the ZK format in the comment.



core/src/main/scala/kafka/security/auth/Acl.scala


Currently, the convention for constants in our scala code is CamelCase (see 
ZkUtils).



core/src/main/scala/kafka/security/auth/Acl.scala


aclMap.get(key).get can just be aclMap(key).



core/src/main/scala/kafka/security/auth/Acl.scala


Instead of this, would it be better to model Acls as a class? Then, we just 
need Acls.fromJson and Acls.toJson.



core/src/main/scala/kafka/security/auth/Acl.scala


Would it be better to use a case class here so that we don't have to 
override equals and hashcode, and perhaps toString()?



core/src/main/scala/kafka/security/auth/Acl.scala


Hmm, not sure why we can't just implement a toJson directly. The json 
library is only used for decode, but not encode, right?



core/src/main/scala/kafka/security/auth/Authorizer.scala


I am not sure if it's enough to just take KafkaConfig. KafkaConfig will 
only contain pre-defined properties. However, the plugin module may need some 
plugin specific properties that haven't been predefined. It seems that we need 
to take in the original properties as what we do in the client (see 
Configurable).



core/src/main/scala/kafka/security/auth/Authorizer.scala


Since this is just for authorization, perhaps the semantic should be 
removing all acls associated with a resource? The removing of the resource 
itself should be done somewhere else.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


So groups typically don't include ':' ?



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


Since userType is public constant, we want to capitalize U.



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


Perhaps Harsh can comment on this. Are we able to populate the 
principalType through an ssl or sasl connection?



core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala


Should we test for null?

Also, is principal name always case insensitive?



core/src/main/scala/kafka/security/auth/Operation.java


Currently, core is completely scala. Is there a particular reason that this 
and a few other new classes in core are in java?



core/src/main/scala/kafka/security/auth/Resource.scala


Capitalize c and s.



core/src/main/scala/kafka/security/auth/Resource.scala


Capitalize expected and allowed. Space before allowed.



core/src/main/scala/kafka/server/KafkaApis.scala


Instead if generating the response here directly, it's probably simpler to 
just throw an AuthroizationException. The caller already has a generic way of 
generating the response on exceptions. We can do this for all requests of 
CLUSTER_ACTION.



core/src/main/scala/kafka/server/KafkaApis.scala

Review Request 34492: Patch for KAFKA-2210

2015-05-20 Thread Parth Brahmbhatt 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
---

Review request for kafka.


Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210


Repository: kafka


Description
---

KAFKA-2210: Kafka authorizer public entities and changes to KafkaAPI and 
KafkaServer to allow custom authorizer implementation.


Diffs
-

  core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION 
  core/src/main/scala/kafka/common/ErrorMapping.scala 
c75c68589681b2c9d6eba2b440ce5e58cddf6370 
  core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Operation.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION 
  core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION 
  core/src/main/scala/kafka/security/auth/ResourceType.java PRE-CREATION 
  core/src/main/scala/kafka/server/KafkaApis.scala 
387e387998fc3a6c9cb585dab02b5f77b0381fbf 
  core/src/main/scala/kafka/server/KafkaConfig.scala 
9efa15ca5567b295ab412ee9eea7c03eb4cdc18b 
  core/src/main/scala/kafka/server/KafkaServer.scala 
ea6d165d8e5c3146d2c65e8ad1a513308334bf6f 
  core/src/test/resources/acl.json PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala 
PRE-CREATION 
  core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION 
  core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 
8014a5a6c362785539f24eb03d77278434614fe6 

Diff: https://reviews.apache.org/r/34492/diff/


Testing
---


Thanks,

Parth Brahmbhatt