Hi All,
If there are no more concerns, I will like to start vote for this KIP.
Thanks,
Mayuresh
On Wed, Feb 1, 2017 at 8:38 PM, Mayuresh Gharat
wrote:
> Hi Dong,
>
> What I meant was "Right now Kafka just extracts the name out of the
> Principal that is generated by the PrincipalBuilder. Inst
Hi Dong,
What I meant was "Right now Kafka just extracts the name out of the
Principal that is generated by the PrincipalBuilder. Instead of doing that
if it preserves the Principal itself, this issue can be addressed".
May be I should have used the word "preserve" instead of "stores". I have
upd
The last paragraph of the motivation section is a bit confusing. I guess
you want to say "This issue can be addressed if the Session class stores
the Principal object extracted from a request".
I like the approach of changing Session class to be case class
*Session(principal:
KafkaPrincipal, clien
Hi All,
I have updated the KIP as per our discussion here.
It would be great if you can take another look and let me know if there are
any concerns.
Thanks,
Mayuresh
On Sat, Jan 28, 2017 at 6:10 PM, Mayuresh Gharat wrote:
> I had offline discussions with Joel, Dong and Radai.
>
> I agree that
I had offline discussions with Joel, Dong and Radai.
I agree that we can replace the KafkaPrincipal in Session with the
ChannelPrincipal.
KafkaPrincipal can be provided as an out of box implementation.
The only gotcha will be users will have to implement there own Authorizer,
if they decide to us
Hi Dong,
Thanks for the review. Please see the replies inline.
1. I am not sure we need to add the method buildPrincipal(Map
principalConfigs). It seems that user can simply do
principalBuilder.configure(...).buildPrincipal(...) without using that
method.
-> I am not sure if I understand
Hey Mayuresh,
Thanks for the KIP. I actually like the suggestions by Ismael and Jun. Here
are my comments:
1. I am not sure we need to add the method buildPrincipal(Map
principalConfigs). It seems that user can simply do
principalBuilder.configure(...).buildPrincipal(...) without using that
metho
Hi Rajini,
Thanks a lot for the review. Please see the comments inline :
It feels like the goal is to expose custom Principal as an
opaque object between PrincipalBuilder and Authorizer so that Kafka doesn't
really need to know anything about additional stuff added for
customization. But kafka-ac
Hi Mayuresh,
Thanks for updating the KIP. A couple of questions:
1. PrincipalBuilder implements Configurable and gets a map of properties
via the `configure` method. Do we really need a new `buildPrincipal` method
given that?
2. Jun suggested in the JIRA that it may make sense to pass the
`chann
Hi Mayuresh,
The part about exposing Principal from custom PrincipalBuilder to custom
Authorizer sounds good. The definition of ACLs using kafka-acls.sh is less
clear to me. It feels like the goal is to expose custom Principal as an
opaque object between PrincipalBuilder and Authorizer so that Kaf
LGTM.
Kafka currently allows setting both a custom PrincipalBuilder and a custom
Authorizer (expected to act on the output of the principal builder) but
makes the naive assumption that any and all information about a (custom)
principal is solely contained in its name property. this kip addresses t
Hi,
Just wanted to see if anyone had any concerns with this KIP.
I would like to put this to vote soon, if there are no concerns.
Thanks,
Mayuresh
On Thu, Jan 12, 2017 at 11:21 AM, Mayuresh Gharat <
gharatmayures...@gmail.com> wrote:
> Hi Ismael,
>
> Fair point. I will update it.
>
> Thanks,
>
Hi Ismael,
Fair point. I will update it.
Thanks,
Mayuresh
On Thu, Jan 12, 2017 at 11:07 AM, Ismael Juma wrote:
> Hi Mayuresh,
>
> Thanks for the KIP. A quick comment before I do a more detailed analysis,
> the KIP says:
>
> `This KIP is a pure addition to existing functionality and does not i
Hi Mayuresh,
Thanks for the KIP. A quick comment before I do a more detailed analysis,
the KIP says:
`This KIP is a pure addition to existing functionality and does not include
any backward incompatible changes.`
However, the KIP is proposing the addition of a method to the
PrincipalBuilder plug
14 matches
Mail list logo