I can confirm that KAFKA-1688 will cover this use case. Please go over https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+In terface and let me know if you think there is a different use case being covered by KIP-7.
Thanks Parth On 3/20/15, 9:26 AM, "Jun Rao" <j...@confluent.io> wrote: >Yes, we can discuss the implementation separately. > >As for the proposal itself, have you looked at KAFKA-1688? Could this just >be a special case for authorization and be included there? > >Thanks, > >Jun > >On Wed, Mar 18, 2015 at 6:26 PM, Jeff Holoman <jholo...@cloudera.com> >wrote: > >> One other thought. Does the timing of the implementation (or lack >>thereof) >> affect the proposal? It seems like the question you are asking is an >> implementation detail in terms of when the work would be done. If there >> isn't really support for the KIP that's ok, just wanting to make sure we >> are segmenting the vote for the KIP from concerns about implementation >> timing. >> >> Thanks! >> >> Jeff >> >> On Wed, Mar 18, 2015 at 9:22 PM, Jeff Holoman <jholo...@cloudera.com> >> wrote: >> >> > Hey Jun thanks for the comment. >> > >> > Is the plan to re-factor the SocketServer implementation >>significantly? >> > The current check is just in the acceptor. Does this change with the >> > refactor? >> > >> > Thanks >> > >> > Jeff >> > >> > >> > >> > >> > >> > On Wed, Mar 18, 2015 at 7:25 PM, Jun Rao <j...@confluent.io> wrote: >> > >> >> The proposal sounds reasonable. Timing wise, since we plan to >>refactor >> the >> >> network layer code in the broker, perhaps this can wait until >>KAFKA-1928 >> >> is >> >> done? >> >> >> >> Thanks, >> >> >> >> Jun >> >> >> >> On Tue, Mar 17, 2015 at 6:56 AM, Jeff Holoman <jholo...@cloudera.com> >> >> wrote: >> >> >> >> > bump >> >> > >> >> > On Tue, Mar 3, 2015 at 8:12 PM, Jeff Holoman >><jholo...@cloudera.com> >> >> > wrote: >> >> > >> >> > > Guozhang, >> >> > > >> >> > > The way the patch is implemented, the check is done in the >>acceptor >> >> > thread >> >> > > accept() method of the Socket Server, just before >>connectionQuotas. >> >> > > >> >> > > Thanks >> >> > > >> >> > > Jeff >> >> > > >> >> > > On Tue, Mar 3, 2015 at 7:59 PM, Guozhang Wang >><wangg...@gmail.com> >> >> > wrote: >> >> > > >> >> > >> Jeff, >> >> > >> >> >> > >> I am wondering if the IP filtering rule can be enforced at the >> socket >> >> > >> server level instead of the Kafka API level? >> >> > >> >> >> > >> Guozhang >> >> > >> >> >> > >> On Tue, Mar 3, 2015 at 2:24 PM, Jiangjie Qin >> >> <j...@linkedin.com.invalid >> >> > > >> >> > >> wrote: >> >> > >> >> >> > >> > +1 (non-binding) >> >> > >> > >> >> > >> > On 3/3/15, 1:17 PM, "Gwen Shapira" <gshap...@cloudera.com> >> wrote: >> >> > >> > >> >> > >> > >+1 (non-binding) >> >> > >> > > >> >> > >> > >On Tue, Mar 3, 2015 at 12:44 PM, Jeff Holoman < >> >> jholo...@cloudera.com >> >> > > >> >> > >> > >wrote: >> >> > >> > >> Details in the wiki. >> >> > >> > >> >> >> > >> > >> >> >> > >> > >> >> >> > >> > >> >> >> > >> > >> >> > >> >> >> > >> >> >> >>https://cwiki.apache.org/confluence/display/KAFKA/KIP-7+-+Security+-+IP+F >> >> > >> > >>iltering >> >> > >> > >> >> >> > >> > >> >> >> > >> > >> >> >> > >> > >> -- >> >> > >> > >> Jeff Holoman >> >> > >> > >> Systems Engineer >> >> > >> > >> >> > >> > >> >> > >> >> >> > >> >> >> > >> -- >> >> > >> -- Guozhang >> >> > >> >> >> > > >> >> > > >> >> > > >> >> > > -- >> >> > > Jeff Holoman >> >> > > Systems Engineer >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> >> > >> >> > -- >> >> > Jeff Holoman >> >> > Systems Engineer >> >> > >> >> >> > >> > >> > >> > -- >> > Jeff Holoman >> > Systems Engineer >> > >> > >> > >> > >> >> >> -- >> Jeff Holoman >> Systems Engineer >>
