Great idea. Copying my comment from the JIRA. Do you think adding ducktape tests will work? It will probably require ducktape to allow adding resources, like JARs, config files, etc. Geoff Anderson <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=granders> is it possible to do that?
On Thu, Mar 3, 2016 at 10:42 AM, Grant Henke <ghe...@cloudera.com> wrote: > Related to these questions, I create a jira to track testing/validating > these expectations for both the internal SimpleAuthorizer and any third > party implemented authorizer: > > KAFKA-3329 <https://issues.apache.org/jira/browse/KAFKA-3329>: Validation > script to test expected behavior of Authorizer implementations > > > > On Thu, Mar 3, 2016 at 11:33 AM, Grant Henke <ghe...@cloudera.com> wrote: > > > I am working on the List/Alter ACLs patch ( > > https://github.com/apache/kafka/pull/1005) for KIP-4 and have a few > > questions around expectations for an Authorizer implementation: > > > > - What is the expected behavior when I add the same ACL twice? > > - What is the expected behavior when I remove an ACL that is not set? > > - What type of "permission inheritance" is an implementer of the > > Authorizer interface supposed to follow: > > - Example: READ or WRITE automatically grants DESCRIBE > > - Is the Authorizer implementation expected to manage blocking/local > > cache consistency across all instances? > > - Or should all requests go to 1 instance? > > - This is related to the bug found while working on this patch: > > KAFKA-3328 <https://issues.apache.org/jira/browse/KAFKA-3328> > > > > Thanks, > > Grant > > > > -- > > Grant Henke > > Software Engineer | Cloudera > > gr...@cloudera.com | twitter.com/gchenke | linkedin.com/in/granthenke > > > > > > -- > Grant Henke > Software Engineer | Cloudera > gr...@cloudera.com | twitter.com/gchenke | linkedin.com/in/granthenke > -- Regards, Ashish
