+1
On 19/06/17 21:31, Vahid S Hashemian wrote:
Thanks everyone. Great discussion.
Because these Read or Write actions are interpreted in conjunction with
particular resources (Topic, Group, ...) it would also make more sense to
me that for committing offsets the ACL should be (Group, Write).
So, a consumer would be required to have (Topic, Read), (Group, Write)
ACLs in order to function.
--Vahid
From: Colin McCabe <cmcc...@apache.org>
To: us...@kafka.apache.org
Date: 06/19/2017 11:01 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Thanks for the explanation. I still think it would be better to have
the mutation operations require write ACLs, though. It might not be
100% intuitive for novice users, but the current split between Describe
and Read is not intuitive for either novice or experienced users.
In any case, I am +1 on the incremental improvement discussed in
KIP-163.
cheers,
Colin
On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
Offset commit is something that is done in the act of consuming (or
reading) Kafka messages.
Yes technically it is a write to the Kafka consumer offset topic but
it's
much easier for
administers to think of ACLs in terms of whether the user is allowed to
write (Produce) or
read (Consume) messages and not the lower level semantics that are that
consuming is actually
reading AND writing (albeit only to the offset topic).
-hans
On Jun 17, 2017, at 10:59 AM, Viktor Somogyi
<viktor.somo...@cloudera.com> wrote:
Hi Vahid,
+1 for OffsetFetch from me too.
I also wanted to ask the strangeness of the permissions, like why is
OffsetCommit a Read operation instead of Write which would intuitively
make
more sense to me. Perhaps any expert could shed some light on this? :)
Viktor
On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
vahidhashem...@us.ibm.com <mailto:vahidhashem...@us.ibm.com>> wrote:
Hi Michal,
Thanks a lot for your feedback.
Your statement about Heartbeat is fair and makes sense. I'll update
the
KIP accordingly.
--Vahid
From: Michal Borowiecki <michal.borowie...@openbet.com>
To: us...@kafka.apache.org, Vahid S Hashemian <
vahidhashem...@us.ibm.com>, dev@kafka.apache.org
Date: 06/13/2017 01:35 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
------------------------------
Hi Vahid,
+1 wrt OffsetFetch.
The "Additional Food for Thought" mentions Heartbeat as a
non-mutating
action. I don't think that's true as the GroupCoordinator updates the
latestHeartbeat field for the member and adds a new object to the
heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
called from handleHeartbeat()
NB added dev mailing list back into CC as it seems to have been lost
along
the way.
Cheers,
MichaĆ
On 12/06/17 18:47, Vahid S Hashemian wrote:
Hi Colin,
Thanks for the feedback.
To be honest, I'm not sure either why Read was selected instead of
Write
for mutating APIs in the initial design (I asked Ewen on the
corresponding
JIRA and he seemed unsure too).
Perhaps someone who was involved in the design can clarify.
Thanks.
--Vahid
From: Colin McCabe *<cmcc...@apache.org <mailto:cmcc...@apache.org
* <cmcc...@apache.org <mailto:cmcc...@apache.org>>
To: *us...@kafka.apache.org <mailto:us...@kafka.apache.org>*
<us...@kafka.apache.org <mailto:us...@kafka.apache.org>>
Date: 06/12/2017 10:11 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
I think you make a valid point that the ACLs controlling group
operations are not very intuitive.
This is probably a dumb question, but why are we using Read for
mutating
APIs? Shouldn't that be Write?
The distinction between Describe and Read makes a lot of sense for
Topics. A group isn't really something that you "read" from in the
same
way as a topic, so it always felt kind of weird there.
best,
Colin
On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
Hi all,
I'm resending my earlier note hoping it would spark some conversation
this
time around :)
Thanks.
--Vahid
From: "Vahid S Hashemian" *<vahidhashem...@us.ibm.com <
mailto:vahidhashem...@us.ibm.com>>*
<vahidhashem...@us.ibm.com <mailto:vahidhashem...@us.ibm.com>>
To: dev *<dev@kafka.apache.org <mailto:dev@kafka.apache.org>>*
<dev@kafka.apache.org <mailto:dev@kafka.apache.org>>, "Kafka User"
*<us...@kafka.apache.org <mailto:us...@kafka.apache.org>>*
<us...@kafka.apache.org <mailto:us...@kafka.apache.org>>
Date: 05/30/2017 08:33 AM
Subject: KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Hi,
I started a new KIP to improve the minimum required ACL permissions
of
some of the APIs:
*https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
The KIP is to address KAFKA-4585.
Feedback and suggestions are welcome!
Thanks.
--Vahid
--
<http://www.openbet.com/ <http://www.openbet.com/>> *Michal
Borowiecki*
*Senior Software Engineer L4*
*T: * +44 208 742 1600 <(208)%20742-1600>
+44 203 249 8448 <(203)%20249-8448>
*E: * *michal.borowie...@openbet.com <
mailto:michal.borowie...@openbet.com>* <michal.borowie...@openbet.com <
mailto:michal.borowie...@openbet.com>>
*W: * *www.openbet.com <http://www.openbet.com/>* <
http://www.openbet.com/ <http://www.openbet.com/>>
*OpenBet Ltd*
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo <
https://www.openbet.com/email_promo>>
This message is confidential and intended only for the addressee. If
you
have received this message in error, please immediately notify the
*postmas...@openbet.com <mailto:postmas...@openbet.com>*
<postmas...@openbet.com <mailto:postmas...@openbet.com>>and delete it from
your
system as well as any copies. The content of e-mails as well as
traffic
data may be monitored by OpenBet for employment and security
purposes. To
protect the environment please do not print this e-mail unless
necessary.
OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566
Chiswick High
Road, London, W4 5XT, United Kingdom. A company registered in England
and
Wales. Registered no. 3134634. VAT no. GB927523612
--
Signature
<http://www.openbet.com/> Michal Borowiecki
Senior Software Engineer L4
T: +44 208 742 1600
+44 203 249 8448
E: michal.borowie...@openbet.com
W: www.openbet.com <http://www.openbet.com/>
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo>
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmas...@openbet.com <mailto:postmas...@openbet.com> and delete it
from your system as well as any copies. The content of e-mails as well
as traffic data may be monitored by OpenBet for employment and security
purposes. To protect the environment please do not print this e-mail
unless necessary. OpenBet Ltd. Registered Office: Chiswick Park Building
9, 566 Chiswick High Road, London, W4 5XT, United Kingdom. A company
registered in England and Wales. Registered no. 3134634. VAT no.
GB927523612
