Hi Piyush,
Thanks for raising this KIP - it's very much appreciated.
I've not had chance to digest it yet, but...
1. you might want to add details of how the internals of the
`getMatchingAcls` is implemented. We'd want to make sure the complexity of
the operation isn't adversely affected.
2. You might want to be more explicit that the length of a prefix does not
play a part in the `authorize` call, e.g. given ACLs {DENY, some.*}, {ALLOW,
some.prefix.*}, the longer, i.e. more specific, allow ACL does _not_
override the more general deny ACL.
Thanks,
Andy
On 1 May 2018 at 16:59, Ron Dagostino <rndg...@gmail.com> wrote:
> Hi Piyush. I appreciated your talk at Kafka Summit and appreciate the KIP
> -- thanks.
>
> Could you explain these mismatching references? Near the top of the KIP
> you refer to these proposed new method signatures:
>
> def getMatchingAcls(resource: Resource): Set[Acl]
> def getMatchingAcls(principal: KafkaPrincipal): Map[Resource, Set[Acl]]
>
> But near the bottom of the KIP you refer to different method
> signatures that don't seem to match the above ones:
>
> getMatchingAcls(topicRegex)
> getMatchingAcls(principalRegex)
>
> Ron
>
>
> On Tue, May 1, 2018 at 11:48 AM, Ted Yu <yuzhih...@gmail.com> wrote:
>
> > The KIP was well written. Minor comment on formatting:
> >
> > https://github.com/apache/kafka/blob/trunk/core/src/
> > main/scala/kafka/admin/AclCommand.scala
> > to
> >
> > Leave space between the URL and 'to'
> >
> > Can you describe changes for the AdminClient ?
> >
> > Thanks
> >
> > On Tue, May 1, 2018 at 8:12 AM, Piyush Vijay <piyushvij...@gmail.com>
> > wrote:
> >
> > > Hi all,
> > >
> > > I just opened a KIP to add support for wildcard suffixed ACLs. This is
> > one
> > > of the feature I talked about in my Kafka summit talk and we promised
> to
> > > upstream it :)
> > >
> > > The details are here -
> > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > > 290%3A+Support+for+wildcard+suffixed+ACLs
> > >
> > > There is an open question about the way to add the support in the
> > > AdminClient, which I can discuss here in more detail once everyone has
> > > taken a first look at the KIP.
> > >
> > > Looking forward to discuss the change.
> > >
> > > Best,
> > > Piyush Vijay
> > >
> >
>
