> On Feb. 3, 2016, 1:20 a.m., Dapeng Sun wrote: > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java, > > line 210 > > <https://reviews.apache.org/r/43064/diff/2/?file=1229885#file1229885line210> > > > > The KafkaAuthorizer would be run by Kafka service user, if the > > getLoginUser() will return the Kafka service user, it will not have any > > authorization for acl operations. > > I think we can remove the acl operation, if the acl operations is > > needed at Kafka side, we may need to add shell commands likes > > SENTRY-399,SENTRY-995 > > Ashish Singh wrote: > We are planning to use `kafka-acls.sh` that ships with Kafka to allow > users to add/remove acls. I do understand that this will require that 'kafka' > user has sufficient privilleges in Sentry to be able to create/modify > privileges. Shouldn't that problem be solved by adding 'kafka' user as super > user in sentry. How does 'hive' create/modify/delete permissions?
Dapeng, I have removed acls' CRUD implementations and filed KAFKA-3221 and SENTRY-1057 to track implementation of acls' CRUD. Till then we can rely on Sentry CLI. - Ashish ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/43064/#review117341 ----------------------------------------------------------- On Feb. 8, 2016, 11:30 p.m., Ashish Singh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/43064/ > ----------------------------------------------------------- > > (Updated Feb. 8, 2016, 11:30 p.m.) > > > Review request for sentry and Dapeng Sun. > > > Bugs: SENTRY-1011 > https://issues.apache.org/jira/browse/SENTRY-1011 > > > Repository: sentry > > > Description > ------- > > SENTRY-1011: Add Kafka binding > > > Diffs > ----- > > pom.xml aa99e313d8ae98bf048ce7d78574a9398f22732e > sentry-binding/pom.xml 0f2a987668cb3ea13d921636dfbc063bd17a3790 > sentry-binding/sentry-binding-kafka/pom.xml PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/ConvertUtil.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizer.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBinding.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/binding/KafkaAuthBindingSingleton.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/MockGroupMappingServiceProvider.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/ConvertUtilTest.java > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/test/java/org/apache/sentry/kafka/authorizer/SentryKafkaAuthorizerTest.java > PRE-CREATION > sentry-binding/sentry-binding-kafka/src/test/resources/core-site.xml > PRE-CREATION > sentry-binding/sentry-binding-kafka/src/test/resources/log4j.properties > PRE-CREATION > sentry-binding/sentry-binding-kafka/src/test/resources/sentry-site.xml > PRE-CREATION > > sentry-binding/sentry-binding-kafka/src/test/resources/test-authz-provider.ini > PRE-CREATION > > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationComponent.java > 6409015a92c94d37f21e0dbc8f7d7de74e3be5ec > > Diff: https://reviews.apache.org/r/43064/diff/ > > > Testing > ------- > > Tested with unit and e2e tests. > > > Thanks, > > Ashish Singh > >
