[jira] [Updated] (KAFKA-3186) KIP-50: Move Authorizer and related classes to separate package.

Fri, 22 Sep 2017 21:49:48 -0700 

     [ 
https://issues.apache.org/jira/browse/KAFKA-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guozhang Wang updated KAFKA-3186:
---------------------------------

*Reminder to the contributor / reviewer of the PR*: please note that the code 
deadline for 1.0.0 is less than 2 weeks away (Oct. 4th). Please re-evaluate 
your JIRA and see if it still makes sense to be merged into 1.0.0 or it could 
be pushed out to 1.1.0, or be closed directly if the JIRA itself is not valid 
any more, or re-assign yourself as contributor / committer if you are no longer 
working on the JIRA.

> KIP-50: Move Authorizer and related classes to separate package.
> ----------------------------------------------------------------
>
>                 Key: KAFKA-3186
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3186
>             Project: Kafka
>          Issue Type: Improvement
>    Affects Versions: 0.9.0.0
>            Reporter: Ashish Singh
>            Assignee: Ashish Singh
>             Fix For: 1.0.0
>
>
> [KIP-50|https://cwiki.apache.org/confluence/display/KAFKA/KIP-50+-+Move+Authorizer+to+a+separate+package]
>  has more details.
> Kafka supports pluggable authorization. Third party authorizer 
> implementations allow existing authorization systems like, Apache Sentry, 
> Apache Ranger, etc to extend authorization to Kafka as well. Implementing 
> Kafka's authorizer interface requires depending on kafka's core, which is 
> huge. This has been already raised as a concern by Sentry, Ranger and Kafka 
> community. Even Kafka clients require duplication of authorization related 
> classes, like Resource, Operation, etc, for adding ACLs CRUD APIs.
> Kafka authorizer is agnostic of principal types it supports, so are the acls 
> CRUD methods in Authorizer interface. The intent behind is to keep Kafka 
> principal types pluggable, which is really great. However, this leads to Acls 
> CRUD methods not performing any check on validity of acls, as they are not 
> aware of what principal types Authorizer implementation supports. This opens 
> up space for lots of user errors, KAFKA-3097 is an instance.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to