[GitHub] [kafka] rajinisivaram commented on a change in pull request #9865: Fill in the 2.8 release note for Authorizer

Tue, 12 Jan 2021 07:04:30 -0800 


rajinisivaram commented on a change in pull request #9865:
URL: https://github.com/apache/kafka/pull/9865#discussion_r555831648



##########
File path: docs/upgrade.html
##########
@@ -20,6 +20,28 @@
 <script id="upgrade-template" type="text/x-handlebars-template">
 
 <h5><a id="upgrade_280_notable" href="#upgrade_280_notable">Notable changes in 
2.8.0</a></h5>
+<ul>
+    <li>
+        The 2.8.0 release added a new Authorizer interface introduced in

Review comment:
       added a new method to the Authorizer Interface

##########
File path: docs/upgrade.html
##########
@@ -20,6 +20,28 @@
 <script id="upgrade-template" type="text/x-handlebars-template">
 
 <h5><a id="upgrade_280_notable" href="#upgrade_280_notable">Notable changes in 
2.8.0</a></h5>
+<ul>
+    <li>
+        The 2.8.0 release added a new Authorizer interface introduced in
+        <a 
href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-679%3A+Producer+will+enable+the+strongest+delivery+guarantee+by+default";>KIP-679</a>.
+        Custom authorizer implementations should consider overriding this 
default implementation because:

Review comment:
       It will be good to specify the change to authorization (i.e. why we 
added the new method).

##########
File path: docs/upgrade.html
##########
@@ -20,6 +20,28 @@
 <script id="upgrade-template" type="text/x-handlebars-template">
 
 <h5><a id="upgrade_280_notable" href="#upgrade_280_notable">Notable changes in 
2.8.0</a></h5>
+<ul>
+    <li>
+        The 2.8.0 release added a new Authorizer interface introduced in
+        <a 
href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-679%3A+Producer+will+enable+the+strongest+delivery+guarantee+by+default";>KIP-679</a>.
+        Custom authorizer implementations should consider overriding this 
default implementation because:
+        <ul>
+            <li>
+                1. The default implementation iterates all AclBindings 
multiple times, without any caching
+                   by principal, host, operation, permission types, and 
resource types. More efficient
+                   implementations may be added in custom authorizers that 
directly access cached entries.

Review comment:
       Should be sufficient to provide a summary: e.g. `Custom authorizers 
should consider providing a more efficient implementation that supports audit 
logging and any custom configs or access rules`.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to