----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74470/ -----------------------------------------------------------
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Bugs: RANGER-3939 https://issues.apache.org/jira/browse/RANGER-3939 Repository: ranger Description ------- RANGER-3939: Implement acls, createAcls and deleteAcls in Kafka Authorizer Diffs ----- plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java 57a888e9a plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java 96a36abe9 plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/utils/RangerKafkaCheckAccess.java PRE-CREATION plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/utils/RangerKafkaGrantAccess.java PRE-CREATION plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/utils/RangerKafkaListAccess.java PRE-CREATION plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/utils/RangerKafkaRevokeAccess.java PRE-CREATION plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/utils/RangerKafkaUtils.java PRE-CREATION Diff: https://reviews.apache.org/r/74470/diff/1/ Testing ------- TESTING CREATE /kafktest/kafka-client.conf security.protocol=SASL_SSL ssl.truststore.location=truststore.jks sasl.kerberos.service.name=kafka sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="kafka.keytab" principal="<kafka-principal>"; List acl: kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --list --topic connect-configs kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --list --cluster test_cluster1 afka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --list --cluster Create acl: kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --add --allow-principal User:testuser1 --operation read --topic finance-topic kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --add --allow-principal Group:mysql --operation read --topic finance-topic kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --add --allow-principal Group:mysql --allow-principal User:testuser1 --operation read --topic finance-topic kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --add --allow-principal User:testuser1 -operation read --topic finance-topic --resource-pattern-type prefixed Revoke acl: kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --remove --allow-principal Group:mysql -operation read --topic finance-topic kafka-acls --bootstrap-server ssl-cluster:9093 --command-config /kafkatest/kafka-client.conf --remove --allow-principal User:testuser1 -operation read --topic finance-topic Not Support for this first cut: --allow-host and --deny-host Host name in the api call This is not support as this requires grant/revoke ranger api to support the creation of policy condition for the policy that is getting created --deny-principal Grant except and Revoke except This needs Grant and Revoke Api to support “exception” policy creation. Thanks, Ramesh Mani