Review Request 32300: Fix segment grouping in LogCleaner so that relative offsets fit in 4 bytes

59914281594d557b9fd0713fe808b36c83745577 core/src/test/scala/unit/kafka/log/CleanerTest.scala a4da95f765e5778c896551ecef0e0eaef5167ae1 Diff: https://reviews.apache.org/r/32300/diff/ Testing --- Thanks, Rajini Sivaram

Re: Review Request 33125: Add comment to timing fix

/MetadataTest.java 928087d29deb80655ca83726c1ebc45d76468c1f Diff: https://reviews.apache.org/r/33125/diff/ Testing --- Thanks, Rajini Sivaram

Re: [DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation

would make it easier to grow the support for new protocols. I wanted to check if this has already been discussed in the past. Thank you, Rajini On Fri, Apr 24, 2015 at 9:26 AM, Rajini Sivaram rajinisiva...@googlemail.com wrote: Harsha, Thank you for the quick response. (Sorry had missed

[DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation

we are adding selector related code into channel. Thanks, Harsha On April 22, 2015 at 3:56:04 AM, Rajini Sivaram ( rajinisiva...@googlemail.com) wrote: When we were working on the client-side SSL implementation for Kafka, we found that returning selection interest from handshake

Re: [DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation

, Rajini Sivaram ( rajinisiva...@googlemail.com) wrote: Have there been any discussions around separating out authentication and encryption protocols for Kafka endpoints to enable different combinations? In our deployment environment, we would like to use TLS for encryption, but we don't

Re: Review Request 33168: Fix recovery of swap files after broker crash

--- On April 19, 2015, 7:03 p.m., Rajini Sivaram wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33168/ --- (Updated April 19

Re: Review Request 33168: Fix recovery of swap files after broker crash

5563f2de8113a0ece8929bec9c75dbf892abbb66 core/src/test/scala/unit/kafka/log/CleanerTest.scala 9792ed689033dbd4ad99809a4e566136d2b9fadf Diff: https://reviews.apache.org/r/33168/diff/ Testing --- Thanks, Rajini Sivaram

Re: [DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation

When we were working on the client-side SSL implementation for Kafka, we found that returning selection interest from handshake() method wasn't sufficient to handle some of the SSL sequences. We resorted to managing the selection key and interest state within SSLChannel to avoid SSL-specific

Re: Review Request 33620: Patch for KAFKA-1690

On May 14, 2015, 10:21 a.m., Rajini Sivaram wrote: clients/src/test/java/org/apache/kafka/common/network/SSLSelectorTest.java, line 36 https://reviews.apache.org/r/33620/diff/5/?file=957076#file957076line36 All these tests were hanging when I ran them from a Windows machine

Re: Review Request 33620: Patch for KAFKA-1690

to work with any JRE. - Rajini Sivaram On May 12, 2015, 11:20 p.m., Sriharsha Chintalapani wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33620

Re: Review Request 33620: Patch for KAFKA-1690

On May 14, 2015, 10:21 a.m., Rajini Sivaram wrote: clients/src/main/java/org/apache/kafka/common/network/SSLTransportLayer.java, line 190 https://reviews.apache.org/r/33620/diff/5/?file=957065#file957065line190 I think when delegated tasks are run asynchronously, selection

Re: Review Request 33620: Patch for KAFKA-1690

would be the value of a security config. ``` SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(HTTPS); sslEngine.setSSLParameters(sslParams); ``` - Rajini Sivaram On May 12, 2015, 11:20 p.m., Sriharsha Chintalapani wrote

Re: Review Request 33620: Patch for KAFKA-1690

/SecurityConfigs.java https://reviews.apache.org/r/33620/#comment135274 Thank you for adding this option. Maybe the default should be null so that it is possible to disable endpoint verification? - Rajini Sivaram On May 15, 2015, 2:18 p.m., Sriharsha Chintalapani wrote

Re: Review Request 33620: Patch for KAFKA-1690

. - Rajini Sivaram On May 12, 2015, 11:20 p.m., Sriharsha Chintalapani wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33620

Review Request 33168: Fix recovery of swap files after broker crash

--- Thanks, Rajini Sivaram

Review Request 33125: Fix timing issue in MetadataTest

--- Thanks, Rajini Sivaram

Review Request 33133: SSL support for new Java producer client

ccf3a5f5f72db12f904d64f1ffebacad19e92e35 core/src/main/scala/kafka/tools/ConsoleProducer.scala 00265f9f4a4b6c6a9aa023e5be5faf297f77bf31 Diff: https://reviews.apache.org/r/33133/diff/ Testing --- Thanks, Rajini Sivaram

Re: Review Request 33168: Fix recovery of swap files after broker crash

/scala/unit/kafka/log/CleanerTest.scala 9792ed689033dbd4ad99809a4e566136d2b9fadf Diff: https://reviews.apache.org/r/33168/diff/ Testing --- Thanks, Rajini Sivaram

Review Request 33027: Fix timing issue in DelayedOperationTest

/ Testing --- Thanks, Rajini Sivaram

Re: Review Request 33620: Patch for KAFKA-1690

seem to be any code that turns READ back on again if it gets turned off here. I am seeing a very intermittent (one in 100) failure in the renegotiation unit test due to this. - Rajini Sivaram On Aug. 17, 2015, 4:28 p.m., Sriharsha Chintalapani wrote

Re: [jira] [Commented] (KAFKA-1690) new java producer needs ssl support as a client

.28_20150630_1742_B255633 JIT - tr.r14.java_20150625_95081.01 GC - R28_jvm.28_20150630_1742_B255633 J9CL - 20150630_255633) JCL - 20150711_01 based on Oracle jdk8u51-b15 Thanks, Harsha On Mon, Aug 10, 2015, at 01:52 PM, Rajini Sivaram wrote: Harsha, I am using the code from https

Review Request 37357: Upgrade LZ4 to version 1.3 to avoid crashing with IBM Java 7

/record/KafkaLZ4BlockInputStream.java f480da2ae0992855cc860e1ce5cbd11ecfca7bee clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java 6a2231f4775771932c36df362c88aead3189b7b8 Diff: https://reviews.apache.org/r/37357/diff/ Testing --- Thanks, Rajini Sivaram

Re: Review Request 37357: Upgrade LZ4 to version 1.3 to avoid crashing with IBM Java 7

/37357/diff/ Testing --- Thanks, Rajini Sivaram

Re: Review Request 37357: Upgrade LZ4 to version 1.3 to avoid crashing with IBM Java 7

p.m., Rajini Sivaram wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/37357/ --- (Updated Aug. 11, 2015, 6:56 p.m.) Review

Re: [jira] [Commented] (KAFKA-1690) new java producer needs ssl support as a client

over reviews will be sending a new patch in a day or two. Thanks, Harsha On August 10, 2015 at 3:35:34 AM, Rajini Sivaram ( rajinisiva...@googlemail.com) wrote: I was running a Kafka cluster with the latest SSL patch over the weekend with IBM JRE, and it has been running fine without any

Re: [jira] [Commented] (KAFKA-1690) new java producer needs ssl support as a client

I was running a Kafka cluster with the latest SSL patch over the weekend with IBM JRE, and it has been running fine without any issues. There was light load on the cluster throughout and intermittent heavy load, all using SSL clients. However I am seeing an intermittent unit test hang in

New Consumer InterfaceStability for 0.9.0.0

Will InterfaceStability of the new Kafka consumer be upgraded from Unstable to Evolving for 0.9.0.0? Thank you... Regards, Rajini

Re: New Consumer InterfaceStability for 0.9.0.0

Thank you for the quick response, Guozhang. On Sun, Nov 8, 2015 at 8:51 PM, Guozhang Wang <wangg...@gmail.com> wrote: > It will still be Unstable in 0.9.0.0, and we plan to stabilized in 0.9.0.x > versions. > > Guozhang > > On Sun, Nov 8, 2015 at 12:27 PM, Rajin

SendFailedException in new consumer when run with SSL

When running new consumer with SSL, debug logs show these exceptions every time: Thank you... Regards, Rajini

Re: SendFailedException in new consumer when run with SSL

Oops, pressed wrong button... When running new consumer with SSL, debug logs show these exceptions every time: [2015-10-19 20:57:43,389] DEBUG Fetch failed (org.apache.kafka.clients.consumer.internals.Fetcher) org.apache.kafka.clients.consumer.internals.SendFailedException The exception

Re: SendFailedException in new consumer when run with SSL

like Fetcher is not using NetworkClient > correctly. > > Ismael > On 19 Oct 2015 22:02, "Rajini Sivaram" <rajinisiva...@googlemail.com> > wrote: > > > Oops, pressed wrong button... > > > > When running new consumer with SSL, debug logs show these exce

Re: [DISCUSS] KIP-37 - Add namespaces in Kafka

Ashish, Thank you for doing this writeup and starting the discussion around namespaces and multi-tenancy. We have implemented a namespace solution on top of Kafka trunk and our motivation to do so matches your description in KIP-37 to a large extent. But there are some differences in our

Re: Review Request 37357: Patch for KAFKA-2421: Upgrade to LZ4 version 1.3 and update reference to Utils method that was moved to SafeUtils

clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java 6a2231f4775771932c36df362c88aead3189b7b8 Diff: https://reviews.apache.org/r/37357/diff/ Testing --- Thanks, Rajini Sivaram

Re: Use of CopyOnWriteMap in RecordAccumulator.java

. For this and > > metrics changes we should quantify the degradation (if any) if we're > > making changes. > > > > -Jay > > > > On Tue, Dec 22, 2015 at 4:24 AM, Rajini Sivaram > > <rajinisiva...@googlemail.com> wrote: > > > Thank you, Is

Use of CopyOnWriteMap in RecordAccumulator.java

I was looking at removing unused partitions from org.apache.kafka.clients.producer.internals.RecordAccumulator#batches to avoid the map growing indefinitely, especially in the REST service. The PR under https://issues.apache.org/jira/browse/KAFKA-2948 has the details. With CopyOnWriteMap, removing

Re: Use of CopyOnWriteMap in RecordAccumulator.java

ee KAFKA-2664 for > details). It sounds like we may want to change it here too. > > Best, > Ismael > > On Tue, Dec 22, 2015 at 11:41 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > I was looking at removing unused partitions from > > org.apache.ka

Re: [VOTE] 0.9.0.0 Candiate 3

+1 (non-binding) We integrated this (source rather than binary) into our build yesterday and it has been running for a day in our test clusters with light load throughout and occasional heavy load. We are running on IBM JRE with SSL clients. On Thu, Nov 19, 2015 at 6:55 PM, Guozhang Wang

[VOTE] KIP-55: Secure quotas for authenticated users

I would like to initiate the vote for KIP-55. The KIP details are here: KIP-55: Secure quotas for authenticated users . The JIRA KAFKA-3492 has

Re: [VOTE] KIP-55: Secure quotas for authenticated users

voting in a new thread (with > VOTE in the subject). > > Thanks, > > Jun > > On Tue, Jun 7, 2016 at 1:55 PM, Rajini Sivaram < > rajinisiva...@googlemail.com > > wrote: > > > I would like to initiate the vote for KIP-55. > > > > The KIP details are

Re: [DISCUSS] KIP-55: Secure quotas for authenticated users

Jun, Thank you, I will start a vote. On Tue, Jun 7, 2016 at 8:49 PM, Jun Rao <j...@confluent.io> wrote: > Rajini, > > Thanks for the updated wiki. It looks good to me. Do you want to start a > vote on this? > > Jun > > On Fri, May 27, 2016 at 11:47 AM,

[VOTE] KIP-55: Secure quotas for authenticated users

I would like to initiate the vote for KIP-55. The KIP details are here: KIP-55: Secure quotas for authenticated users . The JIRA KAFKA-3492 has

Re: [VOTE] KIP-55: Secure quotas for authenticated users

uld be able to set quotas at both levels. Going >forward the model we had discussed with quotas was potentially being > able >to set quotas for many things independently (say at the topic level), > and I >don't think it would make sense to extend this mode approach to those

Re: [VOTE] KIP-55: Secure quotas for authenticated users

users, so it might be the case that several apps that are > > all part of the same system might access Kafka under a single user, but > you > > might have different quotas for these different apps. Basically if client > > id is a valid grouping even in the presence of users (w

Re: [VOTE] KIP-55: Secure quotas for authenticated users

tup quotas already from the old way to the new > way. > > -Jay > > On Fri, Jun 10, 2016 at 2:12 PM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > I do think client-id is a valid and useful grouping for quotas even in > > secure clusters

Re: [DISCUSS] KIP-55: Secure quotas for authenticated users

ntially > unthrottled? > > This may be a nit, but I prefer 'quota.type' options to be > 'authenticated-user' and 'client-id' as opposed to 'client' and 'user'. For > a new user, the options 'client' and 'user' sound essentially the same. > > Aditya > > On Tue, May 24, 2016 at 5:55

Re: [VOTE] KIP-55: Secure quotas for authenticated users

How does sub-quotas works in case of authenticated users. > Where are we maintaining the relation between users and their > client Ids. Can you add an example of zk data under /users. > Thanks, > Harsha > > On Mon, Jun 13, 2016, at 05:01 AM, Rajini Sivaram wr

Re: [VOTE] KIP-55: Secure quotas for authenticated users

. Regards, Rajini On Wed, Jun 8, 2016 at 9:00 PM, Rajini Sivaram <rajinisiva...@googlemail.com > wrote: > Jun, > > Oops, sorry, I hadn't realized that the last note was on the discuss > thread. Thank you for pointing it out. I have sent another note for voting. > > > On Wed,

Re: [VOTE] KIP-55: Secure quotas for authenticated users

> to > > those existing quotas on client-id. Do we just treat them as the quota > for > > that client-id under ANONYMOUS user name? > > > > Thanks, > > > > Jun > > > > On Fri, Jun 10, 2016 at 2:43 PM, Rajini Sivaram < > > rajinisiva...@

Re: [DISCUSS] KIP-55: Secure quotas for authenticated users

ated with the path. > > 12. For values for quota.type, perhaps we can use "client-id" and "user"? > > Jun > > > > On Wed, May 25, 2016 at 12:29 PM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Hi Aditya, >

Re: [VOTE] KIP-55: Secure quotas for authenticated users

r_byte_rate=10,consumer_byte_rate=20' --entity-name=* --entity-type > users > > We may add other types of quotas in the future and we probably don't want > to keep adding static configs. > > Thanks, > > Jun > > > > On Mon, Jun 20, 2016 at 2:32 AM, Rajini Sivaram <

Re: [VOTE] KIP-55: Secure quotas for authenticated users

client-id quota to be configured > dynamically too and mark the static config in the broker as deprecated. If > both are set, the dynamic one wins. > > Thanks, > > Jun > > On Tue, Jun 21, 2016 at 3:56 AM, Ismael Juma <ism...@juma.me.uk> wrote: > > >

Re: [VOTE] KIP-55: Secure quotas for authenticated users

> > 4. For the config command, could we specify the sub-quota like the > following, instead of in the config value? This seems more intuitive. > > bin/kafka-configs --zookeeper localhost:2181 --alter --add-config > 'producer_byte_rate=1024,consumer_byte_rate=2048' -

Re: [VOTE] KIP-55: Secure quotas for authenticated users

the quota applied to a group of client connections and use the same format as client-id quotas. But it is not hierarchical, making the configuration simpler. On Thu, Jun 16, 2016 at 11:49 AM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > Jun, > > Thank you for the review.

Re: [VOTE] KIP-55: Secure quotas for authenticated users

ither client1 > nor client2 will be sharing a quota of 12, right? In other words, the quota > of doesn't include the quota for <user1, client1> and <user1, > client2>. > > Thanks, > > Jun > > > On Thu, Jun 16, 2016 at 5:03 AM, Rajini Sivaram < > rajinisiva

Re: [VOTE] KIP-62: Allow consumer to send heartbeats from a background thread

+1 (non-binding) On Fri, Jun 17, 2016 at 4:45 AM, Grant Henke wrote: > +1 > > On Thu, Jun 16, 2016 at 8:50 PM, tao xiao wrote: > > > +1 > > > > On Fri, 17 Jun 2016 at 09:03 Harsha wrote: > > > > > +1 (binding) > > > Thanks, > > >

Re: [VOTE] KIP-55: Secure quotas for authenticated users

s good to me. > > Thanks, > > Jun > > On Fri, Jun 17, 2016 at 3:29 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Jun, > > > > 10. Since entity_type "users" is new, shouldn't the JSON for these > entities > > h

Re: [VOTE] KIP-55: Secure quotas for authenticated users

Gwen/Jay, Have you had a chance to look at the updated KIP? It will be good to get your feedback as well before restarting vote on the updated KIP. If there are no objections, I will start the vote tomorrow. On Fri, Jun 17, 2016 at 6:59 PM, Rajini Sivaram < rajinisiva...@googlemail.com>

Re: [VOTE] KIP-55: Secure quotas for authenticated users

t; > We can potentially add a default quota for both user and client at path > /config/users/clients? > > Thanks, > > Jun > > On Wed, Jun 22, 2016 at 3:01 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Ismael, Jun, > > &

Re: ClassLoading in OSGi environment

There are multiple places in Kafka where the context class loader or Class.forName() is used to load classes. Perhaps it would be better to use a common utility everywhere for dynamic classloading with an option to use the right classloader.loadClass() that works with OSGi? Regards, Rajini On

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

rip? > > Ismael > > On Fri, Jan 29, 2016 at 10:04 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Following on from the KIP meeting on Tuesday, I have updated the KIP > with a > > flow for negotiation of mechanisms to support multiple

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

ould love to > see updates in the PR to reflect the changes in Login and > AuthCallbackHandler. > > On Thu, 28 Jan 2016 at 19:31 Rajini Sivaram <rajinisiva...@googlemail.com> > wrote: > > > Tao, > > > > We currently add the security provider in a static

Re: [DISCUSS] KIP-44 - Allow Kafka to have a customized security protocol

Hi Tao, I have a couple of questions: 1. Is there a reason why you wouldn't want to implement a custom SASL mechanism to use your authentication mechanism? SASL itself aims to provide pluggable authentication mechanisms. 2. The KIP suggests that you are interested in plugging in a

Re: Kafka KIP meeting Jan 26 at 11:00am PST

Jun, Can you send me an invite, please? Thank you... Regards, Rajini On Mon, Jan 25, 2016 at 10:56 PM, Jun Rao wrote: > Hi, Everyone, > > We will have a Kafka KIP meeting tomorrow at 11:00am PST. If you plan to > attend but haven't received an invite, please let me know.

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

plexity (it's probably a combination). If we think this could be useful > in the future, it would also be worth thinking about how it is affected if > we do KIP-43 first (ie will it be easier, harder, etc.) > > Thanks, > Ismael > > On Mon, Jan 25, 2016 at 9:55 PM, Rajini Sivaram &l

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

d > if > > we do KIP-43 first (ie will it be easier, harder, etc.) > > > > Thanks, > > Ismael > > > > On Mon, Jan 25, 2016 at 9:55 PM, Rajini Sivaram < > > rajinisiva...@googlemail.com> wrote: > > > > > I have just created KIP-43 to

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

SASLClient/Sever can be returned. Any thoughts on this? we can either let > users inject the provider in their logic code before creating a > producer/consumer or Kafka does it for users > > On Thu, 28 Jan 2016 at 03:36 Rajini Sivaram <rajinisiva...@googlemail.com> > wrote: > >

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

tener. It will be nice > if new additions could use existing design and code. > > On Sun, Jan 31, 2016 at 6:48 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Harsha/Gwen, > > > > Thank you both for reviewing the KIP. SASL mechanism negoti

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

of security protocol definitions, but one that is perhaps more flexible than defining every new SASL mechanism as a new security protocol. Thoughts? On Tue, Feb 2, 2016 at 12:20 PM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > As Ismael has said, we do not have a requirement to

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

As Ismael has said, we do not have a requirement to support multiple protocols in a broker. But I agree with Jun's observation that some companies might want to support a different authentication mechanism for internal users or partners. For instance, we do use two different authentication

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

a error saying that the mechanism not > allowed. > > Thanks, > Harsha > > On Wed, Feb 3, 2016, at 04:58 AM, Rajini Sivaram wrote: > > A slightly different approach for supporting different SASL mechanisms > > within a broker is to allow the same "*security proto

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

ider before > client/server is returned by SASL. Any thoughts? > > Interface SaslClientBuilder { > > SaslClient build(mechs, subject, host, otherparams) > } > > Interface SaslServerBuilder { > SaslServer build(mechs, subject, host, otherparams) > } &g

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

now and only login will change and it can be configured based > > on the JAAS file. > > > > -Harsha > > > > On Fri, Jan 29, 2016, at 02:34 AM, Rajini Sivaram wrote: > > > Ismael, > > > > > > The first packet from the client is delib

Re: Kafka KIP meeting Feb 23 at 11:00am PST

Jun, Could we also discuss *KIP-43: Kafka SASL enhancements* in the meeting tomorrow? Thank you. On Mon, Feb 22, 2016 at 10:16 PM, Jun Rao wrote: > Hi, Everyone, > > We will have a Kafka KIP meeting tomorrow at 11:00am PST. If you plan to > attend but haven't received an

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

I have updated the KIP based on the discussion in the KIP meeting today. Comments and feedback are welcome. On Wed, Feb 3, 2016 at 7:20 PM, Rajini Sivaram <rajinisiva...@googlemail.com > wrote: > Hi Harsha, > > Thank you for the review. Can you clarify - I think you are saying th

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

is appreciated. On Tue, Feb 23, 2016 at 9:36 PM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > I have updated the KIP based on the discussion in the KIP meeting today. > > Comments and feedback are welcome. > > On Wed, Feb 3, 2016 at 7:20 PM, Rajini Sivaram < > r

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

ood to me. I > think we can move to voting. > Thanks, > Harsha > > On Mon, Feb 29, 2016, at 12:43 AM, Rajini Sivaram wrote: > > I have added some more detail to the KIP based on the discussion in the > > last KIP meeting to simplify support for multiple mechanisms. H

KIP for extension of SASL to include additional mechanisms

Can I have access to write up a KIP for extending the SASL implementation in Kafka to include more mechanisms? We have the implementation for SASL/PLAIN, but I think it would make sense for the KIP to cover new mechanisms in general. Thank you... Regards, Rajini

Re: KIP for extension of SASL to include additional mechanisms

Thank you, Jun. On Fri, Jan 22, 2016 at 4:26 AM, Jun Rao <j...@confluent.io> wrote: > Rajini, > > Thanks for your interest. I just gave you the permission to Kafka wiki. > > Jun > > On Thu, Jan 21, 2016 at 5:51 AM, Rajini Sivaram < > rajinisiva...@googlemail.co

[DISCUSS] KIP-43: Kafka SASL enhancements

I have just created KIP-43 to extend the SASL implementation in Kafka to support new SASL mechanisms. https://cwiki.apache.org/confluence/display/KAFKA/KIP-43%3A+Kafka+SASL+enhancements Comments and suggestions are appreciated. Thank you... Regards, Rajini

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

. We don't actually need this feature, but it will be useful to know what others think. Regards, Rajini On Tue, Jan 26, 2016 at 12:00 PM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > Ismael, > > Thank you for your review. The main reason I didn't address the support

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

n to users and let them decide what they want to > do. And we can have a fallback login component that is used if users dont > specify it. > > On Tue, 26 Jan 2016 at 20:07 Rajini Sivaram <rajinisiva...@googlemail.com> > wrote: > > > Hi Tao, > > > > Tha

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

eve that "Smartcard is likely to use standard > NameCallback and PasswordCallback already implemented in Kafka" - why > do we even provide configuration for Login and CallbackHandler > classes? Either we support multiple mechanisms written by different > vendors, or we don't. > > Gwen

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

the KIP and the PR by tomorrow. And move the support for custom mechanisms into another KIP and PR for review after the release of 0.10.0.0. On Mon, Mar 14, 2016 at 7:48 AM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > Harsha, > > You are right, we don't expect to ov

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

Both the KIP and the PR have been updated to a cut-down version as discussed in the KIP meeting today. Any feedback is appreciated. On Tue, Mar 15, 2016 at 7:39 PM, Rajini Sivaram < rajinisiva...@googlemail.com> wrote: > Following on from the discussions in the KIP meeting today, the s

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

tiple mechanisms. I haven't seen > anyone using more than this in hadoop . It might be different for Kafka > but I personally haven't seen anyone asking for this yet. > > Thanks, > Harsha > > > On Thu, Mar 10, 2016, at 01:44 AM, Rajini Sivaram wrote: > > Gwen, > &g

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

ation, how will this be > handled? > > In other words, suppose I want my Kafka installation to support both > Kerberos and SmartCard mechanisms, can you tell me how to configure > Kafka? (as admin, not developer)? > > Gwen > > > > On Tue, Mar 8, 2016 at 11:46 AM,

Re: [VOTE] KIP-43: Kafka SASL enhancements

33 Andrew Schofield < > >> andrew_schofield_j...@outlook.com> wrote: > >> > >> > +1 (non-binding) > >> > > >> > > >> > > From: ism...@juma.me.uk > >> > > Date: Mon, 7 Mar 2016 19:52:11 + > >> > > Subject

Re: [VOTE] 0.10.0.0 RC1

If there is time, we will be very keen on including KIP-43 in the 0.10.0 release. Thanks, Rajini On Wed, Mar 30, 2016 at 6:37 PM, Ashish Singh wrote: > If it is possible, I am also in favor of having some time to include a few > more KIPs in 0.10. > > On Wed, Mar 30, 2016

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

nhill <mag...@edenhill.se> wrote: > 2016-04-06 19:16 GMT+02:00 Rajini Sivaram <rajinisiva...@googlemail.com>: > > > Magnus, > > > > I have not looked at your proposal in detail yet, > > > > Please do :) > > > > but I have a few comments: &g

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

gt; Cons: > - Requires proper per-API auth enforcement in the broker, but this is a > good thing. An initial naiive approach to this is to only allow Sasl* and > ApiVersion requests prior to authentication (if auth is required). > > > > Compatibility: > - Leave the curre

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

I have updated the PR (https://github.com/apache/kafka/pull/812) and KIP-43 to use standard Kafka format for the new request/response added by KIP-43. I haven't changed the overall structure of the Java code. Feedback is appreciated. Thanks, Rajini On Tue, Apr 12, 2016 at 3:52 PM, Ismael Juma

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

esn't > > seem right. > > -Harsha > > > > On Thu, Apr 7, 2016, at 05:46 AM, Rajini Sivaram wrote: > > > Magnus, > > > > > > > > > > > > > > > *"Why would it be harder to achieve? And is it harder for the Ka

Re: [DISCUSS] KIP-35 - Retrieve protocol version

Jun's tweaked proposal sounds good to me. In terms of completing KIP-43, this changes the format of the request-response for exchanging mechanisms, but not the overall logic. Since the request format in KIP-43 is worth changing anyway, I will update the KIP and the PR. On Tue, Apr 12, 2016 at

Re: [DISCUSS] KIP-35 - Retrieve protocol version

Ismael, My only concern about wrapping SASL tokens in Kafka headers is backward compatibility. We would either have a different format for GSSAPI alone to match 0.9.0.x or we would need to support two different wire protocols for GSSAPI. Neither sounds ideal. On Tue, Apr 12, 2016 at 9:18 AM,

Re: [VOTE] KIP-43: Kafka SASL enhancements

t;g...@confluent.io> wrote: > This can be discussed in the review. > If there's good test coverage, is low risk and passes review and gets > merged before Monday morning... > > We won't be doing an extra release candidate just for this though. > > Gwen > > On Thu, Mar 24

Re: [VOTE] KIP-43: Kafka SASL enhancements

ctly, Harsha and I are the only committers who voted, so > we are missing a 3rd vote. > > Gwen > > On Thu, Mar 24, 2016 at 11:24 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Gwen, > > > > Thank you. I have pinged Ismael, Harsha and J

Re: [VOTE] KIP-43: Kafka SASL enhancements

t 3:33 PM, Harsha <ka...@harsha.io> wrote: > > > Any update on this. Gwen since the KIP is adjusted to address the > > pluggable classes we should make a move on this. > > > > Rajini, > >Can you restart the voting thread. > > > > Thanks, &g

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

t;g...@confluent.io> wrote: > Can you explain the process for a adding a new mechanism based on current > KIP? > > My thought is that if it requires modifying Apache Kafka code, it is > not pluggable enough. > > On Mon, Mar 7, 2016 at 4:04 PM, Rajini Sivaram > <ra

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

nisms? > > 2. In the server response, it doesn't seem that we need to include the > version since the client knows the version of the request that it sends. > > Jun > > On Mon, Feb 29, 2016 at 10:14 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > >

Re: [DISCUSS] KIP-43: Kafka SASL enhancements

the explanation. For 1, this implies that we have to be careful > with changing the 2-byte version in the future to avoid conflict. Could you > document this in the KIP and also in the implementation? > > Jun > > On Tue, Mar 1, 2016 at 2:47 AM, Rajini Sivaram < > rajinisiva

  1   2   3   4   5   6   7   8   9   10   >