You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2020/05/06 04:00:48 UTC
[GitHub] [kafka] showuon opened a new pull request #8623: MINOR: Update the documentations
showuon opened a new pull request #8623:
URL: https://github.com/apache/kafka/pull/8623
1. fix broken links
2. remove redundant sentences
3. fix content format issue
### Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534565
##########
File path: docs/security.html
##########
@@ -398,7 +398,7 @@ <h5>Host Name Verification</h5>
ssl.keystore.password=test1234
ssl.key.password=test1234</pre>
- Other configuration settings that may also be needed depending on our requirements and the broker configuration:
+ Other configuration settings that may also be needed depending on requirements and the broker configuration:
Review comment:
Remove the redundant `our` here
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-630618738
Thank you, @kkonstantine for many nice catches!!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] kkonstantine commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
kkonstantine commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r427036583
##########
File path: docs/connect.html
##########
@@ -129,9 +129,11 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<p>The file source connector reads each line as a String. We will wrap each line in a Map and then add a second field to identify the origin of the event. To do this, we use two transformations:</p>
<ul>
<li><b>HoistField</b> to place the input line inside a Map</li>
- <li><b>InsertField</b> to add the static field. In this example we'll indicate that the record came from a file connector</li>
Review comment:
This is also not correct.
This refers to what we say above as: _then add a second field to identify the origin of the event_
So this correctly refers to what will be added in this new field when using `InsertField`
##########
File path: docs/security.html
##########
@@ -398,7 +398,7 @@ <h5>Host Name Verification</h5>
ssl.keystore.password=test1234
ssl.key.password=test1234</pre>
- Other configuration settings that may also be needed depending on our requirements and the broker configuration:
+ Other configuration settings that may also be needed depending on requirements and the broker configuration:
Review comment:
I'm not sure this is redundant. This refers to the user's requirements.
##########
File path: docs/connect.html
##########
@@ -103,7 +103,7 @@ <h4><a id="connect_configuring" href="#connect_configuring">Configuring Connecto
<li><code>topics.regex</code> - A Java regular expression of topics to use as input for this connector</li>
</ul>
- <p>For any other options, you should consult the documentation for the connector.</p>
+ <p>For any other options, you should consult the <a href="#connectconfigs">documentation</a> for the connector.</p>
Review comment:
That's not accurate. The documentation for the connector is not the same as the Worker configs.
This indeed refers to the docs of each individual connector
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
Review comment:
This is not redundant. It refers to the two pairs of properties shown below. You can say instead:
```suggestion
configuration used to manage the throttling process. First pair refers to the throttle value itself. This is configured, at a broker
```
then below you could amend the sentence to say:
_There is also an enumerated set of throttled replicas:_ -> _Then there is the configuration pair of enumerated set of throttled replicas:_
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
<p>There is also an enumerated set of throttled replicas: </p>
Review comment:
Then here you could amend the sentence to say:
```suggestion
<p>Then there is the configuration pair of throttled replicas: </p>
```
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
<p>There is also an enumerated set of throttled replicas: </p>
- <pre class="brush: text;">leader.replication.throttled.replicas
- follower.replication.throttled.replicas</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.replicas
+ follower.replication.throttled.replicas
+ </pre>
<p>Which are configured per topic. All four config values are automatically assigned by kafka-reassign-partitions.sh
Review comment:
Then you can add a break here:
```suggestion
<p>Which are configured per topic.</p>
<p> All four config values are automatically assigned by kafka-reassign-partitions.sh
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425519960
##########
File path: docs/connect.html
##########
@@ -174,7 +176,7 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<li>InsertField - Add a field using either static data or record metadata</li>
<li>ReplaceField - Filter or rename fields</li>
<li>MaskField - Replace field with valid null value for the type (0, empty string, etc)</li>
- <li>ValueToKey</li>
+ <li>ValueToKey - Replace the record key with a new key formed from a subset of fields in the record value</li>
Review comment:
Add a one line description for `ValueToKey` transformation to be consistent with others. The description is copied from the detailed explanation below.
before:
description source:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. Because the previous one sample, we explained the `--describe` option usage, we should also put `--alter` here explicitly for user, not just `--delete-config`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r427054507
##########
File path: docs/connect.html
##########
@@ -129,9 +129,11 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<p>The file source connector reads each line as a String. We will wrap each line in a Map and then add a second field to identify the origin of the event. To do this, we use two transformations:</p>
<ul>
<li><b>HoistField</b> to place the input line inside a Map</li>
- <li><b>InsertField</b> to add the static field. In this example we'll indicate that the record came from a file connector</li>
Review comment:
Yes, you're right! After 2nd reading, it indeed refer to the content coming from a file in `InsertField`. I'll revert this change back. Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. Updated to `--alter --delete-config`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-628403219
Hi @kkonstantine , could you please review this small PR? Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] kkonstantine commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
kkonstantine commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r427064231
##########
File path: docs/ops.html
##########
@@ -477,19 +477,25 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. First pair refers to the throttle value itself. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
+
+ <p>Then there is the configuration pair of enumerated set of throttled replicas: </p>
Review comment:
```suggestion
<p>Then there is the configuration pair of enumerated sets of throttled replicas: </p>
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-630580908
hi @cmccabe @guozhangwang @gwenshap , a simple doc fix/update to connect.html/op.html/security.html. Please help review. Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-628981965
hi @ijuma @kkonstantine @mjsax , I've put more fix in the documentation while I'm reading it. Please help review it when available. Thank you.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425518608
##########
File path: docs/connect.html
##########
@@ -129,9 +129,11 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<p>The file source connector reads each line as a String. We will wrap each line in a Map and then add a second field to identify the origin of the event. To do this, we use two transformations:</p>
<ul>
<li><b>HoistField</b> to place the input line inside a Map</li>
- <li><b>InsertField</b> to add the static field. In this example we'll indicate that the record came from a file connector</li>
+ <li><b>InsertField</b> to add the static field</li>
</ul>
+ <p>In this example we'll indicate that the record came from a file connector.</p>
Review comment:
fix the wrong format.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420535358
##########
File path: docs/security.html
##########
@@ -609,7 +609,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
</li>
<tt>KafkaServer</tt> section in the JAAS file tells the broker which principal to use and the location of the keytab where this principal is stored. It
- allows the broker to login using the keytab specified in this section. See <a href="#security_sasl_brokernotes">notes</a> for more details on Zookeeper SASL configuration.
+ allows the broker to login using the keytab specified in this section. See <a href="#security_jaas_broker">notes</a> for more details on Zookeeper SASL configuration.
Review comment:
Fix the broken link. The old link: `#security_sasl_brokernotes` was pointing to the new link: `#security_jaas_broker`
based on the old commit: https://github.com/apache/kafka/pull/1232/files#diff-64f03d45aabc1a9f07a427f4f21d28f5R215
VS.
our current file: https://github.com/apache/kafka/blob/trunk/docs/security.html#L425
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425517411
##########
File path: docs/connect.html
##########
@@ -32,7 +32,7 @@ <h3><a id="connect_overview" href="#connect_overview">8.1 Overview</a></h3>
<h3><a id="connect_user" href="#connect_user">8.2 User Guide</a></h3>
- <p>The quickstart provides a brief example of how to run a standalone version of Kafka Connect. This section describes how to configure, run, and manage Kafka Connect in more detail.</p>
+ <p>The <a href="../quickstart">quickstart</a> provides a brief example of how to run a standalone version of Kafka Connect. This section describes how to configure, run, and manage Kafka Connect in more detail.</p>
Review comment:
The first time reader may not find where the **quickstart** is for the example.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-625012168
Hi @kkonstantine , could you please review this small PR? Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420533200
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
Review comment:
Fix the wrong indent issue on UI
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420533330
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
<p>There is also an enumerated set of throttled replicas: </p>
- <pre class="brush: text;">leader.replication.throttled.replicas
- follower.replication.throttled.replicas</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.replicas
+ follower.replication.throttled.replicas
+ </pre>
Review comment:
fix the wrong indent.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420535358
##########
File path: docs/security.html
##########
@@ -609,7 +609,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
</li>
<tt>KafkaServer</tt> section in the JAAS file tells the broker which principal to use and the location of the keytab where this principal is stored. It
- allows the broker to login using the keytab specified in this section. See <a href="#security_sasl_brokernotes">notes</a> for more details on Zookeeper SASL configuration.
+ allows the broker to login using the keytab specified in this section. See <a href="#security_jaas_broker">notes</a> for more details on Zookeeper SASL configuration.
Review comment:
Fix the broken link. The old link: `#security_sasl_brokernotes` was pointing to the new link: `#security_jaas_broker` based on the old commit: https://github.com/apache/kafka/pull/1232/files#diff-64f03d45aabc1a9f07a427f4f21d28f5R215
VS.
our current file: https://github.com/apache/kafka/blob/trunk/docs/security.html#L425
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534465
##########
File path: docs/security.html
##########
@@ -361,9 +361,9 @@ <h5>Host Name Verification</h5>
<p>
The JRE/JDK will have a default pseudo-random number generator (PRNG) that is used for cryptography operations, so it is not required to configure the
- implementation used with the <pre>ssl.secure.random.implementation</pre>. However, there are performance issues with some implementations (notably, the
- default chosen on Linux systems, <pre>NativePRNG</pre>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
- consider explicitly setting the implementation to be used. The <pre>SHA1PRNG</pre> implementation is non-blocking, and has shown very good performance
+ implementation used with the <code>ssl.secure.random.implementation</code>. However, there are performance issues with some implementations (notably, the
+ default chosen on Linux systems, <code>NativePRNG</code>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
+ consider explicitly setting the implementation to be used. The <code>SHA1PRNG</code> implementation is non-blocking, and has shown very good performance
Review comment:
Fix wrong content format.
Before:
After:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425518608
##########
File path: docs/connect.html
##########
@@ -129,9 +129,11 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<p>The file source connector reads each line as a String. We will wrap each line in a Map and then add a second field to identify the origin of the event. To do this, we use two transformations:</p>
<ul>
<li><b>HoistField</b> to place the input line inside a Map</li>
- <li><b>InsertField</b> to add the static field. In this example we'll indicate that the record came from a file connector</li>
+ <li><b>InsertField</b> to add the static field</li>
</ul>
+ <p>In this example we'll indicate that the record came from a file connector.</p>
Review comment:
fix the wrong format.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420533008
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
Review comment:
remove redundant sentence.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon removed a comment on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon removed a comment on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-628403219
Hi @kkonstantine , could you please review this small PR? Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425517884
##########
File path: docs/connect.html
##########
@@ -103,7 +103,7 @@ <h4><a id="connect_configuring" href="#connect_configuring">Configuring Connecto
<li><code>topics.regex</code> - A Java regular expression of topics to use as input for this connector</li>
</ul>
- <p>For any other options, you should consult the documentation for the connector.</p>
+ <p>For any other options, you should consult the <a href="#connectconfigs">documentation</a> for the connector.</p>
Review comment:
Add link to the connector config section.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425518608
##########
File path: docs/connect.html
##########
@@ -129,9 +129,11 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<p>The file source connector reads each line as a String. We will wrap each line in a Map and then add a second field to identify the origin of the event. To do this, we use two transformations:</p>
<ul>
<li><b>HoistField</b> to place the input line inside a Map</li>
- <li><b>InsertField</b> to add the static field. In this example we'll indicate that the record came from a file connector</li>
+ <li><b>InsertField</b> to add the static field</li>
</ul>
+ <p>In this example we'll indicate that the record came from a file connector.</p>
Review comment:
fix the wrong format.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-626657974
Hi @ijuma , could you please review this small PR? Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. And because in the previous one sample, we explained the `--describe` option usage, we should also put `--alter` here explicitly for user, not just `--delete-config`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] kkonstantine commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
kkonstantine commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-630856933
A few flaky test failures but otherwise clean builds. Merging to `trunk`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r427059479
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
level, using the dynamic properties: </p>
- <pre class="brush: text;">leader.replication.throttled.rate
- follower.replication.throttled.rate</pre>
+ <pre class="brush: text;">
+ leader.replication.throttled.rate
+ follower.replication.throttled.rate
+ </pre>
<p>There is also an enumerated set of throttled replicas: </p>
Review comment:
Good suggestion! after the update, it's more clear!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425517884
##########
File path: docs/connect.html
##########
@@ -103,7 +103,7 @@ <h4><a id="connect_configuring" href="#connect_configuring">Configuring Connecto
<li><code>topics.regex</code> - A Java regular expression of topics to use as input for this connector</li>
</ul>
- <p>For any other options, you should consult the documentation for the connector.</p>
+ <p>For any other options, you should consult the <a href="#connectconfigs">documentation</a> for the connector.</p>
Review comment:
Add link to the connector config section.
before:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522820
##########
File path: docs/security.html
##########
@@ -1438,7 +1438,7 @@ <h4><a id="security_authz_examples" href="#security_authz_examples">Examples</a>
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic</pre>
By default, all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principal and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from IP 198.51.100.3 we can do so using following commands:
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-host * --deny-principal User:BadBob --deny-host 198.51.100.3 --operation Read --topic Test-topic</pre>
- Note that ``--allow-host`` and ``deny-host`` only support IP addresses (hostnames are not supported).
+ Note that <code>--allow-host</code> and <code>--deny-host</code> only support IP addresses (hostnames are not supported).
Review comment:
There's no format like ` `` ` in the documentation anywhere else. Replace with `<code>` formatting here.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522378
##########
File path: docs/security.html
##########
@@ -1193,7 +1193,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. The Authorizer is configured by setting <tt>authorizer.class.name</tt> in server.properties. To enable the out of the box implementation use:
<pre>authorizer.class.name=kafka.security.authorizer.AclAuthorizer</pre>
- Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H on any Resource R matching ResourcePattern RP". You can read more about the acl structure in KIP-11 and resource patterns in KIP-290. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in server.properties.
+ Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H on any Resource R matching ResourcePattern RP". You can read more about the acl structure in <a href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface">KIP-11</a> and resource patterns in <a href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs">KIP-290</a>. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in server.properties.
Review comment:
In the documentation, we always put a hyperlink for the **KIP**. So, I added here.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. Because the previous one sample, we explained the `--describe` option usage, we should also put `--alter` here explicitly for user.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522820
##########
File path: docs/security.html
##########
@@ -1438,7 +1438,7 @@ <h4><a id="security_authz_examples" href="#security_authz_examples">Examples</a>
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic</pre>
By default, all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principal and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from IP 198.51.100.3 we can do so using following commands:
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-host * --deny-principal User:BadBob --deny-host 198.51.100.3 --operation Read --topic Test-topic</pre>
- Note that ``--allow-host`` and ``deny-host`` only support IP addresses (hostnames are not supported).
+ Note that <code>--allow-host</code> and <code>--deny-host</code> only support IP addresses (hostnames are not supported).
Review comment:
There's no format like ` `` ` in the documentation anywhere else.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425523260
##########
File path: docs/security.html
##########
@@ -2158,23 +2158,23 @@ <h4><a id="zk_authz_migration" href="#zk_authz_migration">7.6.2 Migrating cluste
<li>Perform a rolling restart of brokers setting the JAAS login file and/or defining ZooKeeper mutual TLS configurations (including connecting to the TLS-enabled ZooKeeper port) as required, which enables brokers to authenticate to ZooKeeper. At the end of the rolling restart, brokers are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs</li>
<li>If you enabled mTLS, disable the non-TLS port in ZooKeeper</li>
<li>Perform a second rolling restart of brokers, this time setting the configuration parameter <tt>zookeeper.set.acl</tt> to true, which enables the use of secure ACLs when creating znodes</li>
- <li>Execute the ZkSecurityMigrator tool. To execute the tool, there is this script: <tt>./bin/zookeeper-security-migration.sh</tt> with <tt>zookeeper.acl</tt> set to secure. This tool traverses the corresponding sub-trees changing the ACLs of the znodes. Use the <code>--zk-tls-config-file <file></code> option if you enable mTLS.</li>
+ <li>Execute the ZkSecurityMigrator tool. To execute the tool, there is this script: <tt>bin/zookeeper-security-migration.sh</tt> with <tt>zookeeper.acl</tt> set to secure. This tool traverses the corresponding sub-trees changing the ACLs of the znodes. Use the <code>--zk-tls-config-file <file></code> option if you enable mTLS.</li>
Review comment:
In the documentation, when referring to the `bin/xxx.sh`, we won't add dot slash `./` in the beginning. Fix it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534465
##########
File path: docs/security.html
##########
@@ -361,9 +361,9 @@ <h5>Host Name Verification</h5>
<p>
The JRE/JDK will have a default pseudo-random number generator (PRNG) that is used for cryptography operations, so it is not required to configure the
- implementation used with the <pre>ssl.secure.random.implementation</pre>. However, there are performance issues with some implementations (notably, the
- default chosen on Linux systems, <pre>NativePRNG</pre>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
- consider explicitly setting the implementation to be used. The <pre>SHA1PRNG</pre> implementation is non-blocking, and has shown very good performance
+ implementation used with the <code>ssl.secure.random.implementation</code>. However, there are performance issues with some implementations (notably, the
+ default chosen on Linux systems, <code>NativePRNG</code>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
+ consider explicitly setting the implementation to be used. The <code>SHA1PRNG</code> implementation is non-blocking, and has shown very good performance
Review comment:
Fix wrong content format.
**Before:**
**After:**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425523260
##########
File path: docs/security.html
##########
@@ -2158,23 +2158,23 @@ <h4><a id="zk_authz_migration" href="#zk_authz_migration">7.6.2 Migrating cluste
<li>Perform a rolling restart of brokers setting the JAAS login file and/or defining ZooKeeper mutual TLS configurations (including connecting to the TLS-enabled ZooKeeper port) as required, which enables brokers to authenticate to ZooKeeper. At the end of the rolling restart, brokers are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs</li>
<li>If you enabled mTLS, disable the non-TLS port in ZooKeeper</li>
<li>Perform a second rolling restart of brokers, this time setting the configuration parameter <tt>zookeeper.set.acl</tt> to true, which enables the use of secure ACLs when creating znodes</li>
- <li>Execute the ZkSecurityMigrator tool. To execute the tool, there is this script: <tt>./bin/zookeeper-security-migration.sh</tt> with <tt>zookeeper.acl</tt> set to secure. This tool traverses the corresponding sub-trees changing the ACLs of the znodes. Use the <code>--zk-tls-config-file <file></code> option if you enable mTLS.</li>
+ <li>Execute the ZkSecurityMigrator tool. To execute the tool, there is this script: <tt>bin/zookeeper-security-migration.sh</tt> with <tt>zookeeper.acl</tt> set to secure. This tool traverses the corresponding sub-trees changing the ACLs of the znodes. Use the <code>--zk-tls-config-file <file></code> option if you enable mTLS.</li>
Review comment:
In the documentation, when referring to the `bin/xxx.sh`, we won't add dot slash `./` in the beginning.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522378
##########
File path: docs/security.html
##########
@@ -1193,7 +1193,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. The Authorizer is configured by setting <tt>authorizer.class.name</tt> in server.properties. To enable the out of the box implementation use:
<pre>authorizer.class.name=kafka.security.authorizer.AclAuthorizer</pre>
- Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H on any Resource R matching ResourcePattern RP". You can read more about the acl structure in KIP-11 and resource patterns in KIP-290. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in server.properties.
+ Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H on any Resource R matching ResourcePattern RP". You can read more about the acl structure in <a href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+Interface">KIP-11</a> and resource patterns in <a href="https://cwiki.apache.org/confluence/display/KAFKA/KIP-290%3A+Support+for+Prefixed+ACLs">KIP-290</a>. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific Resource R, then R has no associated acls, and therefore no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in server.properties.
Review comment:
In the documentation, we always put a hyperlink for the **KIP**. So, I added here.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420533008
##########
File path: docs/ops.html
##########
@@ -477,16 +477,20 @@ <h4><a id="rep-throttle" href="#rep-throttle">Limiting Bandwidth Usage during Da
Throttle was removed.</pre>
<p>The administrator can also validate the assigned configs using the kafka-configs.sh. There are two pairs of throttle
- configuration used to manage the throttling process. The throttle value itself. This is configured, at a broker
+ configuration used to manage the throttling process. This is configured, at a broker
Review comment:
remove redundant sentence.
before:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. Updated to `--alter --delete-config` because the previous one, we explained the `--describe` option usage.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534465
##########
File path: docs/security.html
##########
@@ -361,9 +361,9 @@ <h5>Host Name Verification</h5>
<p>
The JRE/JDK will have a default pseudo-random number generator (PRNG) that is used for cryptography operations, so it is not required to configure the
- implementation used with the <pre>ssl.secure.random.implementation</pre>. However, there are performance issues with some implementations (notably, the
- default chosen on Linux systems, <pre>NativePRNG</pre>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
- consider explicitly setting the implementation to be used. The <pre>SHA1PRNG</pre> implementation is non-blocking, and has shown very good performance
+ implementation used with the <code>ssl.secure.random.implementation</code>. However, there are performance issues with some implementations (notably, the
+ default chosen on Linux systems, <code>NativePRNG</code>, utilizes a global lock). In cases where performance of SSL connections becomes an issue,
+ consider explicitly setting the implementation to be used. The <code>SHA1PRNG</code> implementation is non-blocking, and has shown very good performance
Review comment:
Fix wrong content format.
Before:
After:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534565
##########
File path: docs/security.html
##########
@@ -398,7 +398,7 @@ <h5>Host Name Verification</h5>
ssl.keystore.password=test1234
ssl.key.password=test1234</pre>
- Other configuration settings that may also be needed depending on our requirements and the broker configuration:
+ Other configuration settings that may also be needed depending on requirements and the broker configuration:
Review comment:
Remove the redundant `our` here
before:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522820
##########
File path: docs/security.html
##########
@@ -1438,7 +1438,7 @@ <h4><a id="security_authz_examples" href="#security_authz_examples">Examples</a>
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic</pre>
By default, all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principal and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from IP 198.51.100.3 we can do so using following commands:
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-host * --deny-principal User:BadBob --deny-host 198.51.100.3 --operation Read --topic Test-topic</pre>
- Note that ``--allow-host`` and ``deny-host`` only support IP addresses (hostnames are not supported).
+ Note that <code>--allow-host</code> and <code>--deny-host</code> only support IP addresses (hostnames are not supported).
Review comment:
There's no format like ` `` ` in the documentation anywhere else. Replace with `<code>` formatting here.
before:
after:
##########
File path: docs/security.html
##########
@@ -1451,7 +1451,7 @@ <h4><a id="security_authz_examples" href="#security_authz_examples">Examples</a>
<li><b>Removing Acls</b><br>
Removing acls is pretty much the same. The only difference is instead of --add option users will have to specify --remove option. To remove the acls added by the first example above we can execute the CLI with following options:
<pre class="brush: bash;"> bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic </pre>
- If you wan to remove the acl added to the prefixed resource pattern above we can execute the CLI with following options:
+ If you want to remove the acl added to the prefixed resource pattern above we can execute the CLI with following options:
Review comment:
fix typo.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] kkonstantine merged pull request #8623: MINOR: Small fixes in the documentation
Posted by GitBox <gi...@apache.org>.
kkonstantine merged pull request #8623:
URL: https://github.com/apache/kafka/pull/8623
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425519960
##########
File path: docs/connect.html
##########
@@ -174,7 +176,7 @@ <h4><a id="connect_transforms" href="#connect_transforms">Transformations</a></h
<li>InsertField - Add a field using either static data or record metadata</li>
<li>ReplaceField - Filter or rename fields</li>
<li>MaskField - Replace field with valid null value for the type (0, empty string, etc)</li>
- <li>ValueToKey</li>
+ <li>ValueToKey - Replace the record key with a new key formed from a subset of fields in the record value</li>
Review comment:
Add a one line description for `ValueToKey` transformation to be consistent with others. The description is copied from the detailed explanation below.
before:
description source:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420534565
##########
File path: docs/security.html
##########
@@ -398,7 +398,7 @@ <h5>Host Name Verification</h5>
ssl.keystore.password=test1234
ssl.key.password=test1234</pre>
- Other configuration settings that may also be needed depending on our requirements and the broker configuration:
+ Other configuration settings that may also be needed depending on requirements and the broker configuration:
Review comment:
Remove the redundant `our` here
before:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] kkonstantine commented on pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
kkonstantine commented on pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#issuecomment-630618055
ok to test
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425520647
##########
File path: docs/connect.html
##########
@@ -309,7 +311,7 @@ <h5><a id="connect_connectorexample" href="#connect_connectorexample">Connector
}
</pre>
- <p>We will define the <code>FileStreamSourceTask</code> class below. Next, we add some standard lifecycle methods, <code>start()</code> and <code>stop()</code></p>:
+ <p>We will define the <code>FileStreamSourceTask</code> class below. Next, we add some standard lifecycle methods, <code>start()</code> and <code>stop()</code>:</p>
Review comment:
fix wrong html format for the colon `:`.
before:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r427051965
##########
File path: docs/connect.html
##########
@@ -103,7 +103,7 @@ <h4><a id="connect_configuring" href="#connect_configuring">Configuring Connecto
<li><code>topics.regex</code> - A Java regular expression of topics to use as input for this connector</li>
</ul>
- <p>For any other options, you should consult the documentation for the connector.</p>
+ <p>For any other options, you should consult the <a href="#connectconfigs">documentation</a> for the connector.</p>
Review comment:
Yes, you're right. I read again, and they indeed refer to the docs of each individual connectors. I'll revert this change back. Thanks.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425521117
##########
File path: docs/security.html
##########
@@ -767,7 +767,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --describe --entity-type users --entity-name alice
</pre>
- <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--delete</i> option:
+ <p>Credentials may be deleted for one or more SCRAM mechanisms using the <i>--alter --delete-config</i> option:
<pre class="brush: bash;">
> bin/kafka-configs.sh --zookeeper localhost:2182 --zk-tls-config-file zk_tls_config.properties --alter --delete-config 'SCRAM-SHA-512' --entity-type users --entity-name alice
Review comment:
There's no `--delete` option. Because in the previous one sample, we explained the `--describe` option usage, we should also put `--alter` here explicitly for user, not just `--delete-config`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420535358
##########
File path: docs/security.html
##########
@@ -609,7 +609,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
</li>
<tt>KafkaServer</tt> section in the JAAS file tells the broker which principal to use and the location of the keytab where this principal is stored. It
- allows the broker to login using the keytab specified in this section. See <a href="#security_sasl_brokernotes">notes</a> for more details on Zookeeper SASL configuration.
+ allows the broker to login using the keytab specified in this section. See <a href="#security_jaas_broker">notes</a> for more details on Zookeeper SASL configuration.
Review comment:
Fix the broken link. The old link: `#security_sasl_brokernotes` is now pointing to the new link: `#security_jaas_broker`
based on the old commit: https://github.com/apache/kafka/pull/1232/files#diff-64f03d45aabc1a9f07a427f4f21d28f5R215
VS.
our current file: https://github.com/apache/kafka/blob/trunk/docs/security.html#L425
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420533735
##########
File path: docs/security.html
##########
@@ -240,7 +240,7 @@ <h5>Host Name Verification</h5>
<b>Note:</b>
If you configure the Kafka brokers to require client authentication by setting ssl.client.auth to be "requested" or "required" in the
- <a href="#config_broker">Kafka brokers config</a> then you must provide a truststore for the Kafka brokers as well and it should have
+ <a href="#brokerconfigs">Kafka brokers config</a> then you must provide a truststore for the Kafka brokers as well and it should have
Review comment:
fix broken link
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r420535358
##########
File path: docs/security.html
##########
@@ -609,7 +609,7 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
</li>
<tt>KafkaServer</tt> section in the JAAS file tells the broker which principal to use and the location of the keytab where this principal is stored. It
- allows the broker to login using the keytab specified in this section. See <a href="#security_sasl_brokernotes">notes</a> for more details on Zookeeper SASL configuration.
+ allows the broker to login using the keytab specified in this section. See <a href="#security_jaas_broker">notes</a> for more details on Zookeeper SASL configuration.
Review comment:
Fix the broken link. The old ahchor: `#security_sasl_brokernotes` is now pointing to the new anchor: `#security_jaas_broker`
based on the old commit: https://github.com/apache/kafka/pull/1232/files#diff-64f03d45aabc1a9f07a427f4f21d28f5R215
VS.
our current file: https://github.com/apache/kafka/blob/trunk/docs/security.html#L425
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a change in pull request #8623: MINOR: Update the documentations
Posted by GitBox <gi...@apache.org>.
showuon commented on a change in pull request #8623:
URL: https://github.com/apache/kafka/pull/8623#discussion_r425522820
##########
File path: docs/security.html
##########
@@ -1438,7 +1438,7 @@ <h4><a id="security_authz_examples" href="#security_authz_examples">Examples</a>
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host 198.51.100.0 --allow-host 198.51.100.1 --operation Read --operation Write --topic Test-topic</pre>
By default, all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principal and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from IP 198.51.100.3 we can do so using following commands:
<pre class="brush: bash;">bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-host * --deny-principal User:BadBob --deny-host 198.51.100.3 --operation Read --topic Test-topic</pre>
- Note that ``--allow-host`` and ``deny-host`` only support IP addresses (hostnames are not supported).
+ Note that <code>--allow-host</code> and <code>--deny-host</code> only support IP addresses (hostnames are not supported).
Review comment:
There's no format like ` `` ` in the documentation anywhere else. Replace with `<code>` formatting here.
before:
after:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org