You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Maulin Vasavada <ma...@gmail.com> on 2020/04/01 05:32:44 UTC
Re: [VOTE] KIP-519: Make SSL context/engine configuration extensible
Thanks Rajini and Jun. I'll update the shouldBeRebuilt() docs on what
happens to existing SSL Connections.
Thanks everybody who participated in the discussion thread and voting
thread and spending the valuable time reviewing the KIP/PR. Could not have
done it without your support. Really appreciate it.
Now we can close on the voting phase since we had it open for > 72 hrs but
since this is my first KIP, can you please guide what happens now? Can I
move the KIP to accepted state myself?
Thanks
Maulin
On Tue, Mar 31, 2020 at 10:27 AM Jun Rao <ju...@confluent.io> wrote:
> Hi, Rajini, Maulin,
>
> 1. Ok. Then we can keep the package name as it is.
>
> 2. Thanks for updating the javadoc for shouldBeRebuilt(). Could you also
> clarify after the SslEngine is rebuilt, what happens to existing SSL
> connections?
>
> Thanks,
>
> Jun
>
> On Tue, Mar 31, 2020 at 2:07 AM Rajini Sivaram <ra...@gmail.com>
> wrote:
>
> > Hi Jun, Maulin,
> >
> > org.apache.kafka.common.security.ssl contains internal classes like
> > SslFactory. org.apache.kafka.common.security.auth is a public package
> > which contains all our current authentication-related classes. If we want
> > to move the new interface into an SSL-specific package, we should perhaps
> > create a new public package rather than use an existing internal one?
> >
> > On Tue, Mar 31, 2020 at 7:56 AM Manikumar <ma...@gmail.com>
> > wrote:
> >
> > > +1 (binding).
> > > Thanks for the KIP.
> > >
> > > Thanks,
> > > Manikumar
> > >
> > > On Tue, Mar 31, 2020 at 11:24 AM Maulin Vasavada <
> > > maulin.vasavada@gmail.com>
> > > wrote:
> > >
> > > > Hi all,
> > > >
> > > > So far we got 3 Binding votes. I am planning to keep the voting phase
> > > open
> > > > until Tuesday 10 PM Pacific Time which will be more than 72 hours
> from
> > > the
> > > > first binding vote on Thursday 12:36 PM Pacific Time.
> > > >
> > > > Thanks
> > > > Maulin
> > > >
> > > > On Mon, Mar 30, 2020 at 10:32 PM Maulin Vasavada <
> > > > maulin.vasavada@gmail.com>
> > > > wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > I updated the Javadoc in the KIP details and the actual
> > > SslEngineFactory
> > > > > interface for shouldBeRebuilt(). For the first comment, probably
> I'll
> > > try
> > > > > to address it tomorrow.
> > > > >
> > > > > Thanks
> > > > > Maulin
> > > > >
> > > > > On Mon, Mar 30, 2020 at 7:44 PM Maulin Vasavada <
> > > > maulin.vasavada@gmail.com>
> > > > > wrote:
> > > > >
> > > > >> Thanks Jun Rao for your vote and comments.
> > > > >>
> > > > >> For 1) Earlier it was the security.ssl package but after a review
> I
> > > > >> changed it to .auth since there are some public interfaces in that
> > > > package.
> > > > >> I am open to move it under .ssl package.
> > > > >>
> > > > >> For 2) Sure. Will document in Javadocs for the method.
> > > > >>
> > > > >> Thanks
> > > > >> Maulin
> > > > >>
> > > > >> On Mon, Mar 30, 2020 at 5:46 PM Jun Rao <ju...@confluent.io> wrote:
> > > > >>
> > > > >>> Hi, Maulin,
> > > > >>>
> > > > >>> Thanks for the KIP. +1 from me. Just a couple of minor comments
> > > below.
> > > > >>>
> > > > >>> 1. Should the package name of the new
> > > > >>> interface SslEngineFactory be
> org.apache.kafka.common.security.ssl
> > > > >>> instead
> > > > >>> of org.apache.kafka.common.security.auth?
> > > > >>> 2. Could you document when shouldBeRebuilt() will be called?
> > > > >>>
> > > > >>> Jun
> > > > >>>
> > > > >>> On Mon, Mar 30, 2020 at 5:07 PM Maulin Vasavada <
> > > > >>> maulin.vasavada@gmail.com>
> > > > >>> wrote:
> > > > >>>
> > > > >>> > ^^^ bump ^^^ The vote is open for 2-3 days and gotten 1
> Binding
> > > vote
> > > > >>> so
> > > > >>> > far, can you please vote so that we can try to move forward
> with
> > > > >>> changes?
> > > > >>> >
> > > > >>> > On Thu, Mar 26, 2020 at 4:11 PM Zhou, Thomas
> > > > <thzhou@paypal.com.invalid
> > > > >>> >
> > > > >>> > wrote:
> > > > >>> >
> > > > >>> > > +1 (non-binding)
> > > > >>> > >
> > > > >>> > > Regards,
> > > > >>> > > Thomas
> > > > >>> > >
> > > > >>> > > On 3/26/20, 12:36 PM, "Rajini Sivaram" <
> > rajinisivaram@gmail.com
> > > >
> > > > >>> wrote:
> > > > >>> > >
> > > > >>> > > +1 (binding)
> > > > >>> > > Thanks for the KIP, Maulin!
> > > > >>> > >
> > > > >>> > > Regards,
> > > > >>> > >
> > > > >>> > > Rajini
> > > > >>> > >
> > > > >>> > > On Thu, Mar 26, 2020 at 4:14 PM Maulin Vasavada <
> > > > >>> > > maulin.vasavada@gmail.com>
> > > > >>> > > wrote:
> > > > >>> > >
> > > > >>> > > > FYI - we have updated the KIP documentation also with
> > > > >>> appropriate
> > > > >>> > > code
> > > > >>> > > > samples for interfaces and few important changes.
> > > > >>> > > >
> > > > >>> > > > Thanks
> > > > >>> > > > Maulin
> > > > >>> > > >
> > > > >>> > > > On Wed, Mar 25, 2020 at 10:21 AM Maulin Vasavada <
> > > > >>> > > > maulin.vasavada@gmail.com>
> > > > >>> > > > wrote:
> > > > >>> > > >
> > > > >>> > > > > bump
> > > > >>> > > > >
> > > > >>> > > > > On Wed, Mar 25, 2020 at 10:20 AM Maulin Vasavada <
> > > > >>> > > > > maulin.vasavada@gmail.com> wrote:
> > > > >>> > > > >
> > > > >>> > > > >> Hi all
> > > > >>> > > > >>
> > > > >>> > > > >> After much await on the approach conclusion we have
> a
> > PR
> > > > >>> > > > >>
> > > > >>> > >
> > > > >>> >
> > > > >>>
> > > >
> > >
> >
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fkafka%2Fpull%2F8338&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=1ydk0OMaucb8QhTyyQ8Ua3ereGzcS4usRlavU1RixkE%3D&reserved=0
> > > > >>> > > .
> > > > >>> > > > >>
> > > > >>> > > > >> Can you please provide your vote so that we can more
> > > this
> > > > >>> > forward?
> > > > >>> > > > >>
> > > > >>> > > > >> Thanks
> > > > >>> > > > >> Maulin
> > > > >>> > > > >>
> > > > >>> > > > >> On Sun, Jan 26, 2020 at 11:03 PM Maulin Vasavada <
> > > > >>> > > > >> maulin.vasavada@gmail.com> wrote:
> > > > >>> > > > >>
> > > > >>> > > > >>> Hi all
> > > > >>> > > > >>>
> > > > >>> > > > >>> After a good discussion on the KIP at
> > > > >>> > > > >>>
> > > > >>> > >
> > > > >>> >
> > > > >>>
> > > >
> > >
> >
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40kafka.apache.org%2Fmsg101011.html&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=qsvbqkoxL6NSPDV6rm9B9xqZG5xvYaZkj0cYrTM6bPw%3D&reserved=0
> > > > >>> > > I
> > > > >>> > > > >>> think we are ready to start voting.
> > > > >>> > > > >>>
> > > > >>> > > > >>> KIP:
> > > > >>> > > > >>>
> > > > >>> > > >
> > > > >>> > >
> > > > >>> >
> > > > >>>
> > > >
> > >
> >
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fpages%2Fviewpage.action%3FpageId%3D128650952&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=rcqWc2inIbrWlMj2jssHPKcMlHuDuLvicmYHHDYWrF8%3D&reserved=0
> > > > >>> > > > >>>
> > > > >>> > > > >>> The KIP proposes - Making SSLEngine creation
> > pluggable
> > > to
> > > > >>> > support
> > > > >>> > > > >>> customization of various security related aspects.
> > > > >>> > > > >>>
> > > > >>> > > > >>> Thanks
> > > > >>> > > > >>> Maulin
> > > > >>> > > > >>>
> > > > >>> > > > >>
> > > > >>> > > >
> > > > >>> > >
> > > > >>> > >
> > > > >>> > >
> > > > >>> >
> > > > >>>
> > > > >>
> > > >
> > >
> >
>
Re: [VOTE] KIP-519: Make SSL context/engine configuration extensible
Posted by Maulin Vasavada <ma...@gmail.com>.
HI all
The summary of the vote: *Total 6 +ve* with *+4 Binding*, +2 non-Binding.
I'll move the KIP to Accepted state.
Thanks
Maulin
On Tue, Mar 31, 2020 at 10:32 PM Maulin Vasavada <ma...@gmail.com>
wrote:
> Thanks Rajini and Jun. I'll update the shouldBeRebuilt() docs on what
> happens to existing SSL Connections.
>
> Thanks everybody who participated in the discussion thread and voting
> thread and spending the valuable time reviewing the KIP/PR. Could not have
> done it without your support. Really appreciate it.
>
> Now we can close on the voting phase since we had it open for > 72 hrs but
> since this is my first KIP, can you please guide what happens now? Can I
> move the KIP to accepted state myself?
>
> Thanks
> Maulin
>
> On Tue, Mar 31, 2020 at 10:27 AM Jun Rao <ju...@confluent.io> wrote:
>
>> Hi, Rajini, Maulin,
>>
>> 1. Ok. Then we can keep the package name as it is.
>>
>> 2. Thanks for updating the javadoc for shouldBeRebuilt(). Could you also
>> clarify after the SslEngine is rebuilt, what happens to existing SSL
>> connections?
>>
>> Thanks,
>>
>> Jun
>>
>> On Tue, Mar 31, 2020 at 2:07 AM Rajini Sivaram <ra...@gmail.com>
>> wrote:
>>
>> > Hi Jun, Maulin,
>> >
>> > org.apache.kafka.common.security.ssl contains internal classes like
>> > SslFactory. org.apache.kafka.common.security.auth is a public package
>> > which contains all our current authentication-related classes. If we
>> want
>> > to move the new interface into an SSL-specific package, we should
>> perhaps
>> > create a new public package rather than use an existing internal one?
>> >
>> > On Tue, Mar 31, 2020 at 7:56 AM Manikumar <ma...@gmail.com>
>> > wrote:
>> >
>> > > +1 (binding).
>> > > Thanks for the KIP.
>> > >
>> > > Thanks,
>> > > Manikumar
>> > >
>> > > On Tue, Mar 31, 2020 at 11:24 AM Maulin Vasavada <
>> > > maulin.vasavada@gmail.com>
>> > > wrote:
>> > >
>> > > > Hi all,
>> > > >
>> > > > So far we got 3 Binding votes. I am planning to keep the voting
>> phase
>> > > open
>> > > > until Tuesday 10 PM Pacific Time which will be more than 72 hours
>> from
>> > > the
>> > > > first binding vote on Thursday 12:36 PM Pacific Time.
>> > > >
>> > > > Thanks
>> > > > Maulin
>> > > >
>> > > > On Mon, Mar 30, 2020 at 10:32 PM Maulin Vasavada <
>> > > > maulin.vasavada@gmail.com>
>> > > > wrote:
>> > > >
>> > > > > Hi all,
>> > > > >
>> > > > > I updated the Javadoc in the KIP details and the actual
>> > > SslEngineFactory
>> > > > > interface for shouldBeRebuilt(). For the first comment, probably
>> I'll
>> > > try
>> > > > > to address it tomorrow.
>> > > > >
>> > > > > Thanks
>> > > > > Maulin
>> > > > >
>> > > > > On Mon, Mar 30, 2020 at 7:44 PM Maulin Vasavada <
>> > > > maulin.vasavada@gmail.com>
>> > > > > wrote:
>> > > > >
>> > > > >> Thanks Jun Rao for your vote and comments.
>> > > > >>
>> > > > >> For 1) Earlier it was the security.ssl package but after a
>> review I
>> > > > >> changed it to .auth since there are some public interfaces in
>> that
>> > > > package.
>> > > > >> I am open to move it under .ssl package.
>> > > > >>
>> > > > >> For 2) Sure. Will document in Javadocs for the method.
>> > > > >>
>> > > > >> Thanks
>> > > > >> Maulin
>> > > > >>
>> > > > >> On Mon, Mar 30, 2020 at 5:46 PM Jun Rao <ju...@confluent.io>
>> wrote:
>> > > > >>
>> > > > >>> Hi, Maulin,
>> > > > >>>
>> > > > >>> Thanks for the KIP. +1 from me. Just a couple of minor comments
>> > > below.
>> > > > >>>
>> > > > >>> 1. Should the package name of the new
>> > > > >>> interface SslEngineFactory be
>> org.apache.kafka.common.security.ssl
>> > > > >>> instead
>> > > > >>> of org.apache.kafka.common.security.auth?
>> > > > >>> 2. Could you document when shouldBeRebuilt() will be called?
>> > > > >>>
>> > > > >>> Jun
>> > > > >>>
>> > > > >>> On Mon, Mar 30, 2020 at 5:07 PM Maulin Vasavada <
>> > > > >>> maulin.vasavada@gmail.com>
>> > > > >>> wrote:
>> > > > >>>
>> > > > >>> > ^^^ bump ^^^ The vote is open for 2-3 days and gotten 1
>> Binding
>> > > vote
>> > > > >>> so
>> > > > >>> > far, can you please vote so that we can try to move forward
>> with
>> > > > >>> changes?
>> > > > >>> >
>> > > > >>> > On Thu, Mar 26, 2020 at 4:11 PM Zhou, Thomas
>> > > > <thzhou@paypal.com.invalid
>> > > > >>> >
>> > > > >>> > wrote:
>> > > > >>> >
>> > > > >>> > > +1 (non-binding)
>> > > > >>> > >
>> > > > >>> > > Regards,
>> > > > >>> > > Thomas
>> > > > >>> > >
>> > > > >>> > > On 3/26/20, 12:36 PM, "Rajini Sivaram" <
>> > rajinisivaram@gmail.com
>> > > >
>> > > > >>> wrote:
>> > > > >>> > >
>> > > > >>> > > +1 (binding)
>> > > > >>> > > Thanks for the KIP, Maulin!
>> > > > >>> > >
>> > > > >>> > > Regards,
>> > > > >>> > >
>> > > > >>> > > Rajini
>> > > > >>> > >
>> > > > >>> > > On Thu, Mar 26, 2020 at 4:14 PM Maulin Vasavada <
>> > > > >>> > > maulin.vasavada@gmail.com>
>> > > > >>> > > wrote:
>> > > > >>> > >
>> > > > >>> > > > FYI - we have updated the KIP documentation also with
>> > > > >>> appropriate
>> > > > >>> > > code
>> > > > >>> > > > samples for interfaces and few important changes.
>> > > > >>> > > >
>> > > > >>> > > > Thanks
>> > > > >>> > > > Maulin
>> > > > >>> > > >
>> > > > >>> > > > On Wed, Mar 25, 2020 at 10:21 AM Maulin Vasavada <
>> > > > >>> > > > maulin.vasavada@gmail.com>
>> > > > >>> > > > wrote:
>> > > > >>> > > >
>> > > > >>> > > > > bump
>> > > > >>> > > > >
>> > > > >>> > > > > On Wed, Mar 25, 2020 at 10:20 AM Maulin Vasavada <
>> > > > >>> > > > > maulin.vasavada@gmail.com> wrote:
>> > > > >>> > > > >
>> > > > >>> > > > >> Hi all
>> > > > >>> > > > >>
>> > > > >>> > > > >> After much await on the approach conclusion we
>> have a
>> > PR
>> > > > >>> > > > >>
>> > > > >>> > >
>> > > > >>> >
>> > > > >>>
>> > > >
>> > >
>> >
>> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fkafka%2Fpull%2F8338&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=1ydk0OMaucb8QhTyyQ8Ua3ereGzcS4usRlavU1RixkE%3D&reserved=0
>> > > > >>> > > .
>> > > > >>> > > > >>
>> > > > >>> > > > >> Can you please provide your vote so that we can
>> more
>> > > this
>> > > > >>> > forward?
>> > > > >>> > > > >>
>> > > > >>> > > > >> Thanks
>> > > > >>> > > > >> Maulin
>> > > > >>> > > > >>
>> > > > >>> > > > >> On Sun, Jan 26, 2020 at 11:03 PM Maulin Vasavada <
>> > > > >>> > > > >> maulin.vasavada@gmail.com> wrote:
>> > > > >>> > > > >>
>> > > > >>> > > > >>> Hi all
>> > > > >>> > > > >>>
>> > > > >>> > > > >>> After a good discussion on the KIP at
>> > > > >>> > > > >>>
>> > > > >>> > >
>> > > > >>> >
>> > > > >>>
>> > > >
>> > >
>> >
>> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mail-archive.com%2Fdev%40kafka.apache.org%2Fmsg101011.html&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=qsvbqkoxL6NSPDV6rm9B9xqZG5xvYaZkj0cYrTM6bPw%3D&reserved=0
>> > > > >>> > > I
>> > > > >>> > > > >>> think we are ready to start voting.
>> > > > >>> > > > >>>
>> > > > >>> > > > >>> KIP:
>> > > > >>> > > > >>>
>> > > > >>> > > >
>> > > > >>> > >
>> > > > >>> >
>> > > > >>>
>> > > >
>> > >
>> >
>> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcwiki.apache.org%2Fconfluence%2Fpages%2Fviewpage.action%3FpageId%3D128650952&data=01%7C01%7Cthzhou%40paypal.com%7C4520b56f3b1f44cceddb08d7d1bd052a%7Cfb00791460204374977e21bac5f3f4c8%7C1&sdata=rcqWc2inIbrWlMj2jssHPKcMlHuDuLvicmYHHDYWrF8%3D&reserved=0
>> > > > >>> > > > >>>
>> > > > >>> > > > >>> The KIP proposes - Making SSLEngine creation
>> > pluggable
>> > > to
>> > > > >>> > support
>> > > > >>> > > > >>> customization of various security related aspects.
>> > > > >>> > > > >>>
>> > > > >>> > > > >>> Thanks
>> > > > >>> > > > >>> Maulin
>> > > > >>> > > > >>>
>> > > > >>> > > > >>
>> > > > >>> > > >
>> > > > >>> > >
>> > > > >>> > >
>> > > > >>> > >
>> > > > >>> >
>> > > > >>>
>> > > > >>
>> > > >
>> > >
>> >
>>
>