You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Vahid S Hashemian <va...@us.ibm.com> on 2017/06/08 18:29:40 UTC
[DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of OffsetFetch
Hi all,
I'm resending my earlier note hoping it would spark some conversation this
time around :)
Thanks.
--Vahid
From: "Vahid S Hashemian" <va...@us.ibm.com>
To: dev <de...@kafka.apache.org>, "Kafka User" <us...@kafka.apache.org>
Date: 05/30/2017 08:33 AM
Subject: KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Hi,
I started a new KIP to improve the minimum required ACL permissions of
some of the APIs:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
The KIP is to address KAFKA-4585.
Feedback and suggestions are welcome!
Thanks.
--Vahid
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of OffsetFetch
Posted by Viktor Somogyi <vi...@cloudera.com>.
Got it, thanks Hans!
On Sat, Jun 17, 2017 at 11:11 AM, Hans Jespersen <ha...@confluent.io> wrote:
>
> Offset commit is something that is done in the act of consuming (or
> reading) Kafka messages.
> Yes technically it is a write to the Kafka consumer offset topic but it's
> much easier for
> administers to think of ACLs in terms of whether the user is allowed to
> write (Produce) or
> read (Consume) messages and not the lower level semantics that are that
> consuming is actually
> reading AND writing (albeit only to the offset topic).
>
> -hans
>
>
>
>
> > On Jun 17, 2017, at 10:59 AM, Viktor Somogyi <
> viktor.somogyi@cloudera.com> wrote:
> >
> > Hi Vahid,
> >
> > +1 for OffsetFetch from me too.
> >
> > I also wanted to ask the strangeness of the permissions, like why is
> > OffsetCommit a Read operation instead of Write which would intuitively
> make
> > more sense to me. Perhaps any expert could shed some light on this? :)
> >
> > Viktor
> >
> > On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> > vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
> >
> >> Hi Michal,
> >>
> >> Thanks a lot for your feedback.
> >>
> >> Your statement about Heartbeat is fair and makes sense. I'll update the
> >> KIP accordingly.
> >>
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Michal Borowiecki <mi...@openbet.com>
> >> To: users@kafka.apache.org, Vahid S Hashemian <
> >> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> >> Date: 06/13/2017 01:35 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >> ------------------------------
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> +1 wrt OffsetFetch.
> >>
> >> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
> >> action. I don't think that's true as the GroupCoordinator updates the
> >> latestHeartbeat field for the member and adds a new object to the
> >> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> >> called from handleHeartbeat()
> >>
> >> NB added dev mailing list back into CC as it seems to have been lost
> along
> >> the way.
> >>
> >> Cheers,
> >>
> >> Michał
> >>
> >>
> >> On 12/06/17 18:47, Vahid S Hashemian wrote:
> >> Hi Colin,
> >>
> >> Thanks for the feedback.
> >>
> >> To be honest, I'm not sure either why Read was selected instead of Write
> >> for mutating APIs in the initial design (I asked Ewen on the
> corresponding
> >> JIRA and he seemed unsure too).
> >> Perhaps someone who was involved in the design can clarify.
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Colin McCabe *<cmccabe@apache.org <ma...@apache.org>>*
> <cmccabe@apache.org <ma...@apache.org>>
> >> To: *users@kafka.apache.org <ma...@kafka.apache.org>* <
> users@kafka.apache.org <ma...@kafka.apache.org>>
> >> Date: 06/12/2017 10:11 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> I think you make a valid point that the ACLs controlling group
> >> operations are not very intuitive.
> >>
> >> This is probably a dumb question, but why are we using Read for mutating
> >> APIs? Shouldn't that be Write?
> >>
> >> The distinction between Describe and Read makes a lot of sense for
> >> Topics. A group isn't really something that you "read" from in the same
> >> way as a topic, so it always felt kind of weird there.
> >>
> >> best,
> >> Colin
> >>
> >>
> >> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> >>
> >> Hi all,
> >>
> >> I'm resending my earlier note hoping it would spark some conversation
> >> this
> >> time around :)
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <mailto:
> vahidhashemian@us.ibm.com>>*
> >> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
> >> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>* <
> dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
> >>
> >> *<users@kafka.apache.org <ma...@kafka.apache.org>>* <
> users@kafka.apache.org <ma...@kafka.apache.org>>
> >>
> >> Date: 05/30/2017 08:33 AM
> >> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> >> OffsetFetch
> >>
> >>
> >>
> >> Hi,
> >>
> >> I started a new KIP to improve the minimum required ACL permissions of
> >> some of the APIs:
> >>
> >>
> >>
> >> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch* <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*>
> >> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>>
> >>
> >>
> >>
> >> The KIP is to address KAFKA-4585.
> >>
> >> Feedback and suggestions are welcome!
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal Borowiecki*
> >> *Senior Software Engineer L4*
> >> *T: * +44 208 742 1600 <(208)%20742-1600>
> >> +44 203 249 8448 <(203)%20249-8448>
> >>
> >> *E: * *michal.borowiecki@openbet.com <mailto:michal.borowiecki@
> openbet.com>* <michal.borowiecki@openbet.com <mailto:michal.borowiecki@
> openbet.com>>
> >> *W: * *www.openbet.com <http://www.openbet.com/>* <
> http://www.openbet.com/ <http://www.openbet.com/>>
> >> *OpenBet Ltd*
> >> Chiswick Park Building 9
> >> 566 Chiswick High Rd
> >> London
> >> W4 5XT
> >> UK
> >> <https://www.openbet.com/email_promo <https://www.openbet.com/
> email_promo>>
> >> This message is confidential and intended only for the addressee. If you
> >> have received this message in error, please immediately notify the
> >> *postmaster@openbet.com <ma...@openbet.com>* <
> postmaster@openbet.com <ma...@openbet.com>>and delete it from
> your
> >> system as well as any copies. The content of e-mails as well as traffic
> >> data may be monitored by OpenBet for employment and security purposes.
> To
> >> protect the environment please do not print this e-mail unless
> necessary.
> >> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick
> High
> >> Road, London, W4 5XT, United Kingdom. A company registered in England
> and
> >> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Michal Borowiecki <mi...@openbet.com>.
+1
On 19/06/17 21:31, Vahid S Hashemian wrote:
> Thanks everyone. Great discussion.
>
> Because these Read or Write actions are interpreted in conjunction with
> particular resources (Topic, Group, ...) it would also make more sense to
> me that for committing offsets the ACL should be (Group, Write).
> So, a consumer would be required to have (Topic, Read), (Group, Write)
> ACLs in order to function.
>
> --Vahid
>
>
>
>
> From: Colin McCabe <cm...@apache.org>
> To: users@kafka.apache.org
> Date: 06/19/2017 11:01 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Thanks for the explanation. I still think it would be better to have
> the mutation operations require write ACLs, though. It might not be
> 100% intuitive for novice users, but the current split between Describe
> and Read is not intuitive for either novice or experienced users.
>
> In any case, I am +1 on the incremental improvement discussed in
> KIP-163.
>
> cheers,
> Colin
>
>
> On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
>> Offset commit is something that is done in the act of consuming (or
>> reading) Kafka messages.
>> Yes technically it is a write to the Kafka consumer offset topic but
> it's
>> much easier for
>> administers to think of ACLs in terms of whether the user is allowed to
>> write (Produce) or
>> read (Consume) messages and not the lower level semantics that are that
>> consuming is actually
>> reading AND writing (albeit only to the offset topic).
>>
>> -hans
>>
>>
>>
>>
>>> On Jun 17, 2017, at 10:59 AM, Viktor Somogyi
> <vi...@cloudera.com> wrote:
>>> Hi Vahid,
>>>
>>> +1 for OffsetFetch from me too.
>>>
>>> I also wanted to ask the strangeness of the permissions, like why is
>>> OffsetCommit a Read operation instead of Write which would intuitively
> make
>>> more sense to me. Perhaps any expert could shed some light on this? :)
>>>
>>> Viktor
>>>
>>> On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
>>> vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
>>>
>>>> Hi Michal,
>>>>
>>>> Thanks a lot for your feedback.
>>>>
>>>> Your statement about Heartbeat is fair and makes sense. I'll update
> the
>>>> KIP accordingly.
>>>>
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: Michal Borowiecki <mi...@openbet.com>
>>>> To: users@kafka.apache.org, Vahid S Hashemian <
>>>> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
>>>> Date: 06/13/2017 01:35 AM
>>>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>>>> Permission of OffsetFetch
>>>> ------------------------------
>>>>
>>>>
>>>>
>>>> Hi Vahid,
>>>>
>>>> +1 wrt OffsetFetch.
>>>>
>>>> The "Additional Food for Thought" mentions Heartbeat as a
> non-mutating
>>>> action. I don't think that's true as the GroupCoordinator updates the
>>>> latestHeartbeat field for the member and adds a new object to the
>>>> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
>>>> called from handleHeartbeat()
>>>>
>>>> NB added dev mailing list back into CC as it seems to have been lost
> along
>>>> the way.
>>>>
>>>> Cheers,
>>>>
>>>> Michał
>>>>
>>>>
>>>> On 12/06/17 18:47, Vahid S Hashemian wrote:
>>>> Hi Colin,
>>>>
>>>> Thanks for the feedback.
>>>>
>>>> To be honest, I'm not sure either why Read was selected instead of
> Write
>>>> for mutating APIs in the initial design (I asked Ewen on the
> corresponding
>>>> JIRA and he seemed unsure too).
>>>> Perhaps someone who was involved in the design can clarify.
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: Colin McCabe *<cmccabe@apache.org <mailto:cmccabe@apache.org
>>> * <cmccabe@apache.org <ma...@apache.org>>
>>>> To: *users@kafka.apache.org <ma...@kafka.apache.org>*
> <users@kafka.apache.org <ma...@kafka.apache.org>>
>>>> Date: 06/12/2017 10:11 AM
>>>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>>>> Permission of OffsetFetch
>>>>
>>>>
>>>>
>>>> Hi Vahid,
>>>>
>>>> I think you make a valid point that the ACLs controlling group
>>>> operations are not very intuitive.
>>>>
>>>> This is probably a dumb question, but why are we using Read for
> mutating
>>>> APIs? Shouldn't that be Write?
>>>>
>>>> The distinction between Describe and Read makes a lot of sense for
>>>> Topics. A group isn't really something that you "read" from in the
> same
>>>> way as a topic, so it always felt kind of weird there.
>>>>
>>>> best,
>>>> Colin
>>>>
>>>>
>>>> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I'm resending my earlier note hoping it would spark some conversation
>>>> this
>>>> time around :)
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <
> mailto:vahidhashemian@us.ibm.com>>*
>>>> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
>>>> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>*
> <dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
>>>> *<users@kafka.apache.org <ma...@kafka.apache.org>>*
> <users@kafka.apache.org <ma...@kafka.apache.org>>
>>>> Date: 05/30/2017 08:33 AM
>>>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>>>> OffsetFetch
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I started a new KIP to improve the minimum required ACL permissions
> of
>>>> some of the APIs:
>>>>
>>>>
>>>>
>>>>
> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
>>>> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>>>>
>>>>
>>>> The KIP is to address KAFKA-4585.
>>>>
>>>> Feedback and suggestions are welcome!
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal
> Borowiecki*
>>>> *Senior Software Engineer L4*
>>>> *T: * +44 208 742 1600 <(208)%20742-1600>
>>>> +44 203 249 8448 <(203)%20249-8448>
>>>>
>>>> *E: * *michal.borowiecki@openbet.com <
> mailto:michal.borowiecki@openbet.com>* <michal.borowiecki@openbet.com <
> mailto:michal.borowiecki@openbet.com>>
>>>> *W: * *www.openbet.com <http://www.openbet.com/>* <
> http://www.openbet.com/ <http://www.openbet.com/>>
>>>> *OpenBet Ltd*
>>>> Chiswick Park Building 9
>>>> 566 Chiswick High Rd
>>>> London
>>>> W4 5XT
>>>> UK
>>>> <https://www.openbet.com/email_promo <
> https://www.openbet.com/email_promo>>
>>>> This message is confidential and intended only for the addressee. If
> you
>>>> have received this message in error, please immediately notify the
>>>> *postmaster@openbet.com <ma...@openbet.com>*
> <postmaster@openbet.com <ma...@openbet.com>>and delete it from
> your
>>>> system as well as any copies. The content of e-mails as well as
> traffic
>>>> data may be monitored by OpenBet for employment and security
> purposes. To
>>>> protect the environment please do not print this e-mail unless
> necessary.
>>>> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566
> Chiswick High
>>>> Road, London, W4 5XT, United Kingdom. A company registered in England
> and
>>>> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
>
>
>
--
Signature
<http://www.openbet.com/> Michal Borowiecki
Senior Software Engineer L4
T: +44 208 742 1600
+44 203 249 8448
E: michal.borowiecki@openbet.com
W: www.openbet.com <http://www.openbet.com/>
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo>
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com <ma...@openbet.com> and delete it
from your system as well as any copies. The content of e-mails as well
as traffic data may be monitored by OpenBet for employment and security
purposes. To protect the environment please do not print this e-mail
unless necessary. OpenBet Ltd. Registered Office: Chiswick Park Building
9, 566 Chiswick High Road, London, W4 5XT, United Kingdom. A company
registered in England and Wales. Registered no. 3134634. VAT no.
GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Michal Borowiecki <mi...@openbet.com>.
+1
On 19/06/17 21:31, Vahid S Hashemian wrote:
> Thanks everyone. Great discussion.
>
> Because these Read or Write actions are interpreted in conjunction with
> particular resources (Topic, Group, ...) it would also make more sense to
> me that for committing offsets the ACL should be (Group, Write).
> So, a consumer would be required to have (Topic, Read), (Group, Write)
> ACLs in order to function.
>
> --Vahid
>
>
>
>
> From: Colin McCabe <cm...@apache.org>
> To: users@kafka.apache.org
> Date: 06/19/2017 11:01 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Thanks for the explanation. I still think it would be better to have
> the mutation operations require write ACLs, though. It might not be
> 100% intuitive for novice users, but the current split between Describe
> and Read is not intuitive for either novice or experienced users.
>
> In any case, I am +1 on the incremental improvement discussed in
> KIP-163.
>
> cheers,
> Colin
>
>
> On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
>> Offset commit is something that is done in the act of consuming (or
>> reading) Kafka messages.
>> Yes technically it is a write to the Kafka consumer offset topic but
> it's
>> much easier for
>> administers to think of ACLs in terms of whether the user is allowed to
>> write (Produce) or
>> read (Consume) messages and not the lower level semantics that are that
>> consuming is actually
>> reading AND writing (albeit only to the offset topic).
>>
>> -hans
>>
>>
>>
>>
>>> On Jun 17, 2017, at 10:59 AM, Viktor Somogyi
> <vi...@cloudera.com> wrote:
>>> Hi Vahid,
>>>
>>> +1 for OffsetFetch from me too.
>>>
>>> I also wanted to ask the strangeness of the permissions, like why is
>>> OffsetCommit a Read operation instead of Write which would intuitively
> make
>>> more sense to me. Perhaps any expert could shed some light on this? :)
>>>
>>> Viktor
>>>
>>> On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
>>> vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
>>>
>>>> Hi Michal,
>>>>
>>>> Thanks a lot for your feedback.
>>>>
>>>> Your statement about Heartbeat is fair and makes sense. I'll update
> the
>>>> KIP accordingly.
>>>>
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: Michal Borowiecki <mi...@openbet.com>
>>>> To: users@kafka.apache.org, Vahid S Hashemian <
>>>> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
>>>> Date: 06/13/2017 01:35 AM
>>>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>>>> Permission of OffsetFetch
>>>> ------------------------------
>>>>
>>>>
>>>>
>>>> Hi Vahid,
>>>>
>>>> +1 wrt OffsetFetch.
>>>>
>>>> The "Additional Food for Thought" mentions Heartbeat as a
> non-mutating
>>>> action. I don't think that's true as the GroupCoordinator updates the
>>>> latestHeartbeat field for the member and adds a new object to the
>>>> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
>>>> called from handleHeartbeat()
>>>>
>>>> NB added dev mailing list back into CC as it seems to have been lost
> along
>>>> the way.
>>>>
>>>> Cheers,
>>>>
>>>> Michał
>>>>
>>>>
>>>> On 12/06/17 18:47, Vahid S Hashemian wrote:
>>>> Hi Colin,
>>>>
>>>> Thanks for the feedback.
>>>>
>>>> To be honest, I'm not sure either why Read was selected instead of
> Write
>>>> for mutating APIs in the initial design (I asked Ewen on the
> corresponding
>>>> JIRA and he seemed unsure too).
>>>> Perhaps someone who was involved in the design can clarify.
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: Colin McCabe *<cmccabe@apache.org <mailto:cmccabe@apache.org
>>> * <cmccabe@apache.org <ma...@apache.org>>
>>>> To: *users@kafka.apache.org <ma...@kafka.apache.org>*
> <users@kafka.apache.org <ma...@kafka.apache.org>>
>>>> Date: 06/12/2017 10:11 AM
>>>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>>>> Permission of OffsetFetch
>>>>
>>>>
>>>>
>>>> Hi Vahid,
>>>>
>>>> I think you make a valid point that the ACLs controlling group
>>>> operations are not very intuitive.
>>>>
>>>> This is probably a dumb question, but why are we using Read for
> mutating
>>>> APIs? Shouldn't that be Write?
>>>>
>>>> The distinction between Describe and Read makes a lot of sense for
>>>> Topics. A group isn't really something that you "read" from in the
> same
>>>> way as a topic, so it always felt kind of weird there.
>>>>
>>>> best,
>>>> Colin
>>>>
>>>>
>>>> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I'm resending my earlier note hoping it would spark some conversation
>>>> this
>>>> time around :)
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <
> mailto:vahidhashemian@us.ibm.com>>*
>>>> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
>>>> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>*
> <dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
>>>> *<users@kafka.apache.org <ma...@kafka.apache.org>>*
> <users@kafka.apache.org <ma...@kafka.apache.org>>
>>>> Date: 05/30/2017 08:33 AM
>>>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>>>> OffsetFetch
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I started a new KIP to improve the minimum required ACL permissions
> of
>>>> some of the APIs:
>>>>
>>>>
>>>>
>>>>
> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
>>>> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
> <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>>>>
>>>>
>>>> The KIP is to address KAFKA-4585.
>>>>
>>>> Feedback and suggestions are welcome!
>>>>
>>>> Thanks.
>>>> --Vahid
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal
> Borowiecki*
>>>> *Senior Software Engineer L4*
>>>> *T: * +44 208 742 1600 <(208)%20742-1600>
>>>> +44 203 249 8448 <(203)%20249-8448>
>>>>
>>>> *E: * *michal.borowiecki@openbet.com <
> mailto:michal.borowiecki@openbet.com>* <michal.borowiecki@openbet.com <
> mailto:michal.borowiecki@openbet.com>>
>>>> *W: * *www.openbet.com <http://www.openbet.com/>* <
> http://www.openbet.com/ <http://www.openbet.com/>>
>>>> *OpenBet Ltd*
>>>> Chiswick Park Building 9
>>>> 566 Chiswick High Rd
>>>> London
>>>> W4 5XT
>>>> UK
>>>> <https://www.openbet.com/email_promo <
> https://www.openbet.com/email_promo>>
>>>> This message is confidential and intended only for the addressee. If
> you
>>>> have received this message in error, please immediately notify the
>>>> *postmaster@openbet.com <ma...@openbet.com>*
> <postmaster@openbet.com <ma...@openbet.com>>and delete it from
> your
>>>> system as well as any copies. The content of e-mails as well as
> traffic
>>>> data may be monitored by OpenBet for employment and security
> purposes. To
>>>> protect the environment please do not print this e-mail unless
> necessary.
>>>> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566
> Chiswick High
>>>> Road, London, W4 5XT, United Kingdom. A company registered in England
> and
>>>> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
>
>
>
--
Signature
<http://www.openbet.com/> Michal Borowiecki
Senior Software Engineer L4
T: +44 208 742 1600
+44 203 249 8448
E: michal.borowiecki@openbet.com
W: www.openbet.com <http://www.openbet.com/>
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo>
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com <ma...@openbet.com> and delete it
from your system as well as any copies. The content of e-mails as well
as traffic data may be monitored by OpenBet for employment and security
purposes. To protect the environment please do not print this e-mail
unless necessary. OpenBet Ltd. Registered Office: Chiswick Park Building
9, 566 Chiswick High Road, London, W4 5XT, United Kingdom. A company
registered in England and Wales. Registered no. 3134634. VAT no.
GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Vahid S Hashemian <va...@us.ibm.com>.
Thanks everyone. Great discussion.
Because these Read or Write actions are interpreted in conjunction with
particular resources (Topic, Group, ...) it would also make more sense to
me that for committing offsets the ACL should be (Group, Write).
So, a consumer would be required to have (Topic, Read), (Group, Write)
ACLs in order to function.
--Vahid
From: Colin McCabe <cm...@apache.org>
To: users@kafka.apache.org
Date: 06/19/2017 11:01 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Thanks for the explanation. I still think it would be better to have
the mutation operations require write ACLs, though. It might not be
100% intuitive for novice users, but the current split between Describe
and Read is not intuitive for either novice or experienced users.
In any case, I am +1 on the incremental improvement discussed in
KIP-163.
cheers,
Colin
On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
>
> Offset commit is something that is done in the act of consuming (or
> reading) Kafka messages.
> Yes technically it is a write to the Kafka consumer offset topic but
it's
> much easier for
> administers to think of ACLs in terms of whether the user is allowed to
> write (Produce) or
> read (Consume) messages and not the lower level semantics that are that
> consuming is actually
> reading AND writing (albeit only to the offset topic).
>
> -hans
>
>
>
>
> > On Jun 17, 2017, at 10:59 AM, Viktor Somogyi
<vi...@cloudera.com> wrote:
> >
> > Hi Vahid,
> >
> > +1 for OffsetFetch from me too.
> >
> > I also wanted to ask the strangeness of the permissions, like why is
> > OffsetCommit a Read operation instead of Write which would intuitively
make
> > more sense to me. Perhaps any expert could shed some light on this? :)
> >
> > Viktor
> >
> > On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> > vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
> >
> >> Hi Michal,
> >>
> >> Thanks a lot for your feedback.
> >>
> >> Your statement about Heartbeat is fair and makes sense. I'll update
the
> >> KIP accordingly.
> >>
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Michal Borowiecki <mi...@openbet.com>
> >> To: users@kafka.apache.org, Vahid S Hashemian <
> >> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> >> Date: 06/13/2017 01:35 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >> ------------------------------
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> +1 wrt OffsetFetch.
> >>
> >> The "Additional Food for Thought" mentions Heartbeat as a
non-mutating
> >> action. I don't think that's true as the GroupCoordinator updates the
> >> latestHeartbeat field for the member and adds a new object to the
> >> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> >> called from handleHeartbeat()
> >>
> >> NB added dev mailing list back into CC as it seems to have been lost
along
> >> the way.
> >>
> >> Cheers,
> >>
> >> Michał
> >>
> >>
> >> On 12/06/17 18:47, Vahid S Hashemian wrote:
> >> Hi Colin,
> >>
> >> Thanks for the feedback.
> >>
> >> To be honest, I'm not sure either why Read was selected instead of
Write
> >> for mutating APIs in the initial design (I asked Ewen on the
corresponding
> >> JIRA and he seemed unsure too).
> >> Perhaps someone who was involved in the design can clarify.
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Colin McCabe *<cmccabe@apache.org <mailto:cmccabe@apache.org
>>* <cmccabe@apache.org <ma...@apache.org>>
> >> To: *users@kafka.apache.org <ma...@kafka.apache.org>*
<users@kafka.apache.org <ma...@kafka.apache.org>>
> >> Date: 06/12/2017 10:11 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> I think you make a valid point that the ACLs controlling group
> >> operations are not very intuitive.
> >>
> >> This is probably a dumb question, but why are we using Read for
mutating
> >> APIs? Shouldn't that be Write?
> >>
> >> The distinction between Describe and Read makes a lot of sense for
> >> Topics. A group isn't really something that you "read" from in the
same
> >> way as a topic, so it always felt kind of weird there.
> >>
> >> best,
> >> Colin
> >>
> >>
> >> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> >>
> >> Hi all,
> >>
> >> I'm resending my earlier note hoping it would spark some conversation
> >> this
> >> time around :)
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <
mailto:vahidhashemian@us.ibm.com>>*
> >> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
> >> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>*
<dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
> >>
> >> *<users@kafka.apache.org <ma...@kafka.apache.org>>*
<users@kafka.apache.org <ma...@kafka.apache.org>>
> >>
> >> Date: 05/30/2017 08:33 AM
> >> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> >> OffsetFetch
> >>
> >>
> >>
> >> Hi,
> >>
> >> I started a new KIP to improve the minimum required ACL permissions
of
> >> some of the APIs:
> >>
> >>
> >>
> >>
*https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
>
> >> <
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>>
> >>
> >>
> >>
> >> The KIP is to address KAFKA-4585.
> >>
> >> Feedback and suggestions are welcome!
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal
Borowiecki*
> >> *Senior Software Engineer L4*
> >> *T: * +44 208 742 1600 <(208)%20742-1600>
> >> +44 203 249 8448 <(203)%20249-8448>
> >>
> >> *E: * *michal.borowiecki@openbet.com <
mailto:michal.borowiecki@openbet.com>* <michal.borowiecki@openbet.com <
mailto:michal.borowiecki@openbet.com>>
> >> *W: * *www.openbet.com <http://www.openbet.com/>* <
http://www.openbet.com/ <http://www.openbet.com/>>
> >> *OpenBet Ltd*
> >> Chiswick Park Building 9
> >> 566 Chiswick High Rd
> >> London
> >> W4 5XT
> >> UK
> >> <https://www.openbet.com/email_promo <
https://www.openbet.com/email_promo>>
> >> This message is confidential and intended only for the addressee. If
you
> >> have received this message in error, please immediately notify the
> >> *postmaster@openbet.com <ma...@openbet.com>*
<postmaster@openbet.com <ma...@openbet.com>>and delete it from
your
> >> system as well as any copies. The content of e-mails as well as
traffic
> >> data may be monitored by OpenBet for employment and security
purposes. To
> >> protect the environment please do not print this e-mail unless
necessary.
> >> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566
Chiswick High
> >> Road, London, W4 5XT, United Kingdom. A company registered in England
and
> >> Wales. Registered no. 3134634. VAT no. GB927523612
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Vahid S Hashemian <va...@us.ibm.com>.
Thanks everyone. Great discussion.
Because these Read or Write actions are interpreted in conjunction with
particular resources (Topic, Group, ...) it would also make more sense to
me that for committing offsets the ACL should be (Group, Write).
So, a consumer would be required to have (Topic, Read), (Group, Write)
ACLs in order to function.
--Vahid
From: Colin McCabe <cm...@apache.org>
To: users@kafka.apache.org
Date: 06/19/2017 11:01 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Thanks for the explanation. I still think it would be better to have
the mutation operations require write ACLs, though. It might not be
100% intuitive for novice users, but the current split between Describe
and Read is not intuitive for either novice or experienced users.
In any case, I am +1 on the incremental improvement discussed in
KIP-163.
cheers,
Colin
On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
>
> Offset commit is something that is done in the act of consuming (or
> reading) Kafka messages.
> Yes technically it is a write to the Kafka consumer offset topic but
it's
> much easier for
> administers to think of ACLs in terms of whether the user is allowed to
> write (Produce) or
> read (Consume) messages and not the lower level semantics that are that
> consuming is actually
> reading AND writing (albeit only to the offset topic).
>
> -hans
>
>
>
>
> > On Jun 17, 2017, at 10:59 AM, Viktor Somogyi
<vi...@cloudera.com> wrote:
> >
> > Hi Vahid,
> >
> > +1 for OffsetFetch from me too.
> >
> > I also wanted to ask the strangeness of the permissions, like why is
> > OffsetCommit a Read operation instead of Write which would intuitively
make
> > more sense to me. Perhaps any expert could shed some light on this? :)
> >
> > Viktor
> >
> > On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> > vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
> >
> >> Hi Michal,
> >>
> >> Thanks a lot for your feedback.
> >>
> >> Your statement about Heartbeat is fair and makes sense. I'll update
the
> >> KIP accordingly.
> >>
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Michal Borowiecki <mi...@openbet.com>
> >> To: users@kafka.apache.org, Vahid S Hashemian <
> >> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> >> Date: 06/13/2017 01:35 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >> ------------------------------
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> +1 wrt OffsetFetch.
> >>
> >> The "Additional Food for Thought" mentions Heartbeat as a
non-mutating
> >> action. I don't think that's true as the GroupCoordinator updates the
> >> latestHeartbeat field for the member and adds a new object to the
> >> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> >> called from handleHeartbeat()
> >>
> >> NB added dev mailing list back into CC as it seems to have been lost
along
> >> the way.
> >>
> >> Cheers,
> >>
> >> Michał
> >>
> >>
> >> On 12/06/17 18:47, Vahid S Hashemian wrote:
> >> Hi Colin,
> >>
> >> Thanks for the feedback.
> >>
> >> To be honest, I'm not sure either why Read was selected instead of
Write
> >> for mutating APIs in the initial design (I asked Ewen on the
corresponding
> >> JIRA and he seemed unsure too).
> >> Perhaps someone who was involved in the design can clarify.
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Colin McCabe *<cmccabe@apache.org <mailto:cmccabe@apache.org
>>* <cmccabe@apache.org <ma...@apache.org>>
> >> To: *users@kafka.apache.org <ma...@kafka.apache.org>*
<users@kafka.apache.org <ma...@kafka.apache.org>>
> >> Date: 06/12/2017 10:11 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> I think you make a valid point that the ACLs controlling group
> >> operations are not very intuitive.
> >>
> >> This is probably a dumb question, but why are we using Read for
mutating
> >> APIs? Shouldn't that be Write?
> >>
> >> The distinction between Describe and Read makes a lot of sense for
> >> Topics. A group isn't really something that you "read" from in the
same
> >> way as a topic, so it always felt kind of weird there.
> >>
> >> best,
> >> Colin
> >>
> >>
> >> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> >>
> >> Hi all,
> >>
> >> I'm resending my earlier note hoping it would spark some conversation
> >> this
> >> time around :)
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <
mailto:vahidhashemian@us.ibm.com>>*
> >> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
> >> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>*
<dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
> >>
> >> *<users@kafka.apache.org <ma...@kafka.apache.org>>*
<users@kafka.apache.org <ma...@kafka.apache.org>>
> >>
> >> Date: 05/30/2017 08:33 AM
> >> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> >> OffsetFetch
> >>
> >>
> >>
> >> Hi,
> >>
> >> I started a new KIP to improve the minimum required ACL permissions
of
> >> some of the APIs:
> >>
> >>
> >>
> >>
*https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
>
> >> <
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
<
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>>
> >>
> >>
> >>
> >> The KIP is to address KAFKA-4585.
> >>
> >> Feedback and suggestions are welcome!
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal
Borowiecki*
> >> *Senior Software Engineer L4*
> >> *T: * +44 208 742 1600 <(208)%20742-1600>
> >> +44 203 249 8448 <(203)%20249-8448>
> >>
> >> *E: * *michal.borowiecki@openbet.com <
mailto:michal.borowiecki@openbet.com>* <michal.borowiecki@openbet.com <
mailto:michal.borowiecki@openbet.com>>
> >> *W: * *www.openbet.com <http://www.openbet.com/>* <
http://www.openbet.com/ <http://www.openbet.com/>>
> >> *OpenBet Ltd*
> >> Chiswick Park Building 9
> >> 566 Chiswick High Rd
> >> London
> >> W4 5XT
> >> UK
> >> <https://www.openbet.com/email_promo <
https://www.openbet.com/email_promo>>
> >> This message is confidential and intended only for the addressee. If
you
> >> have received this message in error, please immediately notify the
> >> *postmaster@openbet.com <ma...@openbet.com>*
<postmaster@openbet.com <ma...@openbet.com>>and delete it from
your
> >> system as well as any copies. The content of e-mails as well as
traffic
> >> data may be monitored by OpenBet for employment and security
purposes. To
> >> protect the environment please do not print this e-mail unless
necessary.
> >> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566
Chiswick High
> >> Road, London, W4 5XT, United Kingdom. A company registered in England
and
> >> Wales. Registered no. 3134634. VAT no. GB927523612
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Colin McCabe <cm...@apache.org>.
Thanks for the explanation. I still think it would be better to have
the mutation operations require write ACLs, though. It might not be
100% intuitive for novice users, but the current split between Describe
and Read is not intuitive for either novice or experienced users.
In any case, I am +1 on the incremental improvement discussed in
KIP-163.
cheers,
Colin
On Sat, Jun 17, 2017, at 11:11, Hans Jespersen wrote:
>
> Offset commit is something that is done in the act of consuming (or
> reading) Kafka messages.
> Yes technically it is a write to the Kafka consumer offset topic but it's
> much easier for
> administers to think of ACLs in terms of whether the user is allowed to
> write (Produce) or
> read (Consume) messages and not the lower level semantics that are that
> consuming is actually
> reading AND writing (albeit only to the offset topic).
>
> -hans
>
>
>
>
> > On Jun 17, 2017, at 10:59 AM, Viktor Somogyi <vi...@cloudera.com> wrote:
> >
> > Hi Vahid,
> >
> > +1 for OffsetFetch from me too.
> >
> > I also wanted to ask the strangeness of the permissions, like why is
> > OffsetCommit a Read operation instead of Write which would intuitively make
> > more sense to me. Perhaps any expert could shed some light on this? :)
> >
> > Viktor
> >
> > On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> > vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
> >
> >> Hi Michal,
> >>
> >> Thanks a lot for your feedback.
> >>
> >> Your statement about Heartbeat is fair and makes sense. I'll update the
> >> KIP accordingly.
> >>
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Michal Borowiecki <mi...@openbet.com>
> >> To: users@kafka.apache.org, Vahid S Hashemian <
> >> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> >> Date: 06/13/2017 01:35 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >> ------------------------------
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> +1 wrt OffsetFetch.
> >>
> >> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
> >> action. I don't think that's true as the GroupCoordinator updates the
> >> latestHeartbeat field for the member and adds a new object to the
> >> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> >> called from handleHeartbeat()
> >>
> >> NB added dev mailing list back into CC as it seems to have been lost along
> >> the way.
> >>
> >> Cheers,
> >>
> >> Michał
> >>
> >>
> >> On 12/06/17 18:47, Vahid S Hashemian wrote:
> >> Hi Colin,
> >>
> >> Thanks for the feedback.
> >>
> >> To be honest, I'm not sure either why Read was selected instead of Write
> >> for mutating APIs in the initial design (I asked Ewen on the corresponding
> >> JIRA and he seemed unsure too).
> >> Perhaps someone who was involved in the design can clarify.
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Colin McCabe *<cmccabe@apache.org <ma...@apache.org>>* <cmccabe@apache.org <ma...@apache.org>>
> >> To: *users@kafka.apache.org <ma...@kafka.apache.org>* <users@kafka.apache.org <ma...@kafka.apache.org>>
> >> Date: 06/12/2017 10:11 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> I think you make a valid point that the ACLs controlling group
> >> operations are not very intuitive.
> >>
> >> This is probably a dumb question, but why are we using Read for mutating
> >> APIs? Shouldn't that be Write?
> >>
> >> The distinction between Describe and Read makes a lot of sense for
> >> Topics. A group isn't really something that you "read" from in the same
> >> way as a topic, so it always felt kind of weird there.
> >>
> >> best,
> >> Colin
> >>
> >>
> >> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> >>
> >> Hi all,
> >>
> >> I'm resending my earlier note hoping it would spark some conversation
> >> this
> >> time around :)
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <ma...@us.ibm.com>>*
> >> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
> >> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>* <dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
> >>
> >> *<users@kafka.apache.org <ma...@kafka.apache.org>>* <users@kafka.apache.org <ma...@kafka.apache.org>>
> >>
> >> Date: 05/30/2017 08:33 AM
> >> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> >> OffsetFetch
> >>
> >>
> >>
> >> Hi,
> >>
> >> I started a new KIP to improve the minimum required ACL permissions of
> >> some of the APIs:
> >>
> >>
> >>
> >> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch* <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*>
> >> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>>
> >>
> >>
> >>
> >> The KIP is to address KAFKA-4585.
> >>
> >> Feedback and suggestions are welcome!
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal Borowiecki*
> >> *Senior Software Engineer L4*
> >> *T: * +44 208 742 1600 <(208)%20742-1600>
> >> +44 203 249 8448 <(203)%20249-8448>
> >>
> >> *E: * *michal.borowiecki@openbet.com <ma...@openbet.com>* <michal.borowiecki@openbet.com <ma...@openbet.com>>
> >> *W: * *www.openbet.com <http://www.openbet.com/>* <http://www.openbet.com/ <http://www.openbet.com/>>
> >> *OpenBet Ltd*
> >> Chiswick Park Building 9
> >> 566 Chiswick High Rd
> >> London
> >> W4 5XT
> >> UK
> >> <https://www.openbet.com/email_promo <https://www.openbet.com/email_promo>>
> >> This message is confidential and intended only for the addressee. If you
> >> have received this message in error, please immediately notify the
> >> *postmaster@openbet.com <ma...@openbet.com>* <postmaster@openbet.com <ma...@openbet.com>>and delete it from your
> >> system as well as any copies. The content of e-mails as well as traffic
> >> data may be monitored by OpenBet for employment and security purposes. To
> >> protect the environment please do not print this e-mail unless necessary.
> >> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick High
> >> Road, London, W4 5XT, United Kingdom. A company registered in England and
> >> Wales. Registered no. 3134634. VAT no. GB927523612
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of OffsetFetch
Posted by Viktor Somogyi <vi...@cloudera.com>.
Got it, thanks Hans!
On Sat, Jun 17, 2017 at 11:11 AM, Hans Jespersen <ha...@confluent.io> wrote:
>
> Offset commit is something that is done in the act of consuming (or
> reading) Kafka messages.
> Yes technically it is a write to the Kafka consumer offset topic but it's
> much easier for
> administers to think of ACLs in terms of whether the user is allowed to
> write (Produce) or
> read (Consume) messages and not the lower level semantics that are that
> consuming is actually
> reading AND writing (albeit only to the offset topic).
>
> -hans
>
>
>
>
> > On Jun 17, 2017, at 10:59 AM, Viktor Somogyi <
> viktor.somogyi@cloudera.com> wrote:
> >
> > Hi Vahid,
> >
> > +1 for OffsetFetch from me too.
> >
> > I also wanted to ask the strangeness of the permissions, like why is
> > OffsetCommit a Read operation instead of Write which would intuitively
> make
> > more sense to me. Perhaps any expert could shed some light on this? :)
> >
> > Viktor
> >
> > On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> > vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
> >
> >> Hi Michal,
> >>
> >> Thanks a lot for your feedback.
> >>
> >> Your statement about Heartbeat is fair and makes sense. I'll update the
> >> KIP accordingly.
> >>
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Michal Borowiecki <mi...@openbet.com>
> >> To: users@kafka.apache.org, Vahid S Hashemian <
> >> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> >> Date: 06/13/2017 01:35 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >> ------------------------------
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> +1 wrt OffsetFetch.
> >>
> >> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
> >> action. I don't think that's true as the GroupCoordinator updates the
> >> latestHeartbeat field for the member and adds a new object to the
> >> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> >> called from handleHeartbeat()
> >>
> >> NB added dev mailing list back into CC as it seems to have been lost
> along
> >> the way.
> >>
> >> Cheers,
> >>
> >> Michał
> >>
> >>
> >> On 12/06/17 18:47, Vahid S Hashemian wrote:
> >> Hi Colin,
> >>
> >> Thanks for the feedback.
> >>
> >> To be honest, I'm not sure either why Read was selected instead of Write
> >> for mutating APIs in the initial design (I asked Ewen on the
> corresponding
> >> JIRA and he seemed unsure too).
> >> Perhaps someone who was involved in the design can clarify.
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: Colin McCabe *<cmccabe@apache.org <ma...@apache.org>>*
> <cmccabe@apache.org <ma...@apache.org>>
> >> To: *users@kafka.apache.org <ma...@kafka.apache.org>* <
> users@kafka.apache.org <ma...@kafka.apache.org>>
> >> Date: 06/12/2017 10:11 AM
> >> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> >> Permission of OffsetFetch
> >>
> >>
> >>
> >> Hi Vahid,
> >>
> >> I think you make a valid point that the ACLs controlling group
> >> operations are not very intuitive.
> >>
> >> This is probably a dumb question, but why are we using Read for mutating
> >> APIs? Shouldn't that be Write?
> >>
> >> The distinction between Describe and Read makes a lot of sense for
> >> Topics. A group isn't really something that you "read" from in the same
> >> way as a topic, so it always felt kind of weird there.
> >>
> >> best,
> >> Colin
> >>
> >>
> >> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> >>
> >> Hi all,
> >>
> >> I'm resending my earlier note hoping it would spark some conversation
> >> this
> >> time around :)
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <mailto:
> vahidhashemian@us.ibm.com>>*
> >> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
> >> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>* <
> dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
> >>
> >> *<users@kafka.apache.org <ma...@kafka.apache.org>>* <
> users@kafka.apache.org <ma...@kafka.apache.org>>
> >>
> >> Date: 05/30/2017 08:33 AM
> >> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> >> OffsetFetch
> >>
> >>
> >>
> >> Hi,
> >>
> >> I started a new KIP to improve the minimum required ACL permissions of
> >> some of the APIs:
> >>
> >>
> >>
> >> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch* <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*>
> >> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch <
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>>
> >>
> >>
> >>
> >> The KIP is to address KAFKA-4585.
> >>
> >> Feedback and suggestions are welcome!
> >>
> >> Thanks.
> >> --Vahid
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal Borowiecki*
> >> *Senior Software Engineer L4*
> >> *T: * +44 208 742 1600 <(208)%20742-1600>
> >> +44 203 249 8448 <(203)%20249-8448>
> >>
> >> *E: * *michal.borowiecki@openbet.com <mailto:michal.borowiecki@
> openbet.com>* <michal.borowiecki@openbet.com <mailto:michal.borowiecki@
> openbet.com>>
> >> *W: * *www.openbet.com <http://www.openbet.com/>* <
> http://www.openbet.com/ <http://www.openbet.com/>>
> >> *OpenBet Ltd*
> >> Chiswick Park Building 9
> >> 566 Chiswick High Rd
> >> London
> >> W4 5XT
> >> UK
> >> <https://www.openbet.com/email_promo <https://www.openbet.com/
> email_promo>>
> >> This message is confidential and intended only for the addressee. If you
> >> have received this message in error, please immediately notify the
> >> *postmaster@openbet.com <ma...@openbet.com>* <
> postmaster@openbet.com <ma...@openbet.com>>and delete it from
> your
> >> system as well as any copies. The content of e-mails as well as traffic
> >> data may be monitored by OpenBet for employment and security purposes.
> To
> >> protect the environment please do not print this e-mail unless
> necessary.
> >> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick
> High
> >> Road, London, W4 5XT, United Kingdom. A company registered in England
> and
> >> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Hans Jespersen <ha...@confluent.io>.
Offset commit is something that is done in the act of consuming (or reading) Kafka messages.
Yes technically it is a write to the Kafka consumer offset topic but it's much easier for
administers to think of ACLs in terms of whether the user is allowed to write (Produce) or
read (Consume) messages and not the lower level semantics that are that consuming is actually
reading AND writing (albeit only to the offset topic).
-hans
> On Jun 17, 2017, at 10:59 AM, Viktor Somogyi <vi...@cloudera.com> wrote:
>
> Hi Vahid,
>
> +1 for OffsetFetch from me too.
>
> I also wanted to ask the strangeness of the permissions, like why is
> OffsetCommit a Read operation instead of Write which would intuitively make
> more sense to me. Perhaps any expert could shed some light on this? :)
>
> Viktor
>
> On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
>
>> Hi Michal,
>>
>> Thanks a lot for your feedback.
>>
>> Your statement about Heartbeat is fair and makes sense. I'll update the
>> KIP accordingly.
>>
>> --Vahid
>>
>>
>>
>>
>> From: Michal Borowiecki <mi...@openbet.com>
>> To: users@kafka.apache.org, Vahid S Hashemian <
>> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
>> Date: 06/13/2017 01:35 AM
>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>> Permission of OffsetFetch
>> ------------------------------
>>
>>
>>
>> Hi Vahid,
>>
>> +1 wrt OffsetFetch.
>>
>> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
>> action. I don't think that's true as the GroupCoordinator updates the
>> latestHeartbeat field for the member and adds a new object to the
>> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
>> called from handleHeartbeat()
>>
>> NB added dev mailing list back into CC as it seems to have been lost along
>> the way.
>>
>> Cheers,
>>
>> Michał
>>
>>
>> On 12/06/17 18:47, Vahid S Hashemian wrote:
>> Hi Colin,
>>
>> Thanks for the feedback.
>>
>> To be honest, I'm not sure either why Read was selected instead of Write
>> for mutating APIs in the initial design (I asked Ewen on the corresponding
>> JIRA and he seemed unsure too).
>> Perhaps someone who was involved in the design can clarify.
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: Colin McCabe *<cmccabe@apache.org <ma...@apache.org>>* <cmccabe@apache.org <ma...@apache.org>>
>> To: *users@kafka.apache.org <ma...@kafka.apache.org>* <users@kafka.apache.org <ma...@kafka.apache.org>>
>> Date: 06/12/2017 10:11 AM
>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>> Permission of OffsetFetch
>>
>>
>>
>> Hi Vahid,
>>
>> I think you make a valid point that the ACLs controlling group
>> operations are not very intuitive.
>>
>> This is probably a dumb question, but why are we using Read for mutating
>> APIs? Shouldn't that be Write?
>>
>> The distinction between Describe and Read makes a lot of sense for
>> Topics. A group isn't really something that you "read" from in the same
>> way as a topic, so it always felt kind of weird there.
>>
>> best,
>> Colin
>>
>>
>> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>>
>> Hi all,
>>
>> I'm resending my earlier note hoping it would spark some conversation
>> this
>> time around :)
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <ma...@us.ibm.com>>*
>> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
>> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>* <dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
>>
>> *<users@kafka.apache.org <ma...@kafka.apache.org>>* <users@kafka.apache.org <ma...@kafka.apache.org>>
>>
>> Date: 05/30/2017 08:33 AM
>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>> OffsetFetch
>>
>>
>>
>> Hi,
>>
>> I started a new KIP to improve the minimum required ACL permissions of
>> some of the APIs:
>>
>>
>>
>> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch* <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*>
>> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>>
>>
>>
>>
>> The KIP is to address KAFKA-4585.
>>
>> Feedback and suggestions are welcome!
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal Borowiecki*
>> *Senior Software Engineer L4*
>> *T: * +44 208 742 1600 <(208)%20742-1600>
>> +44 203 249 8448 <(203)%20249-8448>
>>
>> *E: * *michal.borowiecki@openbet.com <ma...@openbet.com>* <michal.borowiecki@openbet.com <ma...@openbet.com>>
>> *W: * *www.openbet.com <http://www.openbet.com/>* <http://www.openbet.com/ <http://www.openbet.com/>>
>> *OpenBet Ltd*
>> Chiswick Park Building 9
>> 566 Chiswick High Rd
>> London
>> W4 5XT
>> UK
>> <https://www.openbet.com/email_promo <https://www.openbet.com/email_promo>>
>> This message is confidential and intended only for the addressee. If you
>> have received this message in error, please immediately notify the
>> *postmaster@openbet.com <ma...@openbet.com>* <postmaster@openbet.com <ma...@openbet.com>>and delete it from your
>> system as well as any copies. The content of e-mails as well as traffic
>> data may be monitored by OpenBet for employment and security purposes. To
>> protect the environment please do not print this e-mail unless necessary.
>> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick High
>> Road, London, W4 5XT, United Kingdom. A company registered in England and
>> Wales. Registered no. 3134634. VAT no. GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Hans Jespersen <ha...@confluent.io>.
Offset commit is something that is done in the act of consuming (or reading) Kafka messages.
Yes technically it is a write to the Kafka consumer offset topic but it's much easier for
administers to think of ACLs in terms of whether the user is allowed to write (Produce) or
read (Consume) messages and not the lower level semantics that are that consuming is actually
reading AND writing (albeit only to the offset topic).
-hans
> On Jun 17, 2017, at 10:59 AM, Viktor Somogyi <vi...@cloudera.com> wrote:
>
> Hi Vahid,
>
> +1 for OffsetFetch from me too.
>
> I also wanted to ask the strangeness of the permissions, like why is
> OffsetCommit a Read operation instead of Write which would intuitively make
> more sense to me. Perhaps any expert could shed some light on this? :)
>
> Viktor
>
> On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
> vahidhashemian@us.ibm.com <ma...@us.ibm.com>> wrote:
>
>> Hi Michal,
>>
>> Thanks a lot for your feedback.
>>
>> Your statement about Heartbeat is fair and makes sense. I'll update the
>> KIP accordingly.
>>
>> --Vahid
>>
>>
>>
>>
>> From: Michal Borowiecki <mi...@openbet.com>
>> To: users@kafka.apache.org, Vahid S Hashemian <
>> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
>> Date: 06/13/2017 01:35 AM
>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>> Permission of OffsetFetch
>> ------------------------------
>>
>>
>>
>> Hi Vahid,
>>
>> +1 wrt OffsetFetch.
>>
>> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
>> action. I don't think that's true as the GroupCoordinator updates the
>> latestHeartbeat field for the member and adds a new object to the
>> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
>> called from handleHeartbeat()
>>
>> NB added dev mailing list back into CC as it seems to have been lost along
>> the way.
>>
>> Cheers,
>>
>> Michał
>>
>>
>> On 12/06/17 18:47, Vahid S Hashemian wrote:
>> Hi Colin,
>>
>> Thanks for the feedback.
>>
>> To be honest, I'm not sure either why Read was selected instead of Write
>> for mutating APIs in the initial design (I asked Ewen on the corresponding
>> JIRA and he seemed unsure too).
>> Perhaps someone who was involved in the design can clarify.
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: Colin McCabe *<cmccabe@apache.org <ma...@apache.org>>* <cmccabe@apache.org <ma...@apache.org>>
>> To: *users@kafka.apache.org <ma...@kafka.apache.org>* <users@kafka.apache.org <ma...@kafka.apache.org>>
>> Date: 06/12/2017 10:11 AM
>> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
>> Permission of OffsetFetch
>>
>>
>>
>> Hi Vahid,
>>
>> I think you make a valid point that the ACLs controlling group
>> operations are not very intuitive.
>>
>> This is probably a dumb question, but why are we using Read for mutating
>> APIs? Shouldn't that be Write?
>>
>> The distinction between Describe and Read makes a lot of sense for
>> Topics. A group isn't really something that you "read" from in the same
>> way as a topic, so it always felt kind of weird there.
>>
>> best,
>> Colin
>>
>>
>> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>>
>> Hi all,
>>
>> I'm resending my earlier note hoping it would spark some conversation
>> this
>> time around :)
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: "Vahid S Hashemian" *<vahidhashemian@us.ibm.com <ma...@us.ibm.com>>*
>> <vahidhashemian@us.ibm.com <ma...@us.ibm.com>>
>> To: dev *<dev@kafka.apache.org <ma...@kafka.apache.org>>* <dev@kafka.apache.org <ma...@kafka.apache.org>>, "Kafka User"
>>
>> *<users@kafka.apache.org <ma...@kafka.apache.org>>* <users@kafka.apache.org <ma...@kafka.apache.org>>
>>
>> Date: 05/30/2017 08:33 AM
>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>> OffsetFetch
>>
>>
>>
>> Hi,
>>
>> I started a new KIP to improve the minimum required ACL permissions of
>> some of the APIs:
>>
>>
>>
>> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch* <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*>
>> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>>
>>
>>
>>
>> The KIP is to address KAFKA-4585.
>>
>> Feedback and suggestions are welcome!
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> <http://www.openbet.com/ <http://www.openbet.com/>> *Michal Borowiecki*
>> *Senior Software Engineer L4*
>> *T: * +44 208 742 1600 <(208)%20742-1600>
>> +44 203 249 8448 <(203)%20249-8448>
>>
>> *E: * *michal.borowiecki@openbet.com <ma...@openbet.com>* <michal.borowiecki@openbet.com <ma...@openbet.com>>
>> *W: * *www.openbet.com <http://www.openbet.com/>* <http://www.openbet.com/ <http://www.openbet.com/>>
>> *OpenBet Ltd*
>> Chiswick Park Building 9
>> 566 Chiswick High Rd
>> London
>> W4 5XT
>> UK
>> <https://www.openbet.com/email_promo <https://www.openbet.com/email_promo>>
>> This message is confidential and intended only for the addressee. If you
>> have received this message in error, please immediately notify the
>> *postmaster@openbet.com <ma...@openbet.com>* <postmaster@openbet.com <ma...@openbet.com>>and delete it from your
>> system as well as any copies. The content of e-mails as well as traffic
>> data may be monitored by OpenBet for employment and security purposes. To
>> protect the environment please do not print this e-mail unless necessary.
>> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick High
>> Road, London, W4 5XT, United Kingdom. A company registered in England and
>> Wales. Registered no. 3134634. VAT no. GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of OffsetFetch
Posted by Viktor Somogyi <vi...@cloudera.com>.
Hi Vahid,
+1 for OffsetFetch from me too.
I also wanted to ask the strangeness of the permissions, like why is
OffsetCommit a Read operation instead of Write which would intuitively make
more sense to me. Perhaps any expert could shed some light on this? :)
Viktor
On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
vahidhashemian@us.ibm.com> wrote:
> Hi Michal,
>
> Thanks a lot for your feedback.
>
> Your statement about Heartbeat is fair and makes sense. I'll update the
> KIP accordingly.
>
> --Vahid
>
>
>
>
> From: Michal Borowiecki <mi...@openbet.com>
> To: users@kafka.apache.org, Vahid S Hashemian <
> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> Date: 06/13/2017 01:35 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
> ------------------------------
>
>
>
> Hi Vahid,
>
> +1 wrt OffsetFetch.
>
> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
> action. I don't think that's true as the GroupCoordinator updates the
> latestHeartbeat field for the member and adds a new object to the
> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> called from handleHeartbeat()
>
> NB added dev mailing list back into CC as it seems to have been lost along
> the way.
>
> Cheers,
>
> Michał
>
>
> On 12/06/17 18:47, Vahid S Hashemian wrote:
> Hi Colin,
>
> Thanks for the feedback.
>
> To be honest, I'm not sure either why Read was selected instead of Write
> for mutating APIs in the initial design (I asked Ewen on the corresponding
> JIRA and he seemed unsure too).
> Perhaps someone who was involved in the design can clarify.
>
> Thanks.
> --Vahid
>
>
>
>
> From: Colin McCabe *<cm...@apache.org>* <cm...@apache.org>
> To: *users@kafka.apache.org* <us...@kafka.apache.org>
> Date: 06/12/2017 10:11 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Hi Vahid,
>
> I think you make a valid point that the ACLs controlling group
> operations are not very intuitive.
>
> This is probably a dumb question, but why are we using Read for mutating
> APIs? Shouldn't that be Write?
>
> The distinction between Describe and Read makes a lot of sense for
> Topics. A group isn't really something that you "read" from in the same
> way as a topic, so it always felt kind of weird there.
>
> best,
> Colin
>
>
> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>
> Hi all,
>
> I'm resending my earlier note hoping it would spark some conversation
> this
> time around :)
>
> Thanks.
> --Vahid
>
>
>
>
> From: "Vahid S Hashemian" *<va...@us.ibm.com>*
> <va...@us.ibm.com>
> To: dev *<de...@kafka.apache.org>* <de...@kafka.apache.org>, "Kafka User"
>
> *<us...@kafka.apache.org>* <us...@kafka.apache.org>
>
> Date: 05/30/2017 08:33 AM
> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> OffsetFetch
>
>
>
> Hi,
>
> I started a new KIP to improve the minimum required ACL permissions of
> some of the APIs:
>
>
>
> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>
>
>
>
> The KIP is to address KAFKA-4585.
>
> Feedback and suggestions are welcome!
>
> Thanks.
> --Vahid
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> <http://www.openbet.com/> *Michal Borowiecki*
> *Senior Software Engineer L4*
> *T: * +44 208 742 1600 <(208)%20742-1600>
> +44 203 249 8448 <(203)%20249-8448>
>
> *E: * *michal.borowiecki@openbet.com* <mi...@openbet.com>
> *W: * *www.openbet.com* <http://www.openbet.com/>
> *OpenBet Ltd*
> Chiswick Park Building 9
> 566 Chiswick High Rd
> London
> W4 5XT
> UK
> <https://www.openbet.com/email_promo>
> This message is confidential and intended only for the addressee. If you
> have received this message in error, please immediately notify the
> *postmaster@openbet.com* <po...@openbet.com>and delete it from your
> system as well as any copies. The content of e-mails as well as traffic
> data may be monitored by OpenBet for employment and security purposes. To
> protect the environment please do not print this e-mail unless necessary.
> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick High
> Road, London, W4 5XT, United Kingdom. A company registered in England and
> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
>
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of OffsetFetch
Posted by Viktor Somogyi <vi...@cloudera.com>.
Hi Vahid,
+1 for OffsetFetch from me too.
I also wanted to ask the strangeness of the permissions, like why is
OffsetCommit a Read operation instead of Write which would intuitively make
more sense to me. Perhaps any expert could shed some light on this? :)
Viktor
On Tue, Jun 13, 2017 at 2:38 PM, Vahid S Hashemian <
vahidhashemian@us.ibm.com> wrote:
> Hi Michal,
>
> Thanks a lot for your feedback.
>
> Your statement about Heartbeat is fair and makes sense. I'll update the
> KIP accordingly.
>
> --Vahid
>
>
>
>
> From: Michal Borowiecki <mi...@openbet.com>
> To: users@kafka.apache.org, Vahid S Hashemian <
> vahidhashemian@us.ibm.com>, dev@kafka.apache.org
> Date: 06/13/2017 01:35 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
> ------------------------------
>
>
>
> Hi Vahid,
>
> +1 wrt OffsetFetch.
>
> The "Additional Food for Thought" mentions Heartbeat as a non-mutating
> action. I don't think that's true as the GroupCoordinator updates the
> latestHeartbeat field for the member and adds a new object to the
> heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
> called from handleHeartbeat()
>
> NB added dev mailing list back into CC as it seems to have been lost along
> the way.
>
> Cheers,
>
> Michał
>
>
> On 12/06/17 18:47, Vahid S Hashemian wrote:
> Hi Colin,
>
> Thanks for the feedback.
>
> To be honest, I'm not sure either why Read was selected instead of Write
> for mutating APIs in the initial design (I asked Ewen on the corresponding
> JIRA and he seemed unsure too).
> Perhaps someone who was involved in the design can clarify.
>
> Thanks.
> --Vahid
>
>
>
>
> From: Colin McCabe *<cm...@apache.org>* <cm...@apache.org>
> To: *users@kafka.apache.org* <us...@kafka.apache.org>
> Date: 06/12/2017 10:11 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Hi Vahid,
>
> I think you make a valid point that the ACLs controlling group
> operations are not very intuitive.
>
> This is probably a dumb question, but why are we using Read for mutating
> APIs? Shouldn't that be Write?
>
> The distinction between Describe and Read makes a lot of sense for
> Topics. A group isn't really something that you "read" from in the same
> way as a topic, so it always felt kind of weird there.
>
> best,
> Colin
>
>
> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>
> Hi all,
>
> I'm resending my earlier note hoping it would spark some conversation
> this
> time around :)
>
> Thanks.
> --Vahid
>
>
>
>
> From: "Vahid S Hashemian" *<va...@us.ibm.com>*
> <va...@us.ibm.com>
> To: dev *<de...@kafka.apache.org>* <de...@kafka.apache.org>, "Kafka User"
>
> *<us...@kafka.apache.org>* <us...@kafka.apache.org>
>
> Date: 05/30/2017 08:33 AM
> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> OffsetFetch
>
>
>
> Hi,
>
> I started a new KIP to improve the minimum required ACL permissions of
> some of the APIs:
>
>
>
> *https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch*
> <https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch>
>
>
>
> The KIP is to address KAFKA-4585.
>
> Feedback and suggestions are welcome!
>
> Thanks.
> --Vahid
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> <http://www.openbet.com/> *Michal Borowiecki*
> *Senior Software Engineer L4*
> *T: * +44 208 742 1600 <(208)%20742-1600>
> +44 203 249 8448 <(203)%20249-8448>
>
> *E: * *michal.borowiecki@openbet.com* <mi...@openbet.com>
> *W: * *www.openbet.com* <http://www.openbet.com/>
> *OpenBet Ltd*
> Chiswick Park Building 9
> 566 Chiswick High Rd
> London
> W4 5XT
> UK
> <https://www.openbet.com/email_promo>
> This message is confidential and intended only for the addressee. If you
> have received this message in error, please immediately notify the
> *postmaster@openbet.com* <po...@openbet.com>and delete it from your
> system as well as any copies. The content of e-mails as well as traffic
> data may be monitored by OpenBet for employment and security purposes. To
> protect the environment please do not print this e-mail unless necessary.
> OpenBet Ltd. Registered Office: Chiswick Park Building 9, 566 Chiswick High
> Road, London, W4 5XT, United Kingdom. A company registered in England and
> Wales. Registered no. 3134634. VAT no. GB927523612
>
>
>
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Vahid S Hashemian <va...@us.ibm.com>.
Hi Michal,
Thanks a lot for your feedback.
Your statement about Heartbeat is fair and makes sense. I'll update the
KIP accordingly.
--Vahid
From: Michal Borowiecki <mi...@openbet.com>
To: users@kafka.apache.org, Vahid S Hashemian
<va...@us.ibm.com>, dev@kafka.apache.org
Date: 06/13/2017 01:35 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
+1 wrt OffsetFetch.
The "Additional Food for Thought" mentions Heartbeat as a non-mutating
action. I don't think that's true as the GroupCoordinator updates the
latestHeartbeat field for the member and adds a new object to the
heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
called from handleHeartbeat()
NB added dev mailing list back into CC as it seems to have been lost along
the way.
Cheers,
Michał
On 12/06/17 18:47, Vahid S Hashemian wrote:
Hi Colin,
Thanks for the feedback.
To be honest, I'm not sure either why Read was selected instead of Write
for mutating APIs in the initial design (I asked Ewen on the corresponding
JIRA and he seemed unsure too).
Perhaps someone who was involved in the design can clarify.
Thanks.
--Vahid
From: Colin McCabe <cm...@apache.org>
To: users@kafka.apache.org
Date: 06/12/2017 10:11 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
I think you make a valid point that the ACLs controlling group
operations are not very intuitive.
This is probably a dumb question, but why are we using Read for mutating
APIs? Shouldn't that be Write?
The distinction between Describe and Read makes a lot of sense for
Topics. A group isn't really something that you "read" from in the same
way as a topic, so it always felt kind of weird there.
best,
Colin
On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
Hi all,
I'm resending my earlier note hoping it would spark some conversation
this
time around :)
Thanks.
--Vahid
From: "Vahid S Hashemian" <va...@us.ibm.com>
To: dev <de...@kafka.apache.org>, "Kafka User"
<us...@kafka.apache.org>
Date: 05/30/2017 08:33 AM
Subject: KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Hi,
I started a new KIP to improve the minimum required ACL permissions of
some of the APIs:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
The KIP is to address KAFKA-4585.
Feedback and suggestions are welcome!
Thanks.
--Vahid
--
Michal Borowiecki
Senior Software Engineer L4
T:
+44 208 742 1600
+44 203 249 8448
E:
michal.borowiecki@openbet.com
W:
www.openbet.com
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com and delete it from your system as well as any
copies. The content of e-mails as well as traffic data may be monitored by
OpenBet for employment and security purposes. To protect the environment
please do not print this e-mail unless necessary. OpenBet Ltd. Registered
Office: Chiswick Park Building 9, 566 Chiswick High Road, London, W4 5XT,
United Kingdom. A company registered in England and Wales. Registered no.
3134634. VAT no. GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Vahid S Hashemian <va...@us.ibm.com>.
Hi Michal,
Thanks a lot for your feedback.
Your statement about Heartbeat is fair and makes sense. I'll update the
KIP accordingly.
--Vahid
From: Michal Borowiecki <mi...@openbet.com>
To: users@kafka.apache.org, Vahid S Hashemian
<va...@us.ibm.com>, dev@kafka.apache.org
Date: 06/13/2017 01:35 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
+1 wrt OffsetFetch.
The "Additional Food for Thought" mentions Heartbeat as a non-mutating
action. I don't think that's true as the GroupCoordinator updates the
latestHeartbeat field for the member and adds a new object to the
heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
called from handleHeartbeat()
NB added dev mailing list back into CC as it seems to have been lost along
the way.
Cheers,
Michał
On 12/06/17 18:47, Vahid S Hashemian wrote:
Hi Colin,
Thanks for the feedback.
To be honest, I'm not sure either why Read was selected instead of Write
for mutating APIs in the initial design (I asked Ewen on the corresponding
JIRA and he seemed unsure too).
Perhaps someone who was involved in the design can clarify.
Thanks.
--Vahid
From: Colin McCabe <cm...@apache.org>
To: users@kafka.apache.org
Date: 06/12/2017 10:11 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
I think you make a valid point that the ACLs controlling group
operations are not very intuitive.
This is probably a dumb question, but why are we using Read for mutating
APIs? Shouldn't that be Write?
The distinction between Describe and Read makes a lot of sense for
Topics. A group isn't really something that you "read" from in the same
way as a topic, so it always felt kind of weird there.
best,
Colin
On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
Hi all,
I'm resending my earlier note hoping it would spark some conversation
this
time around :)
Thanks.
--Vahid
From: "Vahid S Hashemian" <va...@us.ibm.com>
To: dev <de...@kafka.apache.org>, "Kafka User"
<us...@kafka.apache.org>
Date: 05/30/2017 08:33 AM
Subject: KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Hi,
I started a new KIP to improve the minimum required ACL permissions of
some of the APIs:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
The KIP is to address KAFKA-4585.
Feedback and suggestions are welcome!
Thanks.
--Vahid
--
Michal Borowiecki
Senior Software Engineer L4
T:
+44 208 742 1600
+44 203 249 8448
E:
michal.borowiecki@openbet.com
W:
www.openbet.com
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com and delete it from your system as well as any
copies. The content of e-mails as well as traffic data may be monitored by
OpenBet for employment and security purposes. To protect the environment
please do not print this e-mail unless necessary. OpenBet Ltd. Registered
Office: Chiswick Park Building 9, 566 Chiswick High Road, London, W4 5XT,
United Kingdom. A company registered in England and Wales. Registered no.
3134634. VAT no. GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Michal Borowiecki <mi...@openbet.com>.
Hi Vahid,
+1 wrt OffsetFetch.
The "Additional Food for Thought" mentions Heartbeat as a non-mutating
action. I don't think that's true as the GroupCoordinator updates the
latestHeartbeat field for the member and adds a new object to the
heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
called from handleHeartbeat()
NB added dev mailing list back into CC as it seems to have been lost
along the way.
Cheers,
Michał
On 12/06/17 18:47, Vahid S Hashemian wrote:
> Hi Colin,
>
> Thanks for the feedback.
>
> To be honest, I'm not sure either why Read was selected instead of Write
> for mutating APIs in the initial design (I asked Ewen on the corresponding
> JIRA and he seemed unsure too).
> Perhaps someone who was involved in the design can clarify.
>
> Thanks.
> --Vahid
>
>
>
>
> From: Colin McCabe <cm...@apache.org>
> To: users@kafka.apache.org
> Date: 06/12/2017 10:11 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Hi Vahid,
>
> I think you make a valid point that the ACLs controlling group
> operations are not very intuitive.
>
> This is probably a dumb question, but why are we using Read for mutating
> APIs? Shouldn't that be Write?
>
> The distinction between Describe and Read makes a lot of sense for
> Topics. A group isn't really something that you "read" from in the same
> way as a topic, so it always felt kind of weird there.
>
> best,
> Colin
>
>
> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>> Hi all,
>>
>> I'm resending my earlier note hoping it would spark some conversation
>> this
>> time around :)
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: "Vahid S Hashemian" <va...@us.ibm.com>
>> To: dev <de...@kafka.apache.org>, "Kafka User"
> <us...@kafka.apache.org>
>> Date: 05/30/2017 08:33 AM
>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>> OffsetFetch
>>
>>
>>
>> Hi,
>>
>> I started a new KIP to improve the minimum required ACL permissions of
>> some of the APIs:
>>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>
>> The KIP is to address KAFKA-4585.
>>
>> Feedback and suggestions are welcome!
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>>
>
>
>
>
>
--
Signature
<http://www.openbet.com/> Michal Borowiecki
Senior Software Engineer L4
T: +44 208 742 1600
+44 203 249 8448
E: michal.borowiecki@openbet.com
W: www.openbet.com <http://www.openbet.com/>
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo>
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com <ma...@openbet.com> and delete it
from your system as well as any copies. The content of e-mails as well
as traffic data may be monitored by OpenBet for employment and security
purposes. To protect the environment please do not print this e-mail
unless necessary. OpenBet Ltd. Registered Office: Chiswick Park Building
9, 566 Chiswick High Road, London, W4 5XT, United Kingdom. A company
registered in England and Wales. Registered no. 3134634. VAT no.
GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Michal Borowiecki <mi...@openbet.com>.
Hi Vahid,
+1 wrt OffsetFetch.
The "Additional Food for Thought" mentions Heartbeat as a non-mutating
action. I don't think that's true as the GroupCoordinator updates the
latestHeartbeat field for the member and adds a new object to the
heartbeatPurgatory, see completeAndScheduleNextHeartbeatExpiration()
called from handleHeartbeat()
NB added dev mailing list back into CC as it seems to have been lost
along the way.
Cheers,
Michał
On 12/06/17 18:47, Vahid S Hashemian wrote:
> Hi Colin,
>
> Thanks for the feedback.
>
> To be honest, I'm not sure either why Read was selected instead of Write
> for mutating APIs in the initial design (I asked Ewen on the corresponding
> JIRA and he seemed unsure too).
> Perhaps someone who was involved in the design can clarify.
>
> Thanks.
> --Vahid
>
>
>
>
> From: Colin McCabe <cm...@apache.org>
> To: users@kafka.apache.org
> Date: 06/12/2017 10:11 AM
> Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
> Permission of OffsetFetch
>
>
>
> Hi Vahid,
>
> I think you make a valid point that the ACLs controlling group
> operations are not very intuitive.
>
> This is probably a dumb question, but why are we using Read for mutating
> APIs? Shouldn't that be Write?
>
> The distinction between Describe and Read makes a lot of sense for
> Topics. A group isn't really something that you "read" from in the same
> way as a topic, so it always felt kind of weird there.
>
> best,
> Colin
>
>
> On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
>> Hi all,
>>
>> I'm resending my earlier note hoping it would spark some conversation
>> this
>> time around :)
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>> From: "Vahid S Hashemian" <va...@us.ibm.com>
>> To: dev <de...@kafka.apache.org>, "Kafka User"
> <us...@kafka.apache.org>
>> Date: 05/30/2017 08:33 AM
>> Subject: KIP-163: Lower the Minimum Required ACL Permission of
>> OffsetFetch
>>
>>
>>
>> Hi,
>>
>> I started a new KIP to improve the minimum required ACL permissions of
>> some of the APIs:
>>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>
>> The KIP is to address KAFKA-4585.
>>
>> Feedback and suggestions are welcome!
>>
>> Thanks.
>> --Vahid
>>
>>
>>
>>
>>
>
>
>
>
>
--
Signature
<http://www.openbet.com/> Michal Borowiecki
Senior Software Engineer L4
T: +44 208 742 1600
+44 203 249 8448
E: michal.borowiecki@openbet.com
W: www.openbet.com <http://www.openbet.com/>
OpenBet Ltd
Chiswick Park Building 9
566 Chiswick High Rd
London
W4 5XT
UK
<https://www.openbet.com/email_promo>
This message is confidential and intended only for the addressee. If you
have received this message in error, please immediately notify the
postmaster@openbet.com <ma...@openbet.com> and delete it
from your system as well as any copies. The content of e-mails as well
as traffic data may be monitored by OpenBet for employment and security
purposes. To protect the environment please do not print this e-mail
unless necessary. OpenBet Ltd. Registered Office: Chiswick Park Building
9, 566 Chiswick High Road, London, W4 5XT, United Kingdom. A company
registered in England and Wales. Registered no. 3134634. VAT no.
GB927523612
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Vahid S Hashemian <va...@us.ibm.com>.
Hi Colin,
Thanks for the feedback.
To be honest, I'm not sure either why Read was selected instead of Write
for mutating APIs in the initial design (I asked Ewen on the corresponding
JIRA and he seemed unsure too).
Perhaps someone who was involved in the design can clarify.
Thanks.
--Vahid
From: Colin McCabe <cm...@apache.org>
To: users@kafka.apache.org
Date: 06/12/2017 10:11 AM
Subject: Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL
Permission of OffsetFetch
Hi Vahid,
I think you make a valid point that the ACLs controlling group
operations are not very intuitive.
This is probably a dumb question, but why are we using Read for mutating
APIs? Shouldn't that be Write?
The distinction between Describe and Read makes a lot of sense for
Topics. A group isn't really something that you "read" from in the same
way as a topic, so it always felt kind of weird there.
best,
Colin
On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> Hi all,
>
> I'm resending my earlier note hoping it would spark some conversation
> this
> time around :)
>
> Thanks.
> --Vahid
>
>
>
>
> From: "Vahid S Hashemian" <va...@us.ibm.com>
> To: dev <de...@kafka.apache.org>, "Kafka User"
<us...@kafka.apache.org>
> Date: 05/30/2017 08:33 AM
> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> OffsetFetch
>
>
>
> Hi,
>
> I started a new KIP to improve the minimum required ACL permissions of
> some of the APIs:
>
https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>
> The KIP is to address KAFKA-4585.
>
> Feedback and suggestions are welcome!
>
> Thanks.
> --Vahid
>
>
>
>
>
Re: [DISCUSS] KIP-163: Lower the Minimum Required ACL Permission of
OffsetFetch
Posted by Colin McCabe <cm...@apache.org>.
Hi Vahid,
I think you make a valid point that the ACLs controlling group
operations are not very intuitive.
This is probably a dumb question, but why are we using Read for mutating
APIs? Shouldn't that be Write?
The distinction between Describe and Read makes a lot of sense for
Topics. A group isn't really something that you "read" from in the same
way as a topic, so it always felt kind of weird there.
best,
Colin
On Thu, Jun 8, 2017, at 11:29, Vahid S Hashemian wrote:
> Hi all,
>
> I'm resending my earlier note hoping it would spark some conversation
> this
> time around :)
>
> Thanks.
> --Vahid
>
>
>
>
> From: "Vahid S Hashemian" <va...@us.ibm.com>
> To: dev <de...@kafka.apache.org>, "Kafka User" <us...@kafka.apache.org>
> Date: 05/30/2017 08:33 AM
> Subject: KIP-163: Lower the Minimum Required ACL Permission of
> OffsetFetch
>
>
>
> Hi,
>
> I started a new KIP to improve the minimum required ACL permissions of
> some of the APIs:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-163%3A+Lower+the+Minimum+Required+ACL+Permission+of+OffsetFetch
>
> The KIP is to address KAFKA-4585.
>
> Feedback and suggestions are welcome!
>
> Thanks.
> --Vahid
>
>
>
>
>