You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Parth Brahmbhatt <br...@gmail.com> on 2015/07/10 03:00:48 UTC
Re: Review Request 34492: Patch for KAFKA-2210
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated July 10, 2015, 1 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.java PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
core/src/main/scala/kafka/server/KafkaConfig.scala c1f0ccad4900d74e41936fae4c6c2235fe9314fe
core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91638
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 24)
<https://reviews.apache.org/r/34492/#comment145163>
nit: you could swap this line with the previous one and use ''WildcardHost'' instead on a String literal on WildCardPrincipal declaration.
- Edward Ribeiro
On July 14, 2015, 5:02 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 5:02 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 14, 2015, 11:12 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 25
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011776#file1011776line25>
> >
> > In KafkaPrincipal you split like:
> >
> > val arr: Array[String] = str.split(Separator, 2) //only split in two parts
> >
> > But here you just call split without a second parameter. Choose one way and uniform the use. :)
done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91676
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91676
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Resource.scala (line 25)
<https://reviews.apache.org/r/34492/#comment145244>
In KafkaPrincipal you split like:
val arr: Array[String] = str.split(Separator, 2) //only split in two parts
But here you just call split without a second parameter. Choose one way and uniform the use. :)
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91680
-----------------------------------------------------------
core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 24)
<https://reviews.apache.org/r/34492/#comment145247>
This test class only tests for a well formed JSON string. Wouldn't be nice to include some tests for when a JSON String has wrong values, like an invalid permissionType or operation? Or even when some of those key-values are lacking? Just a guess.
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > Thanks for the patch. A few comments below.
> >
> > Also,
> > 1. For making user/group case-insensitive, could you start a discussion thread on the dev mailing list to see if anyone has concerns on this?
> > 2. Got the following compilation error. It seems that some files like Session are missing.
> >
> > /Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:20: value Session is not a member of object kafka.network.RequestChannel
> > import kafka.network.RequestChannel.Session
> > ^
> > /Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:44: not found: type Session
> > def authorize(session: Session, operation: Operation, resource: Resource): Boolean
1. Ok, but based on my experience any discussion thread would mean we will end up holding up this PR for longer and KafkaAPI class keeps changing which makes upmerging to trunk a PITA. Can we go with case sensitive for now which is more restrictive and if the discussion thread comes back with case insensitive vote I can change the behavior at that point.
2. This change assumes https://issues.apache.org/jira/browse/KAFKA-1683 is committed and uses session object from that Patch.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 23
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line23>
> >
> > Intead of using "user", it's probably better to reference KafkaPrincipal.UserType.
Done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 52
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line52>
> >
> > principal should be principals.
> >
> > Also, would it be better to represent each principal as {"type": "user", "name": "alice"}?
fixed principal -> principals.
I like it the way it is right now, easier on my eyes but dont mind changing it.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 80
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line80>
> >
> > Is this needed? acls is already a set.
This is where scala is baffelling me right now and I need to read up.
acls is collection.mutable.HashSet and it won't let me return that where a Set is expected so I must do a .toSet
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 91-101
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line91>
> >
> > Since during the authorization, we are already dealing with a set of Acls. Would it be better to just model each Acl as a single KafkaPrincipal, with a single permission, on a single host and single operation? Intuitively, an Acl should probably also include a Resource.
> >
> > This will make deduping Acls easier. In the current data structure. You can have
> >
> > acl1 = {principal1,principal2) ALLOW READ
> >
> > acl2 = {principal1) ALLOW READ
> >
> > They are not equal, but Acl2 is redundant given acl1. It's a bit involved to determine that Acl2 is redundant. Instead, if you have
> >
> > acl1 = principal1 ALLOW READ
> > acl2 = principal2 ALLOW READ
> >
> > you can't add redundant acl2 again.
The problem with that approach is increased Admin pain when trying to grant same access to multiple principals. When an admin wants to add same permission to say 5 principals he will now have to issue the same command 5 times with only the principal param changing. I think if we want to avoid duplicate acls, the implementation might get a bit more complicated but it is still doable and it might be better to reduce the admin pain given the added complexity for de-duping is probably very small.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 101
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line101>
> >
> > To be consistent, need space after comma. There are a few other places like that. Could you address them all?
Done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 120
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line120>
> >
> > No need for the bracket on isInstanceOf.
done
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011773#file1011773line41>
> >
> > Space after comma.
done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 104-106
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011778#file1011778line104>
> >
> > Our current coding convention is not to wrap single line statement with {}. Also, in the message string, we should use the specific leaderAndIsrRequest.
> >
> > Ditto below.
Done, for all 4 occurrences.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 628
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011778#file1011778line628>
> >
> > space after if.
Done, fixed this in few other classes.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 657-662
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011778#file1011778line657>
> >
> > Hmm, since there is a single error code in JoinGroupResponse, we should probably just return with an error and an empty partition list if at least one of the topics is not authorized. Returning an error with a non-empty partition list will make it hard for the clients to deal with.
Done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 70
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line70>
> >
> > aclMap.get(AclsKey).get can just be aclMap(AclsKey).
done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, lines 43-44
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011774#file1011774line43>
> >
> > Should we throw KafkaException to the caller if the input doesn't match any operation?
Done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaConfig.scala, line 170
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011779#file1011779line170>
> >
> > Now that KafkaConfig is an AbstractConfig, it's better to embed the authorizer specific properties through KafkaConfig itself and make the Authorizer a Configurable. See how org.apache.kafka.clients.producer.partitioner is implemented and used through the producer config.
Done.
> On July 16, 2015, 2:16 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 36
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011772#file1011772line36>
> >
> > It's better to make the Authorizer implement the Configurable interface.
Done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91836
-----------------------------------------------------------
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91836
-----------------------------------------------------------
Thanks for the patch. A few comments below.
Also,
1. For making user/group case-insensitive, could you start a discussion thread on the dev mailing list to see if anyone has concerns on this?
2. Got the following compilation error. It seems that some files like Session are missing.
/Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:20: value Session is not a member of object kafka.network.RequestChannel
import kafka.network.RequestChannel.Session
^
/Users/junrao/intellij/kafka/core/src/main/scala/kafka/security/auth/Authorizer.scala:44: not found: type Session
def authorize(session: Session, operation: Operation, resource: Resource): Boolean
core/src/main/scala/kafka/security/auth/Acl.scala (line 23)
<https://reviews.apache.org/r/34492/#comment145482>
Intead of using "user", it's probably better to reference KafkaPrincipal.UserType.
core/src/main/scala/kafka/security/auth/Acl.scala (line 52)
<https://reviews.apache.org/r/34492/#comment145529>
principal should be principals.
Also, would it be better to represent each principal as {"type": "user", "name": "alice"}?
core/src/main/scala/kafka/security/auth/Acl.scala (line 70)
<https://reviews.apache.org/r/34492/#comment145518>
aclMap.get(AclsKey).get can just be aclMap(AclsKey).
core/src/main/scala/kafka/security/auth/Acl.scala (line 80)
<https://reviews.apache.org/r/34492/#comment145531>
Is this needed? acls is already a set.
core/src/main/scala/kafka/security/auth/Acl.scala (lines 91 - 101)
<https://reviews.apache.org/r/34492/#comment145540>
Since during the authorization, we are already dealing with a set of Acls. Would it be better to just model each Acl as a single KafkaPrincipal, with a single permission, on a single host and single operation? Intuitively, an Acl should probably also include a Resource.
This will make deduping Acls easier. In the current data structure. You can have
acl1 = {principal1,principal2) ALLOW READ
acl2 = {principal1) ALLOW READ
They are not equal, but Acl2 is redundant given acl1. It's a bit involved to determine that Acl2 is redundant. Instead, if you have
acl1 = principal1 ALLOW READ
acl2 = principal2 ALLOW READ
you can't add redundant acl2 again.
core/src/main/scala/kafka/security/auth/Acl.scala (line 101)
<https://reviews.apache.org/r/34492/#comment145533>
To be consistent, need space after comma. There are a few other places like that. Could you address them all?
core/src/main/scala/kafka/security/auth/Acl.scala (line 120)
<https://reviews.apache.org/r/34492/#comment145534>
No need for the bracket on isInstanceOf.
core/src/main/scala/kafka/security/auth/Authorizer.scala (line 36)
<https://reviews.apache.org/r/34492/#comment145536>
It's better to make the Authorizer implement the Configurable interface.
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 23)
<https://reviews.apache.org/r/34492/#comment145481>
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 41)
<https://reviews.apache.org/r/34492/#comment145480>
Space after comma.
core/src/main/scala/kafka/security/auth/Operation.scala (lines 43 - 44)
<https://reviews.apache.org/r/34492/#comment145541>
Should we throw KafkaException to the caller if the input doesn't match any operation?
core/src/main/scala/kafka/server/KafkaApis.scala (lines 101 - 103)
<https://reviews.apache.org/r/34492/#comment145543>
Our current coding convention is not to wrap single line statement with {}. Also, in the message string, we should use the specific leaderAndIsrRequest.
Ditto below.
core/src/main/scala/kafka/server/KafkaApis.scala (line 207)
<https://reviews.apache.org/r/34492/#comment145544>
This is not introduced in this patch, but could you change map(_._1 to map {case(topicAndPartition, _ ?
core/src/main/scala/kafka/server/KafkaApis.scala (line 624)
<https://reviews.apache.org/r/34492/#comment145545>
space after if.
core/src/main/scala/kafka/server/KafkaApis.scala (lines 653 - 658)
<https://reviews.apache.org/r/34492/#comment145546>
Hmm, since there is a single error code in JoinGroupResponse, we should probably just return with an error and an empty partition list if at least one of the topics is not authorized. Returning an error with a non-empty partition list will make it hard for the clients to deal with.
core/src/main/scala/kafka/server/KafkaConfig.scala (line 170)
<https://reviews.apache.org/r/34492/#comment145535>
Now that KafkaConfig is an AbstractConfig, it's better to embed the authorizer specific properties through KafkaConfig itself and make the Authorizer a Configurable. See how org.apache.kafka.clients.producer.partitioner is implemented and used through the producer config.
- Jun Rao
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91682
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/ResourceType.scala (line 45)
<https://reviews.apache.org/r/34492/#comment145249>
Same comment as Permission, and PermissionType, plus the 'return' is redundant, no?
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 14, 2015, 11:09 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 40
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011775#file1011775line40>
> >
> > Same comment of Operation.scala also applies here. In addition, the return is redundant, right?
Done
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91675
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91675
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/PermissionType.scala (line 40)
<https://reviews.apache.org/r/34492/#comment145243>
Same comment of Operation.scala also applies here. In addition, the return is redundant, right?
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 16, 2015, 10:32 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, lines 43-44
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011774#file1011774line43>
> >
> > +1. As of today, it spills out a Match error that can be confusing to figure out. An KafkaException with a proper error message is best, imo.
Done. Also added unit tests.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91980
-----------------------------------------------------------
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91980
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Operation.scala (lines 43 - 44)
<https://reviews.apache.org/r/34492/#comment145753>
+1. As of today, it spills out a Match error that can be confusing to figure out. An KafkaException with a proper error message is best, imo.
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 14, 2015, 11:01 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 24
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line24>
> >
> > nit: what about switch this lines 23 and 24 and then use WildCardHost as replacement for the second literal parameter of new KafkaPrincipal?
I actually like it the way it is right now.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91672
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91672
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 24)
<https://reviews.apache.org/r/34492/#comment145239>
nit: what about switch this lines 23 and 24 and then use WildCardHost as replacement for the second literal parameter of new KafkaPrincipal?
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:57 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 151
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line151>
> >
> > Please, put a space between ``if`` and ``(`` here.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92355
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92355
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 148)
<https://reviews.apache.org/r/34492/#comment146486>
Please, put a space between ``if`` and ``(`` here.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 2:13 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 21
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017300#file1017300line21>
> >
> > the semi-colon is trying to scape here, catch it! :)
Indeed it was, removed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92359
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92359
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/PermissionType.scala (line 21)
<https://reviews.apache.org/r/34492/#comment146490>
the semi-colon is trying to scape here, catch it! :)
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 2:02 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 139
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line139>
> >
> > Put a space between ``if`` and ``(``.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92357
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92357
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 136)
<https://reviews.apache.org/r/34492/#comment146488>
Put a space between ``if`` and ``(``.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:59 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 540
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line540>
> >
> > Please, put a space between ``if`` and ``(``.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92356
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92356
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 536)
<https://reviews.apache.org/r/34492/#comment146487>
Please, put a space between ``if`` and ``(``.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 84-87
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037027#file1037027line84>
> >
> > Do we need the case match here since acls is always a Set?
Fixed.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/ResourceType.scala, line 21
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037033#file1037033line21>
> >
> > Not needed.
Fixed.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line104>
> >
> > If authorizer is not specified, getOrElse() should return true, right? There are a few other places like that.
Fixed.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 189-192
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line189>
> >
> > For coding style, to be consistent with most existing code, it seems it's better to do authorizer.map{ ... }.getOrElse().
Done.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 641-644
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line641>
> >
> > The current logic requires that we grant CREATE on CLUSTER to the consumer, which is a bit weird. Perhaps we should just always allow the consumer to create the offset topic as long as it has the permission to read the topic and the consumer group. That way, we don't have to grant CREATE permssion to the consumer.
Done.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 677
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line677>
> >
> > It seems the test on errorCode == ErrorMapping.NoError is unnecessary.
The code tries to priortize non authoirzation errors above authorization error. We can only send one error code and IMO if we have an error other than Authorization error we should propogate that to the user.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 553
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line553>
> >
> > Currently, metadataCache.getTopicMetadata() will return all the metadata of all topics if the input topic is empty. This causes a couple of issues here. (1) If authorizedTopics is empty, we end up returning more topics than needed. (2) If the original request has an empty topic list, we will return the metadata of all topics whether the client has the DESCRIBE permission or not.
Fixed.
> On Aug. 20, 2015, 1:07 a.m., Jun Rao wrote:
> > core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala, line 30
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037042#file1037042line30>
> >
> > We removed this class in KAFKA-2288 since it's no longer necessary.
Removed the class.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95801
-----------------------------------------------------------
On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2015, 6:27 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 0e7ba3ede78dbc995c404e0387a6be687703836a
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95801
-----------------------------------------------------------
Thanks for the patch. A few comments below. There is a unit test failure.
kafka.server.KafkaConfigTest > testFromPropsInvalid FAILED
org.scalatest.junit.JUnitTestFailedError: Expected exception java.lang.Exception to be thrown, but no exception was thrown.
at org.scalatest.junit.AssertionsForJUnit$class.newAssertionFailedException(AssertionsForJUnit.scala:102)
at org.scalatest.junit.JUnit3Suite.newAssertionFailedException(JUnit3Suite.scala:147)
at org.scalatest.Assertions$class.intercept(Assertions.scala:1014)
at org.scalatest.junit.JUnit3Suite.intercept(JUnit3Suite.scala:147)
at kafka.server.KafkaConfigTest$$anonfun$kafka$server$KafkaConfigTest$$assertPropertyInvalid$1.apply(KafkaConfigTest.scala:529)
at kafka.server.KafkaConfigTest$$anonfun$kafka$server$KafkaConfigTest$$assertPropertyInvalid$1.apply(KafkaConfigTest.scala:526)
at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33)
at scala.collection.mutable.WrappedArray.foreach(WrappedArray.scala:34)
at kafka.server.KafkaConfigTest.kafka$server$KafkaConfigTest$$assertPropertyInvalid(KafkaConfigTest.scala:526)
at kafka.server.KafkaConfigTest$$anonfun$testFromPropsInvalid$1.apply(KafkaConfigTest.scala:484)
at kafka.server.KafkaConfigTest$$anonfun$testFromPropsInvalid$1.apply(KafkaConfigTest.scala:395)
at scala.collection.immutable.List.foreach(List.scala:318)
at kafka.server.KafkaConfigTest.testFromPropsInvalid(KafkaConfigTest.scala:395)
core/src/main/scala/kafka/security/auth/Acl.scala (lines 84 - 87)
<https://reviews.apache.org/r/34492/#comment150944>
Do we need the case match here since acls is always a Set?
core/src/main/scala/kafka/security/auth/ResourceType.scala (line 21)
<https://reviews.apache.org/r/34492/#comment151082>
Not needed.
core/src/main/scala/kafka/server/KafkaApis.scala (line 101)
<https://reviews.apache.org/r/34492/#comment151087>
If authorizer is not specified, getOrElse() should return true, right? There are a few other places like that.
core/src/main/scala/kafka/server/KafkaApis.scala (lines 186 - 189)
<https://reviews.apache.org/r/34492/#comment151098>
For coding style, to be consistent with most existing code, it seems it's better to do authorizer.map{ ... }.getOrElse().
core/src/main/scala/kafka/server/KafkaApis.scala (line 549)
<https://reviews.apache.org/r/34492/#comment151097>
Currently, metadataCache.getTopicMetadata() will return all the metadata of all topics if the input topic is empty. This causes a couple of issues here. (1) If authorizedTopics is empty, we end up returning more topics than needed. (2) If the original request has an empty topic list, we will return the metadata of all topics whether the client has the DESCRIBE permission or not.
core/src/main/scala/kafka/server/KafkaApis.scala (lines 637 - 640)
<https://reviews.apache.org/r/34492/#comment151099>
The current logic requires that we grant CREATE on CLUSTER to the consumer, which is a bit weird. Perhaps we should just always allow the consumer to create the offset topic as long as it has the permission to read the topic and the consumer group. That way, we don't have to grant CREATE permssion to the consumer.
core/src/main/scala/kafka/server/KafkaApis.scala (line 673)
<https://reviews.apache.org/r/34492/#comment151100>
It seems the test on errorCode == ErrorMapping.NoError is unnecessary.
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala (line 30)
<https://reviews.apache.org/r/34492/#comment151101>
We removed this class in KAFKA-2288 since it's no longer necessary.
- Jun Rao
On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 99
> > <https://reviews.apache.org/r/34492/diff/13/?file=1055322#file1055322line99>
> >
> > I had a comment on this earlier that the current ACL representation makes it a bit hard to do dedup. Also, this makes it a bit inconvenient to remove ACLs. Basically, you have to specify the exact set of principals, hosts and operations to remove an existing ACL. Your reply is that this makes it convenient when an admin wants to add the same permission to say 5 principals.
> >
> > I was thinking that perhaps we can separate the CLI options from the underlying ACL representation. For the ACL representation, it seems that it's more natural to represent each ACL as either a <principal, permissionType, operation> or a <host, permissionType, operation> tuple. This will allow ACLs to be represented uniquely and makes dedupping easy. On the CLI side, we can take batch options for convenience, but translate them to a set of unique ACLs.
Changed.
> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 53
> > <https://reviews.apache.org/r/34492/diff/13/?file=1055322#file1055322line53>
> >
> > principal => principals
fixed.
> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, lines 48-51
> > <https://reviews.apache.org/r/34492/diff/13/?file=1055322#file1055322line48>
> >
> > DENY, READ, WRITE should probably be camel case?
fixed.
> On Aug. 31, 2015, 6:47 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/common/ErrorMapping.scala, line 57
> > <https://reviews.apache.org/r/34492/diff/13/?file=1055321#file1055321line57>
> >
> > We will need to add the new error code and the exception in org.apache.kafka.common.errors in the client as well. Currently, there are a few error codes in Errors that are missing in ErrorMapping. This will be fixed in a separate jira. In this jira, we can just start with error code 29, which is the next unused error code in Errors. The exception in the client should be of ApiException.
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96909
-----------------------------------------------------------
On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 1, 2015, 10:36 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96909
-----------------------------------------------------------
Thanks for the patch. We are getting pretty close. A few more comments below.
core/src/main/scala/kafka/common/ErrorMapping.scala (line 56)
<https://reviews.apache.org/r/34492/#comment152871>
We will need to add the new error code and the exception in org.apache.kafka.common.errors in the client as well. Currently, there are a few error codes in Errors that are missing in ErrorMapping. This will be fixed in a separate jira. In this jira, we can just start with error code 29, which is the next unused error code in Errors. The exception in the client should be of ApiException.
core/src/main/scala/kafka/security/auth/Acl.scala (lines 48 - 51)
<https://reviews.apache.org/r/34492/#comment152878>
DENY, READ, WRITE should probably be camel case?
core/src/main/scala/kafka/security/auth/Acl.scala (line 53)
<https://reviews.apache.org/r/34492/#comment152595>
principal => principals
core/src/main/scala/kafka/security/auth/Acl.scala (line 99)
<https://reviews.apache.org/r/34492/#comment152854>
I had a comment on this earlier that the current ACL representation makes it a bit hard to do dedup. Also, this makes it a bit inconvenient to remove ACLs. Basically, you have to specify the exact set of principals, hosts and operations to remove an existing ACL. Your reply is that this makes it convenient when an admin wants to add the same permission to say 5 principals.
I was thinking that perhaps we can separate the CLI options from the underlying ACL representation. For the ACL representation, it seems that it's more natural to represent each ACL as either a <principal, permissionType, operation> or a <host, permissionType, operation> tuple. This will allow ACLs to be represented uniquely and makes dedupping easy. On the CLI side, we can take batch options for convenience, but translate them to a set of unique ACLs.
- Jun Rao
On Aug. 26, 2015, 9:29 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 26, 2015, 9:29 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97481
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 296)
<https://reviews.apache.org/r/34492/#comment153374>
nope. reverted.
- Parth Brahmbhatt
On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 2, 2015, 9:50 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 039c7eb919edeedbf8f1342c6e2fdf4736e224cd
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97582
-----------------------------------------------------------
Ship it!
Thanks Parth, LGTM.
- Ismael Juma
On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 3, 2015, 12:36 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Addressing comments from Jun.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Various tweaks that make the code more readable
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Fixing compilation errors after cherry-pocking.
>
>
> Removing FIXME.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Sept. 3, 2015, 12:36 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Conflicts:
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala
Making Acl structure take only one principal, operation and host.
Merge remote-tracking branch 'origin/trunk' into az
Reverting uninteded new line change.
Addressing comments from Jun.
Merge remote-tracking branch 'origin/trunk' into az
Various tweaks that make the code more readable
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
Fixing compilation errors after cherry-pocking.
Removing FIXME.
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Sept. 3, 2015, 12:32 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Conflicts:
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala
Making Acl structure take only one principal, operation and host.
Merge remote-tracking branch 'origin/trunk' into az
Reverting uninteded new line change.
Addressing comments from Jun.
Merge remote-tracking branch 'origin/trunk' into az
Various tweaks that make the code more readable
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
Fixing compilation errors after cherry-pocking.
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Sept. 2, 2015, 11:13 p.m., Jun Rao wrote:
> > Hmm, did you attach the right patch? It doesn't seem to apply to trunk and my last round of minor comments didn't seem to get addressed. Also, one more suggestion below.
Can you take a look now? I am not sure why the patch looked weird the first time around. I have cherry picked Ismeal's change but I had to fix some compilation errors so you will see couple more commits on top of his commit.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
-----------------------------------------------------------
On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 3, 2015, 12:36 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Addressing comments from Jun.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Various tweaks that make the code more readable
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Fixing compilation errors after cherry-pocking.
>
>
> Removing FIXME.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
> On Sept. 2, 2015, 11:13 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 676
> > <https://reviews.apache.org/r/34492/diff/15/?file=1062726#file1062726line676>
> >
> > Could we change the test to the following to make it more consistent with the rest of places where we test authorization?
> >
> > if (! authorizer.map(az => az.authorize(request.session, Read, new Resource(ConsumerGroup, consumerMetadataRequest.group))).getOrElse(true))
By the way, the changes in the commit I suggested solve this issue too. Parth hasn't included them yet.
- Ismael
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
-----------------------------------------------------------
On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 2, 2015, 9:50 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 039c7eb919edeedbf8f1342c6e2fdf4736e224cd
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97554
-----------------------------------------------------------
Hmm, did you attach the right patch? It doesn't seem to apply to trunk and my last round of minor comments didn't seem to get addressed. Also, one more suggestion below.
core/src/main/scala/kafka/server/KafkaApis.scala (line 675)
<https://reviews.apache.org/r/34492/#comment153549>
Could we change the test to the following to make it more consistent with the rest of places where we test authorization?
if (! authorizer.map(az => az.authorize(request.session, Read, new Resource(ConsumerGroup, consumerMetadataRequest.group))).getOrElse(true))
core/src/main/scala/kafka/server/KafkaApis.scala (line 739)
<https://reviews.apache.org/r/34492/#comment153554>
Ditto as the above.
- Jun Rao
On Sept. 2, 2015, 9:50 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 2, 2015, 9:50 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 039c7eb919edeedbf8f1342c6e2fdf4736e224cd
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Sept. 2, 2015, 9:50 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Conflicts:
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala
Making Acl structure take only one principal, operation and host.
Merge remote-tracking branch 'origin/trunk' into az
Reverting uninteded new line change.
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 039c7eb919edeedbf8f1342c6e2fdf4736e224cd
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/common/ErrorMapping.scala, lines 55-57
> > <https://reviews.apache.org/r/34492/diff/14/?file=1061760#file1061760line55>
> >
> > Could you add the missing error cords 23-28 in the comment?
copied the error constant from Error.java and added in comments. I am not sure if you already have a jira to actually fix this. If you do can you assign that to me? If you don't have a jira yet can I create one and assign it to myself?
> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 680
> > <https://reviews.apache.org/r/34492/diff/14/?file=1061767#file1061767line680>
> >
> > Unused val?
unused call given we agreed for offset topic creation we are not going to check for authorization.
> On Sept. 2, 2015, 4:36 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/server/KafkaServer.scala, line 187
> > <https://reviews.apache.org/r/34492/diff/14/?file=1061769#file1061769line187>
> >
> > space after if
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97466
-----------------------------------------------------------
On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 3, 2015, 12:36 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Addressing comments from Jun.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Various tweaks that make the code more readable
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Fixing compilation errors after cherry-pocking.
>
>
> Removing FIXME.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97466
-----------------------------------------------------------
Ship it!
Parth, thanks a lot for the latest patch. Overall, it looks pretty good. I only have a few minor comments below. Also, do you want to include the changes recommended by Ismael?
core/src/main/scala/kafka/common/ErrorMapping.scala (lines 54 - 56)
<https://reviews.apache.org/r/34492/#comment153340>
Could you add the missing error cords 23-28 in the comment?
core/src/main/scala/kafka/server/KafkaApis.scala (line 679)
<https://reviews.apache.org/r/34492/#comment153353>
Unused val?
core/src/main/scala/kafka/server/KafkaServer.scala (line 187)
<https://reviews.apache.org/r/34492/#comment153354>
space after if
- Jun Rao
On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 1, 2015, 10:36 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Sept. 2, 2015, 1:11 p.m., Ismael Juma wrote:
> > Hi Parth, I finally had a bit of time to look into this in more detail and I pushed a commit with my suggestions to make the `KafkaApis` code a bit more readable:
> >
> > https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154
> >
> > As you said, it's difficult to do much better given the lack of common interfaces.
> >
> > Please incorporate the changes if you agree. Also, note that I added a FIXME in one case where we don't seem to use the data produced by the `partition` call.
Cherry picked. The FIXME does not need any change if you see https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L195 it uses unauthorized partiton in constructing respoinse. where as the authorized part gets used https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L214 and https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L255 and the actual call back finally gets called here https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L273.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
-----------------------------------------------------------
On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 3, 2015, 12:36 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Addressing comments from Jun.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Various tweaks that make the code more readable
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Fixing compilation errors after cherry-pocking.
>
>
> Removing FIXME.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
> On Sept. 2, 2015, 1:11 p.m., Ismael Juma wrote:
> > Hi Parth, I finally had a bit of time to look into this in more detail and I pushed a commit with my suggestions to make the `KafkaApis` code a bit more readable:
> >
> > https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154
> >
> > As you said, it's difficult to do much better given the lack of common interfaces.
> >
> > Please incorporate the changes if you agree. Also, note that I added a FIXME in one case where we don't seem to use the data produced by the `partition` call.
>
> Parth Brahmbhatt wrote:
> Cherry picked. The FIXME does not need any change if you see https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L195 it uses unauthorized partiton in constructing respoinse. where as the authorized part gets used https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L214 and https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L255 and the actual call back finally gets called here https://github.com/Parth-Brahmbhatt/kafka/blob/az/core/src/main/scala/kafka/server/KafkaApis.scala#L273.
Thanks for cherry-picking the changes. Regarding the FIXME, indeed my bad (tricked by IntelliJ's unused field syntax highlighting). I realised my mistake once you posted the updated patch a few minutes ago. :)
- Ismael
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
-----------------------------------------------------------
On Sept. 3, 2015, 12:36 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 3, 2015, 12:36 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Reverting uninteded new line change.
>
>
> Addressing comments from Jun.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
>
> Various tweaks that make the code more readable
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Fixing compilation errors after cherry-pocking.
>
>
> Removing FIXME.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java 641afa1b2474150fa1002e9fedca13ff55175a7e
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 756cf775cadbcaf01df7f691d8d01d9ff75db291
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97432
-----------------------------------------------------------
Hi Parth, I finally had a bit of time to look into this in more detail and I pushed a commit with my suggestions to make the `KafkaApis` code a bit more readable:
https://github.com/ijuma/kafka/commit/7737a9feb0c6d8cb4be3fe22992f8dc10b657154
As you said, it's difficult to do much better given the lack of common interfaces.
Please incorporate the changes if you agree. Also, note that I added a FIXME in one case where we don't seem to use the data produced by the `partition` call.
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java (line 10)
<https://reviews.apache.org/r/34492/#comment153309>
Was this change intended?
- Ismael Juma
On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 1, 2015, 10:36 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review97431
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 296)
<https://reviews.apache.org/r/34492/#comment153308>
Is this intentional?
- Ismael Juma
On Sept. 1, 2015, 10:36 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Sept. 1, 2015, 10:36 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
> Conflicts:
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
> core/src/main/scala/kafka/server/KafkaApis.scala
>
> Making Acl structure take only one principal, operation and host.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
> clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Sept. 1, 2015, 10:36 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Conflicts:
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala
Making Acl structure take only one principal, operation and host.
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
clients/src/main/java/org/apache/kafka/common/protocol/Errors.java e17e390c507eca0eba28a2763c0e35d66077d1f2
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Aug. 26, 2015, 9:29 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Conflicts:
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java
core/src/main/scala/kafka/server/KafkaApis.scala
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java 35d41685dd178bbdf77b2476e03ad51fc4adcbb6
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java b640ea0f4bdb694fc5524ef594aa125cc1ba4cf3
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala a3a8df0545c3f9390e0e04b8d2fab0134f5fd019
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Aug. 26, 2015, 12:59 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
Consolidating KafkaPrincipal.
Diffs (updated)
-----
clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java a3567af96e4f90d62587b31d5b14e7911ba9baf4
clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 277b6efb8cf4ad2c81fdcf694bf7c233e48cf214
clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Aug. 23, 2015, 9:29 p.m., Jun Rao wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 21
> > <https://reviews.apache.org/r/34492/diff/11/?file=1045205#file1045205line21>
> >
> > There is a java version of KafkaPrincipal. Could we consolidate?
consolidated. Converted Authorizer's principal to Java class and moved under client/common/security/auth. Let me know if I misunderstood what you meant by this comment.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96129
-----------------------------------------------------------
On Aug. 26, 2015, 12:59 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 26, 2015, 12:59 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Merge branch 'trunk' of http://git-wip-us.apache.org/repos/asf/kafka into az
>
>
> Consolidating KafkaPrincipal.
>
>
> Diffs
> -----
>
> clients/src/main/java/org/apache/kafka/common/network/PlaintextTransportLayer.java a3567af96e4f90d62587b31d5b14e7911ba9baf4
> clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java 277b6efb8cf4ad2c81fdcf694bf7c233e48cf214
> clients/src/test/java/org/apache/kafka/common/security/auth/KafkaPrincipalTest.java PRE-CREATION
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 17db4fa3c3a146f03a35dd7671ad1b06d122bb59
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review96129
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 21)
<https://reviews.apache.org/r/34492/#comment151366>
There is a java version of KafkaPrincipal. Could we consolidate?
- Jun Rao
On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2015, 6:27 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 0e7ba3ede78dbc995c404e0387a6be687703836a
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Aug. 20, 2015, 6:27 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Addressing Jun's comments.
Merge remote-tracking branch 'origin/trunk' into az
Conflicts:
core/src/main/scala/kafka/server/KafkaApis.scala
core/src/main/scala/kafka/server/KafkaServer.scala
Deleting KafkaConfigDefTest
Addressing comments from Ismael.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
core/src/main/scala/kafka/server/KafkaServer.scala 0e7ba3ede78dbc995c404e0387a6be687703836a
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Aug. 20, 2015, 10:30 a.m., Ismael Juma wrote:
> > One more thing: it may be a good idea to rebase against trunk since the large SSL/TLS patch has now been merged (not sure if there are any conflicts).
Done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95942
-----------------------------------------------------------
On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2015, 6:27 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 0e7ba3ede78dbc995c404e0387a6be687703836a
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95942
-----------------------------------------------------------
One more thing: it may be a good idea to rebase against trunk since the large SSL/TLS patch has now been merged (not sure if there are any conflicts).
- Ismael Juma
On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/network/RequestChannel.scala, line 48
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037026#file1037026line48>
> >
> > Normally one would use `Option[Session]` here. Are we using `null` due to efficiency concerns? Sorry if I am missing some context.
My bad, This class is not suppose to be part of this PR but the dependent jira. Removed this class.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037030#file1037030line42>
> >
> > Generally a good idea to set the result type for public methods. This makes it possible to change the underlying implementation without affecting binary compatibility. For example, here we may set the result type as `Seq[Operation]`, which would give us the option of changing the underlying implementation to `Vector` if that turned out to be better. In `Scala`, `List` is a concrete type unlike `Java`.
> >
> > Not sure what is the usual policy for Kafka though, would be useful to have some input from Jun. If we decide to change it, there are other places where the same comment would apply.
>
> Jun Rao wrote:
> We don't have a policy on that yet. I think explicitly defining return types in this case makes sense.
Fixed in Operation, PermissionType and ResourceType.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 24
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037032#file1037032line24>
> >
> > Nitpick: space before `:` should be removed.
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 25
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037029#file1037029line25>
> >
> > Nitpick: space before `:` should be removed.
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 116
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037027#file1037027line116>
> >
> > Nitpick: no need for `()` and space before `:` should be removed.
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line104>
> >
> > This code exists in 4 places, how about we introduce an method like:
> >
> > ```
> > def authorizeClusterAction(authorizer, request): Unit = {
> > if (authorizer.map(_.authorizer(request.session, ClusterAction, Resource.ClusterResource)).getOrElse(false))
> > throw new AuthorizationException(s"Request $request is not authorized.")
> > }
> > ```
> >
> > And then callers can just do (as an example):
> >
> > `authorizeClusterAction(authorizer, leaderAndIsrRequest)`
> >
> >
> > Am I missing something?
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, lines 189-192
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line189>
> >
> > Nitpick: space after `case`. There are a number of other cases like this.
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 549
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037034#file1037034line549>
> >
> > Nitpick: val instead of var.
I am actually changing these values later so they need to be vars.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 24
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037037#file1037037line24>
> >
> > We don't use `JUnit3Suite` anymore. Either use `JUnitSuite` or don't inherit from anything (we have both examples in the codebase now). This applies to all the tests. I noticed that Jun already mentioned this in another test.
Fixed.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 30
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037037#file1037037line30>
> >
> > @Test annotation is needed after you remove `JUnit3Suite`. This applies to all the tests.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
-----------------------------------------------------------
On Aug. 20, 2015, 6:27 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2015, 6:27 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Addressing Jun's comments.
>
>
> Merge remote-tracking branch 'origin/trunk' into az
>
> Conflicts:
> core/src/main/scala/kafka/server/KafkaApis.scala
> core/src/main/scala/kafka/server/KafkaServer.scala
>
> Deleting KafkaConfigDefTest
>
>
> Addressing comments from Ismael.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 67f0cad802f901f255825aa2158545d7f5e7cc3d
> core/src/main/scala/kafka/server/KafkaConfig.scala d547a01cf7098f216a3775e1e1901c5794e1b24c
> core/src/main/scala/kafka/server/KafkaServer.scala 0e7ba3ede78dbc995c404e0387a6be687703836a
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigTest.scala 3da666f73227fc7ef7093e3790546344065f6825
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Jun Rao <ju...@gmail.com>.
> On Aug. 20, 2015, 10:29 a.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > <https://reviews.apache.org/r/34492/diff/10/?file=1037030#file1037030line42>
> >
> > Generally a good idea to set the result type for public methods. This makes it possible to change the underlying implementation without affecting binary compatibility. For example, here we may set the result type as `Seq[Operation]`, which would give us the option of changing the underlying implementation to `Vector` if that turned out to be better. In `Scala`, `List` is a concrete type unlike `Java`.
> >
> > Not sure what is the usual policy for Kafka though, would be useful to have some input from Jun. If we decide to change it, there are other places where the same comment would apply.
We don't have a policy on that yet. I think explicitly defining return types in this case makes sense.
- Jun
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
-----------------------------------------------------------
On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review95934
-----------------------------------------------------------
Thanks for addressing the issues raised in the previous review. We are getting closer. I left a few comments (many of them minor style issues).
The important question for me is how can we make the authorization logic that is spread over many methods simpler by perhaps introducing some utility methods. I provided a suggestion for one of the cases, but I didn't spend the time to work it out for the `partition` case that is more important (and probably harder). I would be interested in your thoughts as you are more familiar with the code. I'd be happy to spend a bit more time on this to see if I can come up with something, if you prefer. Just let me know.
core/src/main/scala/kafka/network/RequestChannel.scala (line 48)
<https://reviews.apache.org/r/34492/#comment151127>
Normally one would use `Option[Session]` here. Are we using `null` due to efficiency concerns? Sorry if I am missing some context.
core/src/main/scala/kafka/security/auth/Acl.scala (line 116)
<https://reviews.apache.org/r/34492/#comment151130>
Nitpick: no need for `()` and space before `:` should be removed.
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 25)
<https://reviews.apache.org/r/34492/#comment151131>
Nitpick: space before `:` should be removed.
core/src/main/scala/kafka/security/auth/Operation.scala (line 42)
<https://reviews.apache.org/r/34492/#comment151129>
Generally a good idea to set the result type for public methods. This makes it possible to change the underlying implementation without affecting binary compatibility. For example, here we may set the result type as `Seq[Operation]`, which would give us the option of changing the underlying implementation to `Vector` if that turned out to be better. In `Scala`, `List` is a concrete type unlike `Java`.
Not sure what is the usual policy for Kafka though, would be useful to have some input from Jun. If we decide to change it, there are other places where the same comment would apply.
core/src/main/scala/kafka/security/auth/Resource.scala (line 24)
<https://reviews.apache.org/r/34492/#comment151132>
Nitpick: space before `:` should be removed.
core/src/main/scala/kafka/server/KafkaApis.scala (line 101)
<https://reviews.apache.org/r/34492/#comment151134>
This code exists in 4 places, how about we introduce an method like:
```
def authorizeClusterAction(authorizer, request): Unit = {
if (authorizer.map(_.authorizer(request.session, ClusterAction, Resource.ClusterResource)).getOrElse(false))
throw new AuthorizationException(s"Request $request is not authorized.")
}
```
And then callers can just do (as an example):
`authorizeClusterAction(authorizer, leaderAndIsrRequest)`
Am I missing something?
core/src/main/scala/kafka/server/KafkaApis.scala (lines 186 - 189)
<https://reviews.apache.org/r/34492/#comment151135>
Nitpick: space after `case`. There are a number of other cases like this.
core/src/main/scala/kafka/server/KafkaApis.scala (line 282)
<https://reviews.apache.org/r/34492/#comment151140>
We have a lot of these `partition` calls like this. Is there no way to extract a utility method so that the call is simpler and there is less duplication?
core/src/main/scala/kafka/server/KafkaApis.scala (line 545)
<https://reviews.apache.org/r/34492/#comment151141>
Nitpick: val instead of var.
core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 24)
<https://reviews.apache.org/r/34492/#comment151142>
We don't use `JUnit3Suite` anymore. Either use `JUnitSuite` or don't inherit from anything (we have both examples in the codebase now). This applies to all the tests. I noticed that Jun already mentioned this in another test.
core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 30)
<https://reviews.apache.org/r/34492/#comment151143>
@Test annotation is needed after you remove `JUnit3Suite`. This applies to all the tests.
- Ismael Juma
On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated Aug. 11, 2015, 1:32 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Now addressing Ismael's comments. Case sensitive checks.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/common/AuthorizationException.scala, line 24
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018318#file1018318line24>
> >
> > Exceptions without a message are discouraged, so I would remove the no-args constructor.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Authorizer.scala, line 64
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018321#file1018321line64>
> >
> > Should this be called `removeResource` instead? Good to avoid method overloads when possible.
its actually not removing the resource itself though, it is only removing acls attached to the acls. Want to avoid naming it somehting that will be misleading.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 26
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018322#file1018322line26>
> >
> > Type annotations are usually not used for local vals.
done for all classes under auth package.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 28
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018322#file1018322line28>
> >
> > Code contention: no braces for single expression.
again done for all classed under auth package.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 32
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018322#file1018322line32>
> >
> > This could be written in a nicer way like this:
> >
> > ```
> > str.split(Separator, 2) match {
> > case Array(principalType, name, _*) => new KafkaPrincipal(principalType, name)
> > case s => throw IllegalArgumentException(...)
> > }
> > ```
made changes at KafkaPrincipal and Resource.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 41
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018322#file1018322line41>
> >
> > If you make this a case class, you get decent `toString`, `equals` and `hashCode` by default. Also, the `val` is then not needed for the fields.
I have changed all the classes to case class. This basically means all the equalities are now case sensitive.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 38
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018323#file1018323line38>
> >
> > `find` is better than `filter` here as it stops once the match is found. Also, `headOption` is not needed then.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 42
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018323#file1018323line42>
> >
> > Code convention: no braces needed for single expression.
> >
> > Also, no need for `()` since there is no side-effect here.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 38
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018324#file1018324line38>
> >
> > Same points as the ones in `Operation`.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 22
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018325#file1018325line22>
> >
> > Space after `,`.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 31
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018325#file1018325line31>
> >
> > Same comments as in `KafkaPrincipal.fromString`.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/Resource.scala, line 41
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018325#file1018325line41>
> >
> > Make it a case class?
mixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/security/auth/ResourceType.scala, line 52
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018326#file1018326line52>
> >
> > Same comments as in `Operation`.
fixed.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/test/scala/unit/kafka/security/auth/AclTest.scala, line 44
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018330#file1018330line44>
> >
> > Type annotation is generally not needed for local `vals` (there are a number of instances of this).
Fixed all instances that I could find.
> On July 28, 2015, 5:18 p.m., Ismael Juma wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > <https://reviews.apache.org/r/34492/diff/9/?file=1018327#file1018327line104>
> >
> > In general, `Option.get` should be avoided. Instead of manually checking if it's defined, use safer methods. For example:
> >
> > ```authorizer.foreach { a =>
> > if (!a.authorize(...)
> > throw new ...
> > ```
> >
> > `filter`/`filterNot` could also be used before `foreach` instead of the `if`, but it doesn't give much in this case.
done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review93302
-----------------------------------------------------------
On Aug. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Aug. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Ismael Juma <mi...@juma.me.uk>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review93302
-----------------------------------------------------------
I did an initial pass and left some comments. Some of them are questions and a lot of them are around idiomatic Scala. I didn't go until the end because I was seeing similar issues to the ones I had already raised and I thought it would be better to wait for feedback before continuing.
core/src/main/scala/kafka/common/AuthorizationException.scala (line 24)
<https://reviews.apache.org/r/34492/#comment147676>
Exceptions without a message are discouraged, so I would remove the no-args constructor.
core/src/main/scala/kafka/security/auth/Authorizer.scala (line 64)
<https://reviews.apache.org/r/34492/#comment147678>
Should this be called `removeResource` instead? Good to avoid method overloads when possible.
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 26)
<https://reviews.apache.org/r/34492/#comment147679>
Type annotations are usually not used for local vals.
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 28)
<https://reviews.apache.org/r/34492/#comment147680>
Code contention: no braces for single expression.
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 32)
<https://reviews.apache.org/r/34492/#comment147681>
This could be written in a nicer way like this:
```
str.split(Separator, 2) match {
case Array(principalType, name, _*) => new KafkaPrincipal(principalType, name)
case s => throw IllegalArgumentException(...)
}
```
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 41)
<https://reviews.apache.org/r/34492/#comment147682>
If you make this a case class, you get decent `toString`, `equals` and `hashCode` by default. Also, the `val` is then not needed for the fields.
core/src/main/scala/kafka/security/auth/Operation.scala (line 38)
<https://reviews.apache.org/r/34492/#comment147684>
`find` is better than `filter` here as it stops once the match is found. Also, `headOption` is not needed then.
core/src/main/scala/kafka/security/auth/Operation.scala (line 42)
<https://reviews.apache.org/r/34492/#comment147683>
Code convention: no braces needed for single expression.
Also, no need for `()` since there is no side-effect here.
core/src/main/scala/kafka/security/auth/PermissionType.scala (line 38)
<https://reviews.apache.org/r/34492/#comment147685>
Same points as the ones in `Operation`.
core/src/main/scala/kafka/security/auth/Resource.scala (line 22)
<https://reviews.apache.org/r/34492/#comment147687>
Space after `,`.
core/src/main/scala/kafka/security/auth/Resource.scala (line 31)
<https://reviews.apache.org/r/34492/#comment147686>
Same comments as in `KafkaPrincipal.fromString`.
core/src/main/scala/kafka/security/auth/Resource.scala (line 41)
<https://reviews.apache.org/r/34492/#comment147688>
Make it a case class?
core/src/main/scala/kafka/security/auth/ResourceType.scala (line 52)
<https://reviews.apache.org/r/34492/#comment147689>
Same comments as in `Operation`.
core/src/main/scala/kafka/server/KafkaApis.scala (line 101)
<https://reviews.apache.org/r/34492/#comment147691>
In general, `Option.get` should be avoided. Instead of manually checking if it's defined, use safer methods. For example:
```authorizer.foreach { a =>
if (!a.authorize(...)
throw new ...
```
`filter`/`filterNot` could also be used before `foreach` instead of the `if`, but it doesn't give much in this case.
core/src/main/scala/kafka/server/KafkaApis.scala (line 164)
<https://reviews.apache.org/r/34492/#comment147692>
This code is duplicated in a number of places, can we not extract it into a method?
core/src/main/scala/kafka/server/KafkaApis.scala (line 185)
<https://reviews.apache.org/r/34492/#comment147695>
Use `case` like in the `requestInfo.filter` call to make the code more readable. Also good to avoid `Option.get` as mentioned above.
core/src/main/scala/kafka/server/KafkaApis.scala (line 341)
<https://reviews.apache.org/r/34492/#comment147696>
Use `map` or `fold` instead of `Option.get`.
core/src/test/scala/unit/kafka/security/auth/AclTest.scala (line 44)
<https://reviews.apache.org/r/34492/#comment147698>
Type annotation is generally not needed for local `vals` (there are a number of instances of this).
- Ismael Juma
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated July 22, 2015, 12:08 a.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Addressing more comments.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 2:15 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 21
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017300#file1017300line21>
> >
> > Just kidding, please remove it.
removed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92361
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92361
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/PermissionType.scala (line 21)
<https://reviews.apache.org/r/34492/#comment146492>
Just kidding, please remove it.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:30 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 71
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017296#file1017296line71>
> >
> > Disclaimer: I am not claiming that you should change the code commented here.
> >
> > Okay, for getting rid of the dreaded ``collection.mutable.HashSet[Acl]()``, you have two options, afaik:
> >
> > 1. use ``(for (i <- list) yield i).toSet``. In the current code it would be something like:
> >
> > ```
> > val acls = (for (item <- aclSet) {
> > val principals: List[KafkaPrincipal] = item(PrincipalKey).asInstanceOf[List[String]].map(principal => KafkaPrincipal.fromString(principal))
> > val permissionType: PermissionType = PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
> > val operations: List[Operation] = item(OperationKey).asInstanceOf[List[String]].map(operation => Operation.fromString(operation))
> > val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]
> >
> > yield new Acl(principals.toSet, permissionType, hosts.toSet, operations.toSet)
> > }).toSet
> > ```
> >
> > The surrounding parenthesis around the ``for`` comprehesion are important as ``yield`` would return the same Collection type from aclSet (a List in this case).
> >
> >
> > 2. To use a (private) helper recursive function like, for example:
> >
> > ```
> > private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
> > list match {
> > case item::tail => {
> >
> > // L#72 - L#75 processing over `item`
> >
> > Set(new Acl(...)) ++ listToSet(tail)
> > }
> > case Nil => Set.empty[Acl]
> > }
> > }
> > ```
> >
> > can call it from ``fromJson`` on ``aclSet`` instead of doing a ``foreach``.
> >
> >
> > In fact, most of lines L#72 - L#75 are composed of Lists that eventually get converted to set (principals, hosts, operations and acls), so you could "generify" the helper function above, so that you could pass a 'convertion' function, but here I am wary of the complexity of the code starting to outweight the benefits (?) of not using mutable data structures... Nevertheless, it would look like:
> >
> > ```
> > def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
> > list match {
> > case head::tail => Set(f(head)) ++ listToSet(tail, f)
> > case Nil => Set.empty[K]
> > }
> > }
> > ```
I haven't changed it for now dont really think to .toSet will be that bad.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
> On Julho 21, 2015, 1:30 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 71
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017296#file1017296line71>
> >
> > Disclaimer: I am not claiming that you should change the code commented here.
> >
> > Okay, for getting rid of the dreaded ``collection.mutable.HashSet[Acl]()``, you have two options, afaik:
> >
> > 1. use ``(for (i <- list) yield i).toSet``. In the current code it would be something like:
> >
> > ```
> > val acls = (for (item <- aclSet) {
> > val principals: List[KafkaPrincipal] = item(PrincipalKey).asInstanceOf[List[String]].map(principal => KafkaPrincipal.fromString(principal))
> > val permissionType: PermissionType = PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
> > val operations: List[Operation] = item(OperationKey).asInstanceOf[List[String]].map(operation => Operation.fromString(operation))
> > val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]
> >
> > yield new Acl(principals.toSet, permissionType, hosts.toSet, operations.toSet)
> > }).toSet
> > ```
> >
> > The surrounding parenthesis around the ``for`` comprehesion are important as ``yield`` would return the same Collection type from aclSet (a List in this case).
> >
> >
> > 2. To use a (private) helper recursive function like, for example:
> >
> > ```
> > private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
> > list match {
> > case item::tail => {
> >
> > // L#72 - L#75 processing over `item`
> >
> > Set(new Acl(...)) ++ listToSet(tail)
> > }
> > case Nil => Set.empty[Acl]
> > }
> > }
> > ```
> >
> > can call it from ``fromJson`` on ``aclSet`` instead of doing a ``foreach``.
> >
> >
> > In fact, most of lines L#72 - L#75 are composed of Lists that eventually get converted to set (principals, hosts, operations and acls), so you could "generify" the helper function above, so that you could pass a 'convertion' function, but here I am wary of the complexity of the code starting to outweight the benefits (?) of not using mutable data structures... Nevertheless, it would look like:
> >
> > ```
> > def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
> > list match {
> > case head::tail => Set(f(head)) ++ listToSet(tail, f)
> > case Nil => Set.empty[K]
> > }
> > }
> > ```
>
> Parth Brahmbhatt wrote:
> I haven't changed it for now dont really think to .toSet will be that bad.
Agree! All the other options leave the code more obfuscated than it needs to be, imo. Only if there was some strict code guideline to use "pure" Functional Programming we would need to resort to one of those options I described.
- Edward
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
-----------------------------------------------------------
On Ago. 11, 2015, 1:32 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated Ago. 11, 2015, 1:32 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Now addressing Ismael's comments. Case sensitive checks.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/network/RequestChannel.scala 20741281dcaa76374ea6f86a2185dad27b515339
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 7ea509c2c41acc00430c74e025e069a833aac4e7
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 84d4730ac634f9a5bf12a656e422fea03ad72da8
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala PRE-CREATION
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92345
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 71)
<https://reviews.apache.org/r/34492/#comment146470>
Disclaimer: I am not claiming that you should change the code commented here.
Okay, for getting rid of the dreaded ``collection.mutable.HashSet[Acl]()``, you have two options, afaik:
1. use ``(for (i <- list) yield i).toSet``. In the current code it would be something like:
```
val acls = (for (item <- aclSet) {
val principals: List[KafkaPrincipal] = item(PrincipalKey).asInstanceOf[List[String]].map(principal => KafkaPrincipal.fromString(principal))
val permissionType: PermissionType = PermissionType.fromString(item(PermissionTypeKey).asInstanceOf[String])
val operations: List[Operation] = item(OperationKey).asInstanceOf[List[String]].map(operation => Operation.fromString(operation))
val hosts: List[String] = item(HostsKey).asInstanceOf[List[String]]
yield new Acl(principals.toSet, permissionType, hosts.toSet, operations.toSet)
}).toSet
```
The surrounding parenthesis around the ``for`` comprehesion are important as ``yield`` would return the same Collection type from aclSet (a List in this case).
2. To use a (private) helper recursive function like, for example:
```
private def listToSet(list: List[Map[String, Any]]): Set[Acl] = {
list match {
case item::tail => {
// L#72 - L#75 processing over `item`
Set(new Acl(...)) ++ listToSet(tail)
}
case Nil => Set.empty[Acl]
}
}
```
can call it from ``fromJson`` on ``aclSet`` instead of doing a ``foreach``.
In fact, most of lines L#72 - L#75 are composed of Lists that eventually get converted to set (principals, hosts, operations and acls), so you could "generify" the helper function above, so that you could pass a 'convertion' function, but here I am wary of the complexity of the code starting to outweight the benefits (?) of not using mutable data structures... Nevertheless, it would look like:
```
def listToSet[T,K](list: List[T], f: T => K): Set[K] = {
list match {
case head::tail => Set(f(head)) ++ listToSet(tail, f)
case Nil => Set.empty[K]
}
}
```
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 55
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017298#file1017298line55>
> >
> > the parenthesis after the ``!`` is not required.
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92352
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92352
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 55)
<https://reviews.apache.org/r/34492/#comment146483>
the parenthesis after the ``!`` is not required.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:55 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 43
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017299#file1017299line43>
> >
> > The ``return`` here is redundant.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92354
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92354
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Operation.scala (line 43)
<https://reviews.apache.org/r/34492/#comment146485>
The ``return`` here is redundant.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 12:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 86
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017296#file1017296line86>
> >
> > It's better to return None here, no?
Can't return None or nil where a Map[String, Any] is expected :-(.
> On July 21, 2015, 12:49 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 104
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line104>
> >
> > Please, put a space between ``if`` and ``(``.
done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92341
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92341
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 86)
<https://reviews.apache.org/r/34492/#comment146448>
It's better to return None here, no?
core/src/main/scala/kafka/server/KafkaApis.scala (line 101)
<https://reviews.apache.org/r/34492/#comment146449>
Please, put a space between ``if`` and ``(``.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:47 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 86
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017296#file1017296line86>
> >
> > Or maybe an Map.empty[String, Any]
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92351
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92351
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 86)
<https://reviews.apache.org/r/34492/#comment146482>
Or maybe an Map.empty[String, Any]
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 2:09 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 166
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line166>
> >
> > Please, put a space between ``if`` and ``(``.
Fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92358
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92358
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 163)
<https://reviews.apache.org/r/34492/#comment146489>
Please, put a space between ``if`` and ``(``.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:40 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 136
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017296#file1017296line136>
> >
> > The return is redundant here.
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92349
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92349
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 136)
<https://reviews.apache.org/r/34492/#comment146479>
The return is redundant here.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:50 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala, line 28
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017298#file1017298line28>
> >
> > Please, put a space between ``if`` and ``(``.
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92353
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92353
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala (line 28)
<https://reviews.apache.org/r/34492/#comment146484>
Please, put a space between ``if`` and ``(``.
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:37 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/PermissionType.scala, line 47
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017300#file1017300line47>
> >
> > The ``return`` here is redundant. In fact the L#46 - L#48 could be rewritten as either:
> >
> > ```
> > def values() : List[PermissionType] = {
> > List(Allow, Deny)
> > }
> > ```
> >
> > or just
> >
> > ```
> > def values = List(Allow, Deny)
> > ```
> >
> > please, check with the committers what they prefer. In any case the return is a unnecessary. ;)
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92347
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92347
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/PermissionType.scala (line 47)
<https://reviews.apache.org/r/34492/#comment146474>
The ``return`` here is redundant. In fact the L#46 - L#48 could be rewritten as either:
```
def values() : List[PermissionType] = {
List(Allow, Deny)
}
```
or just
```
def values = List(Allow, Deny)
```
please, check with the committers what they prefer. In any case the return is a unnecessary. ;)
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 21, 2015, 1:43 a.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/server/KafkaApis.scala, line 624
> > <https://reviews.apache.org/r/34492/diff/8/?file=1017303#file1017303line624>
> >
> > Lines L#620 and L#621 could be merged (with a &&) into a single if-condition. No need for nested if-conditions here. ;-)
fixed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92350
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review92350
-----------------------------------------------------------
core/src/main/scala/kafka/server/KafkaApis.scala (line 620)
<https://reviews.apache.org/r/34492/#comment146481>
Lines L#620 and L#621 could be merged (with a &&) into a single if-condition. No need for nested if-conditions here. ;-)
- Edward Ribeiro
On July 20, 2015, 11:42 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 20, 2015, 11:42 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated July 20, 2015, 11:42 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Addressing more comments from Jun.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 14, 2015, 11:26 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Acl.scala, line 110
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011771#file1011771line110>
> >
> > As the values are fixed you could have written toMap() as below so that we can save ourselves from creating a mutable Map just to convert it to an immutable Map at the end:
> >
> > def toMap() : Map[String, Any] = {
> > Map(Acl.PrincipalKey -> principals.map(principal => principal.toString),
> > Acl.PermissionTypeKey -> permissionType.name),
> > Acl.OperationKey -> operations.map(operation => operation.name),
> > Acl.HostsKey -> hosts)
> > }
Done.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91679
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91679
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Acl.scala (line 110)
<https://reviews.apache.org/r/34492/#comment145246>
As the values are fixed you could have written toMap() as below so that we can save ourselves from creating a mutable Map just to convert it to an immutable Map at the end:
def toMap() : Map[String, Any] = {
Map(Acl.PrincipalKey -> principals.map(principal => principal.toString),
Acl.PermissionTypeKey -> permissionType.name),
Acl.OperationKey -> operations.map(operation => operation.name),
Acl.HostsKey -> hosts)
}
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
> On July 14, 2015, 10:59 p.m., Edward Ribeiro wrote:
> > core/src/main/scala/kafka/security/auth/Operation.scala, line 35
> > <https://reviews.apache.org/r/34492/diff/7/?file=1011774#file1011774line35>
> >
> > Scala's match is a powerful mechanism but using it to decode as below seems boilterplate-ish. Why not use something like:
> >
> > def fromString(operation: String): Operation = {
> > val op = values().filter(_.name.equalsIgnoreCase(operation)).headOption
> > op match {
> > Some(x) => x
> > }
> > }
> >
> > or even:
> >
> > def fromString(operation: String): Operation = {
> > val Some(op) = values().filter(_.name.equalsIgnoreCase(operation)).headOption
> > op
> > }
new to the whole scala thing and so I still find some of these options too cryptic to read but I am going to assume you know the idioms better than me. Changed it to second option you proposed.
- Parth
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91671
-----------------------------------------------------------
On July 22, 2015, 12:08 a.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 22, 2015, 12:08 a.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Addressing more comments from Jun.
>
>
> Addressing more comments.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/OperationTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/PermissionTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTypeTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 04a02e08a54139ee1a298c5354731bae009efef3
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Edward Ribeiro <ed...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/#review91671
-----------------------------------------------------------
core/src/main/scala/kafka/security/auth/Operation.scala (line 35)
<https://reviews.apache.org/r/34492/#comment145238>
Scala's match is a powerful mechanism but using it to decode as below seems boilterplate-ish. Why not use something like:
def fromString(operation: String): Operation = {
val op = values().filter(_.name.equalsIgnoreCase(operation)).headOption
op match {
Some(x) => x
}
}
or even:
def fromString(operation: String): Operation = {
val Some(op) = values().filter(_.name.equalsIgnoreCase(operation)).headOption
op
}
- Edward Ribeiro
On July 14, 2015, 9:13 p.m., Parth Brahmbhatt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34492/
> -----------------------------------------------------------
>
> (Updated July 14, 2015, 9:13 p.m.)
>
>
> Review request for kafka.
>
>
> Bugs: KAFKA-2210
> https://issues.apache.org/jira/browse/KAFKA-2210
>
>
> Repository: kafka
>
>
> Description
> -------
>
> Addressing review comments from Jun.
>
>
> Adding CREATE check for offset topic only if the topic does not exist already.
>
>
> Addressing some more comments.
>
>
> Removing acl.json file
>
>
> Moving PermissionType to trait instead of enum. Following the convention for defining constants.
>
>
> Adding authorizer.config.path back.
>
>
> Diffs
> -----
>
> core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
> core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
> core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
> core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
> core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
> core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
> core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
> core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
> core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
> core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
>
> Diff: https://reviews.apache.org/r/34492/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Parth Brahmbhatt
>
>
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated July 14, 2015, 9:13 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt
Re: Review Request 34492: Patch for KAFKA-2210
Posted by Parth Brahmbhatt <br...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34492/
-----------------------------------------------------------
(Updated July 14, 2015, 5:02 p.m.)
Review request for kafka.
Bugs: KAFKA-2210
https://issues.apache.org/jira/browse/KAFKA-2210
Repository: kafka
Description (updated)
-------
Addressing review comments from Jun.
Adding CREATE check for offset topic only if the topic does not exist already.
Addressing some more comments.
Removing acl.json file
Moving PermissionType to trait instead of enum. Following the convention for defining constants.
Adding authorizer.config.path back.
Diffs (updated)
-----
core/src/main/scala/kafka/api/OffsetRequest.scala f418868046f7c99aefdccd9956541a0cb72b1500
core/src/main/scala/kafka/common/AuthorizationException.scala PRE-CREATION
core/src/main/scala/kafka/common/ErrorMapping.scala c75c68589681b2c9d6eba2b440ce5e58cddf6370
core/src/main/scala/kafka/security/auth/Acl.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Authorizer.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/KafkaPrincipal.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Operation.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/PermissionType.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/Resource.scala PRE-CREATION
core/src/main/scala/kafka/security/auth/ResourceType.scala PRE-CREATION
core/src/main/scala/kafka/server/KafkaApis.scala 18f5b5b895af1469876b2223841fd90a2dd255e0
core/src/main/scala/kafka/server/KafkaConfig.scala dbe170f87331f43e2dc30165080d2cb7dfe5fdbf
core/src/main/scala/kafka/server/KafkaServer.scala 18917bc4464b9403b16d85d20c3fd4c24893d1d3
core/src/test/scala/unit/kafka/security/auth/AclTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/KafkaPrincipalTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/security/auth/ResourceTest.scala PRE-CREATION
core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala 98a5b042a710d3c1064b0379db1d152efc9eabee
Diff: https://reviews.apache.org/r/34492/diff/
Testing
-------
Thanks,
Parth Brahmbhatt