You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Colin P. McCabe (JIRA)" <ji...@apache.org> on 2017/06/06 01:25:12 UTC
[jira] [Commented] (KAFKA-5292) Fix authorization checks in
AdminClient
[ https://issues.apache.org/jira/browse/KAFKA-5292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16037938#comment-16037938 ]
Colin P. McCabe commented on KAFKA-5292:
----------------------------------------
* NetworkClient.java: when trace logging is enabled, show AbstractResponse Struct objects, rather than just a memory address of the AbstractResponse.
* AclOperation.java: add documentation of what ACLs imply other ACLs.
* Resource.java: add CLUSTER, CLUSTER_NAME constants.
* Reconcile the Java and Scala classes for ResourceType, OperationType, etc. Add unit tests to ensure they can be converted to each other.
* AclCommand.scala: we should be able to apply ACLs containing Alter and Describe operations to Cluster resources.
* SimpleAclAuthorizer: update the authorizer to handle the ACL inheritance rules described in AclOperation.java.
* KafkaApis.scala: update createAcls and deleteAcls to use ALTER on CLUSTER, as described in the KIP. describeAcls should use DESCRIBE on CLUSTER. Use fromJava methods instead of fromString methods to convert from Java objects to Scala ones.
* SaslSslAdminClientIntegrationTest.scala: do not use AllowEveryoneIfNoAclIsFound. Add a configureSecurityBeforeServerStart hook which installs the ACLs necessary for the tests. Add a test of ACL authorization ALLOW and DENY functionality.
> Fix authorization checks in AdminClient
> ---------------------------------------
>
> Key: KAFKA-5292
> URL: https://issues.apache.org/jira/browse/KAFKA-5292
> Project: Kafka
> Issue Type: Sub-task
> Reporter: Ismael Juma
> Assignee: Colin P. McCabe
> Priority: Critical
> Fix For: 0.11.0.0
>
>
> Fix authorization checks in AdminClient.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)