You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by cmccabe <gi...@git.apache.org> on 2017/06/06 01:26:20 UTC
[GitHub] kafka pull request #3240: KAFKA-5292. Fix authorization checks in AdminClien...
GitHub user cmccabe opened a pull request:
https://github.com/apache/kafka/pull/3240
KAFKA-5292. Fix authorization checks in AdminClient
* NetworkClient.java: when trace logging is enabled, show AbstractResponse Struct objects, rather than just a memory address of the AbstractResponse.
* AclOperation.java: add documentation of what ACLs imply other ACLs.
* Resource.java: add CLUSTER, CLUSTER_NAME constants.
* Reconcile the Java and Scala classes for ResourceType, OperationType, etc. Add unit tests to ensure they can be converted to each other.
* AclCommand.scala: we should be able to apply ACLs containing Alter and Describe operations to Cluster resources.
* SimpleAclAuthorizer: update the authorizer to handle the ACL inheritance rules described in AclOperation.java.
* KafkaApis.scala: update createAcls and deleteAcls to use ALTER on CLUSTER, as described in the KIP. describeAcls should use DESCRIBE on CLUSTER. Use fromJava methods instead of fromString methods to convert from Java objects to Scala ones.
* SaslSslAdminClientIntegrationTest.scala: do not use AllowEveryoneIfNoAclIsFound. Add a configureSecurityBeforeServerStart hook which installs the ACLs necessary for the tests. Add a test of ACL authorization ALLOW and DENY functionality.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/cmccabe/kafka KAFKA-5292
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/3240.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3240
----
commit 4efd292d80a2e073401d6aedb8c97c6bd6617030
Author: Colin P. Mccabe <cm...@confluent.io>
Date: 2017-06-06T01:24:51Z
KAFKA-5292. Fix authorization checks in AdminClient
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] kafka pull request #3240: KAFKA-5292. Fix authorization checks in AdminClien...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/kafka/pull/3240
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---