Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KAFKA-8760; New Java Authorizer API (KIP-504) #7268

Merged
merged 3 commits into from Sep 2, 2019
Merged

KAFKA-8760; New Java Authorizer API (KIP-504) #7268

merged 3 commits into from Sep 2, 2019

Conversation

rajinisivaram
Copy link
Contributor

New Java Authorizer API and a new out-of-the-box authorizer that implements the new interface.

Committer Checklist (excluded from commit message)

  • Verify design and implementation
  • Verify test coverage and CI build status
  • Verify documentation (including upgrade notes)

omkreddy
omkreddy reviewed Aug 30, 2019
View reviewed changes
core/src/main/scala/kafka/server/KafkaApis.scala Outdated
def authorizeTopicDescribe(partition: TopicPartition) =
authorize(request.session, Describe, Resource(Topic, partition.topic, LITERAL))
def partitionAuthorized[T](elements: List[T], topic: T => String): (Seq[T], Seq[T]) = {
val authorizedTopics = filterAuthorized(request, DESCRIBE, TOPIC, elements.toList.map(topic))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: elements.toList.map(topic) => elements.map(topic)

core/src/test/scala/unit/kafka/security/authorizer/AclAuthorizerTest.scala Outdated

@Test
def testNoAclFound(): Unit = {
assertFalse("when acls = [], authorizer should deny op.",authorize(aclAuthorizer, requestContext, READ, resource))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: missing space between arguments

core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala Outdated
val ZkUrlProp = AclAuthorizer.ZkUrlProp
val ZkConnectionTimeOutProp = AclAuthorizer.ZkConnectionTimeOutProp
val ZkSessionTimeOutProp = AclAuthorizer.ZkSessionTimeOutProp
val ZkMaxInFlightRequests = AclAuthorizer.ZkSessionTimeOutProp
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AclAuthorizer.ZkSessionTimeOutProp => AclAuthorizer.ZkMaxInFlightRequests

omkreddy
omkreddy reviewed Sep 2, 2019
View reviewed changes
core/src/test/scala/unit/kafka/security/authorizer/AclAuthorizerTest.scala Outdated
}

@Test(expected = classOf[IllegalArgumentException])
def testAuthorizeThrowsOnNoneLiteralResource(): Unit = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: testAuthorizeThrowsOnNoneLiteralResource => testAuthorizeThrowsOnNonLiteralResource

@rajinisivaram
Copy link
Contributor Author

@omkreddy Thanks for the review, updated the PR.

@omkreddy
Copy link
Contributor

omkreddy commented Sep 2, 2019

@rajinisivaram Thanks for the PR. LGTM.

@rajinisivaram
Copy link
Contributor Author

@omkreddy Thanks for the review, merging to trunk.

@rajinisivaram rajinisivaram merged commit 3647948 into apache:trunk Sep 2, 2019
ijuma
ijuma reviewed Sep 2, 2019
View reviewed changes
clients/src/main/java/org/apache/kafka/server/authorizer/AclCreateResult.java
* Returns any exception during create. If exception is null, the request has succeeded.
*/
public ApiException exception() {
return exception;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we consider using Optional here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, opened another PR for this: #7294

ijuma
ijuma reviewed Sep 2, 2019
View reviewed changes
clients/src/main/java/org/apache/kafka/server/authorizer/AclCreateResult.java

private final ApiException exception;

public AclCreateResult() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be private given SUCCESS?

@rajinisivaram rajinisivaram mentioned this pull request Sep 4, 2019
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ijuma ijuma ijuma left review comments

@omkreddy omkreddy omkreddy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@rajinisivaram @omkreddy @ijuma