kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Yu <yuzhih...@gmail.com>
Subject Re: [DISCUSS] KIP-231: Improve the Required ACL of ListGroups API
Date Mon, 04 Dec 2017 22:01:29 GMT
I agree with Dong on maintaining the semantics.

The user should know which group(s) he / she is allowed to describe.

Cheers

On Mon, Dec 4, 2017 at 1:40 PM, Dong Lin <lindong28@gmail.com> wrote:

> Hey Vahid,
>
> Thanks for the KIP. If I understand the you correctly, you want client to
> be able to list all the groups for which it currently has the describe
> access.
>
> As of now the ListGroupRequest does not allow user to specify the group. If
> user does not have the Describe Cluster access, ListGroupResponse will
> return error. This KIP proposes to change the semantics of
> ListGroupsResponse such that ListGroupResponse will return the subset of
> groups for which the user has the Describe access. And if the does not have
> Describe access to any group, ListGroupResponse will return an empty list
> with no error.
>
> In my opinion this changes the semantics of ListGroupsResponse in a
> counter-intuitive way. Usually we use the ACL to determine whether the
> operation on the specified object can be performed or not. The response
> should provide either an error message or the result for the specified
> object. I couldn't remember a case where the ACL is used to filter the
> result without providing error. Do you think this could be a problem for
> this KIP?
>
> Thanks,
> Dong
>
>
> On Wed, Nov 29, 2017 at 3:18 PM, Vahid S Hashemian <
> vahidhashemian@us.ibm.com> wrote:
>
> > Completing the subject line :)
> >
> >
> >
> > From:   "Vahid S Hashemian" <vahidhashemian@us.ibm.com>
> > To:     dev <dev@kafka.apache.org>
> > Date:   11/29/2017 03:17 PM
> > Subject:        [DISCUSS] KIP-231:
> >
> >
> >
> > Hi everyone,
> >
> > I started KIP-231 to propose a small change to the required ACL of
> > ListGroups API (in response to KAFKA-5638):
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__cwiki.a
> > pache.org_confluence_display_KAFKA_KIP-2D231-253A-2BImprove-
> > 2Bthe-2BRequired-2BACL-2Bof-2BListGroups-2BAPI&d=DwIFAg&c=
> > jf_iaSHvJObTbx-siA1ZOg&r=Q_itwloTQj3_xUKl7Nzswo6KE4Nj-kjJ
> > c7uSVcviKUc&m=XjHVTsIl7t-z0NBesB0U-ptMMm6mmpy3UqS8TjJM5yM&s=
> > eu378oaLvC0Wzbfcz15Rwo4nqdrO11ENLK6v9Kq9Z6w&e=
> >
> > Your feedback and suggestions are welcome!
> >
> > Thanks.
> > --Vahid
> >
> >
> >
> >
> >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message