From dev-return-101804-archive-asf-public=cust-asf.ponee.io@kafka.apache.org Fri Feb 15 09:28:45 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 54036180651 for ; Fri, 15 Feb 2019 10:28:44 +0100 (CET) Received: (qmail 28742 invoked by uid 500); 15 Feb 2019 09:28:42 -0000 Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kafka.apache.org Delivered-To: mailing list dev@kafka.apache.org Received: (qmail 28730 invoked by uid 99); 15 Feb 2019 09:28:41 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Feb 2019 09:28:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 48A9CC68EF for ; Fri, 15 Feb 2019 09:28:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.798 X-Spam-Level: ** X-Spam-Status: No, score=2.798 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 0OqlZ5VwHqFT for ; Fri, 15 Feb 2019 09:28:38 +0000 (UTC) Received: from mail-it1-f177.google.com (mail-it1-f177.google.com [209.85.166.177]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 4957B6242C for ; Fri, 15 Feb 2019 09:28:38 +0000 (UTC) Received: by mail-it1-f177.google.com with SMTP id z9so20737240itc.4 for ; Fri, 15 Feb 2019 01:28:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Wo/Eoq+j+zvif7j0mAwpQg7d2jLaZIAPDMY9u++TghE=; b=ARptQyHnSwmgijl/AmRqiSeZu2FSo23eecPYoD4m8RO63U8G5ToXQH7DUVwF2vbsOm VnsKpyRQ5LDIQCkQ8y3DIj09je+3MhKj6hFRXDavRLbtDuTypekgya01A3mq8JGhg5rM iPHEFmV90i4aOB96PKAipbqNCjp3dRCYUhxtkaBOAkTcFbMHXRtOVaGo91qLX86xPlxc JWugEubx3VhUF9lTWLd0e/4Ly1o51O9jg0c7gwcWdUb8X6pD+ZtVeXhUb4YG1V9ASmWw KLTWQhN850JxrnIrilyXTmFluyPSPyLg2k45noiazqQ9sFzZ9yMct/RC1h+SecZEXPkM r4gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Wo/Eoq+j+zvif7j0mAwpQg7d2jLaZIAPDMY9u++TghE=; b=hMUAG4Z7uPpbluXzioGSGK+AIszux/HH3LghJHMZCIGJ69X3m/1mf9EDTZvT4KQEVp pSM+eQ8GjD3/rlUsADKePTsB0ORHCttWDk438f6Z1czIeSvb/MtZe9jpWIQkcCHaL4pD iC8KNYhGlK6NV/+8vRcv57oC6w4LSl8VRdQj1g2SpyBDAkx6Aark/pWq7i+Cnoh2T1q4 7/YSbhHRshVsTf6d0lPuV/nkbQLRWt6oQE+fHfuI4X3H2l+m5EjNa7WX9HGiwQOU/w5L tMbkLMeM6TaGTJcoSSWEMhqtW4R9HXlT2Pbf+727LMY2pxihccxTn6YDBWyAOKdnSpOs rOuQ== X-Gm-Message-State: AHQUAuZseFFgqSwZuhlScjWk0PmmLkt4ByqqxMXxNUEx4PqZnbXaswdf aqsFteBEvzumRfVLqX/uHR8GLfJIJzpyQurng0g= X-Google-Smtp-Source: AHgI3IbAXTrNGIWpsAT4GIYg5jE2YNkXxQO3/0VTXazrteyBAQW6uW7Wz1YNGnUMliXj6XWUFwHGA9k+IahZrxGpoo8= X-Received: by 2002:a5e:9412:: with SMTP id q18mr4963499ioj.233.1550222917025; Fri, 15 Feb 2019 01:28:37 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Viktor Somogyi-Vass Date: Fri, 15 Feb 2019 10:28:26 +0100 Message-ID: Subject: Re: [DISCUSSION] KIP-422: Add support for user/client configuration in the Kafka Admin Client To: Jun Rao Cc: dev Content-Type: multipart/alternative; boundary="0000000000004ac3d00581eb666c" --0000000000004ac3d00581eb666c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Guys, I wanted to reject that KIP, split it up and revamp it as in the meantime there were some overlapping works I just didn't get to it due to other higher priority work. One of the splitted KIPs would have been the quota part of that and I'd be happy if that lived in this KIP if Yaodong thinks it's worth to incorporate. I'd be also happy to rebase that wire protocol and contribute it to this KIP. Viktor On Wed, Feb 13, 2019 at 7:14 PM Jun Rao wrote: > Hi, Yaodong, > > Thanks for the KIP. As Stan mentioned earlier, it seems that this is > mostly covered by KIP-248, which was originally proposed by Victor. > > Hi, Victor, > > Do you still plan to work on KIP-248? It seems that you already got prett= y > far on that. If not, would you mind letting Yaodong take over this? > > For both KIP-248 and KIP-422, one thing that I found missing is the > support for customized quota ( > https://cwiki.apache.org/confluence/display/KAFKA/KIP-257+-+Configurable+= Quota+Management). > With KIP-257, it's possible for one to construct a customized quota defin= ed > through a map of metric tags. It would be useful to support that in the > AdminClient API and the wire protocol. > > Hi, Sonke, > > I think the proposal is to support the user/clientId level quota through > an AdminClient api. The user can be obtained from any existing > authentication mechanisms. > > Thanks, > > Jun > > On Thu, Feb 7, 2019 at 5:59 AM S=C3=B6nke Liebau > wrote: > >> Hi Yaodong, >> >> thanks for the KIP! >> >> If I understand your intentions correctly then this KIP would only >> address a fairly specific use case, namely SASL-PLAIN with users >> defined in Zookeeper. For all other authentication mechanisms like >> SSL, SASL-GSSAPI or SASL-PLAIN with users defined in jaas files I >> don't see how the AdminClient could directly create new users. >> Is this correct, or am I missing something? >> >> Best regards, >> S=C3=B6nke >> >> On Thu, Feb 7, 2019 at 2:47 PM Stanislav Kozlovski >> wrote: >> > >> > This KIP seems to duplicate some of the functionality proposed in >> KIP-248 >> > < >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-248+-+Create+New+C= onfigCommand+That+Uses+The+New+AdminClient >> >. >> > KIP-248 has been stuck in a vote thread since July 2018. >> > >> > Viktor, do you plan on working on the KIP? >> > >> > On Thu, Feb 7, 2019 at 1:27 PM Stanislav Kozlovski < >> stanislav@confluent.io> >> > wrote: >> > >> > > Hey there Yaodong, thanks for the KIP! >> > > >> > > I'm not too familiar with the user/client configurations we currentl= y >> > > allow, is there a KIP describing the initial feature? If there is, i= t >> would >> > > be useful to include in KIP-422. >> > > >> > > I also didn't see any authorization in the PR, have we thought about >> > > needing to authorize the alter/describe requests per the user/client= ? >> > > >> > > Thanks, >> > > Stanislav >> > > >> > > On Fri, Jan 25, 2019 at 5:47 PM Yaodong Yang > > >> > > wrote: >> > > >> > >> Hi folks, >> > >> >> > >> I've published KIP-422 which is about adding support for user/clien= t >> > >> configurations in the Kafka Admin Client. >> > >> >> > >> Basically the story here is to allow KafkaAdminClient to configure >> the >> > >> user >> > >> or client configurations for users, instead of requiring users to >> directly >> > >> talk to ZK. >> > >> >> > >> The link for this KIP is >> > >> following: >> > >> >> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=3D97555= 704 >> > >> >> > >> I'd be happy to receive some feedback about the KIP I published. >> > >> >> > >> -- >> > >> Best, >> > >> Yaodong Yang >> > >> >> > > >> > > >> > > -- >> > > Best, >> > > Stanislav >> > > >> > >> > >> > -- >> > Best, >> > Stanislav >> >> >> >> -- >> S=C3=B6nke Liebau >> Partner >> Tel. +49 179 7940878 >> OpenCore GmbH & Co. KG - Thomas-Mann-Stra=C3=9Fe 8 - 22880 Wedel - Germa= ny >> > --0000000000004ac3d00581eb666c--