From dev-return-101892-archive-asf-public=cust-asf.ponee.io@kafka.apache.org Tue Feb 19 23:21:15 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id E0CD918060E for ; Wed, 20 Feb 2019 00:21:14 +0100 (CET) Received: (qmail 95368 invoked by uid 500); 19 Feb 2019 23:21:08 -0000 Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kafka.apache.org Delivered-To: mailing list dev@kafka.apache.org Received: (qmail 95356 invoked by uid 99); 19 Feb 2019 23:21:08 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2019 23:21:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A4D331822E0 for ; Tue, 19 Feb 2019 23:21:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.799 X-Spam-Level: * X-Spam-Status: No, score=1.799 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id PDhV9kS8ZVJk for ; Tue, 19 Feb 2019 23:21:05 +0000 (UTC) Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com [209.85.222.45]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5BCCC5F16A for ; Tue, 19 Feb 2019 23:21:05 +0000 (UTC) Received: by mail-ua1-f45.google.com with SMTP id p9so7571866uaa.5 for ; Tue, 19 Feb 2019 15:21:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vmofqTr61ombIvoLkDzDoF6UZXiEOY8zj41N5qQhE1U=; b=t4CNjzA/1DAxiESelhfmFvdSXYn9io0b1doIYLl25WP53zOVcbiuV7Xya81BmeMVPw zPlecxmWA2gVeCev8jWHecSj5dgfdeGh7ta7r00r2KWVTzYptQueQDGUJbYrP9L374QX eopZSem0H/01xZYd5mXkmtMCNWnQBTfgGU1BgP573q2F5LF4LBkoxba8eE0ebKF3qTic 1RPe9DBO8o2JQDlnmPSyEEfjZWrs7VhmO9s1PP9HSQvPnfx7p6K7tQMg94SwfaD1HjJE hqLYgaGkL6kJoaQArpWYk3RJmMyUb3UtzxdQdpWJhV/l7O7vlq0he9Khz4DvcepNqX5x P2Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vmofqTr61ombIvoLkDzDoF6UZXiEOY8zj41N5qQhE1U=; b=bEuUr9qCgDy3nbX8aOgbucpTROIfnBG3VDogaqI+Djn4yvMcXCm9Y0xEs6nSJaywPX mL8+Jz5LhFS2jjw/nFKvwxdofcFT5OJvn9kzh9sevwcGcnrz+KEdXwLmz8JbGageo0Zo GcVhoWXSXxWyIEroR77Nu9u9XzbTOcxSsRQEZmjw2Ujc4rQjdlneGgaFKeExI84Ia2oZ 6YQA9JJ/4m0RjGWkKv3GLN657ruBFCMzMkzJDgQ9yullPJaefnRDy4gLfde471U59n5a wZTrcKH0t0lek0NpeetdJ0z1VYkE5aqsAe4fukTCL7Zl59JDPZnf+dqvjrNvwzfZl9ia dqhw== X-Gm-Message-State: AHQUAub5kpe4yR/HQMJM+VxBzu1BR5aLQYg9FTYtUlCrzs15rY0Z6bcx i3aZwTxsVxeDoeLZeybF0nz6Y2yjLu7mY2ZSTjc3/Q== X-Google-Smtp-Source: AHgI3Iaau6uj+kdylkfvBPudd9Qwrflyip8C9mTSOIrg6aK/DqaN1ciwlofyls9kcbPTgHFh0VO8EZKulyCBadKWmbg= X-Received: by 2002:a9f:2006:: with SMTP id 6mr11589338uam.96.1550618458557; Tue, 19 Feb 2019 15:20:58 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Yaodong Yang Date: Tue, 19 Feb 2019 15:20:47 -0800 Message-ID: Subject: Re: [DISCUSSION] KIP-422: Add support for user/client configuration in the Kafka Admin Client To: dev@kafka.apache.org Cc: Jun Rao Content-Type: multipart/alternative; boundary="0000000000006791240582477ef4" --0000000000006791240582477ef4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Jun, Viktor, Snoke and Stan, Thanks for taking time to look at this KIP-422! For some reason, this email was put in my spam folder. Sorry about that. Jun is right, the main motivation for this KIP-422 is to allow users to config user/clientId quota through AdminClient. In addition, this KIP-422 also allows users to set or update any config related to a user or clientId entity if needed in the future. For the KIP-257, I agree with Jun that we should add support for it. I will look at the current implementation and update the KIP-422 with new change. I will ping this thread once I updated the KIP. Thanks again! Yaodong On Fri, Feb 15, 2019 at 1:28 AM Viktor Somogyi-Vass wrote: > Hi Guys, > > I wanted to reject that KIP, split it up and revamp it as in the meantime > there were some overlapping works I just didn't get to it due to other > higher priority work. > One of the splitted KIPs would have been the quota part of that and I'd b= e > happy if that lived in this KIP if Yaodong thinks it's worth to > incorporate. I'd be also happy to rebase that wire protocol and contribut= e > it to this KIP. > > Viktor > > On Wed, Feb 13, 2019 at 7:14 PM Jun Rao wrote: > > > Hi, Yaodong, > > > > Thanks for the KIP. As Stan mentioned earlier, it seems that this is > > mostly covered by KIP-248, which was originally proposed by Victor. > > > > Hi, Victor, > > > > Do you still plan to work on KIP-248? It seems that you already got > pretty > > far on that. If not, would you mind letting Yaodong take over this? > > > > For both KIP-248 and KIP-422, one thing that I found missing is the > > support for customized quota ( > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-257+-+Configurable+= Quota+Management > ). > > With KIP-257, it's possible for one to construct a customized quota > defined > > through a map of metric tags. It would be useful to support that in the > > AdminClient API and the wire protocol. > > > > Hi, Sonke, > > > > I think the proposal is to support the user/clientId level quota throug= h > > an AdminClient api. The user can be obtained from any existing > > authentication mechanisms. > > > > Thanks, > > > > Jun > > > > On Thu, Feb 7, 2019 at 5:59 AM S=C3=B6nke Liebau > > wrote: > > > >> Hi Yaodong, > >> > >> thanks for the KIP! > >> > >> If I understand your intentions correctly then this KIP would only > >> address a fairly specific use case, namely SASL-PLAIN with users > >> defined in Zookeeper. For all other authentication mechanisms like > >> SSL, SASL-GSSAPI or SASL-PLAIN with users defined in jaas files I > >> don't see how the AdminClient could directly create new users. > >> Is this correct, or am I missing something? > >> > >> Best regards, > >> S=C3=B6nke > >> > >> On Thu, Feb 7, 2019 at 2:47 PM Stanislav Kozlovski > >> wrote: > >> > > >> > This KIP seems to duplicate some of the functionality proposed in > >> KIP-248 > >> > < > >> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-248+-+Create+New+Co= nfigCommand+That+Uses+The+New+AdminClient > >> >. > >> > KIP-248 has been stuck in a vote thread since July 2018. > >> > > >> > Viktor, do you plan on working on the KIP? > >> > > >> > On Thu, Feb 7, 2019 at 1:27 PM Stanislav Kozlovski < > >> stanislav@confluent.io> > >> > wrote: > >> > > >> > > Hey there Yaodong, thanks for the KIP! > >> > > > >> > > I'm not too familiar with the user/client configurations we > currently > >> > > allow, is there a KIP describing the initial feature? If there is, > it > >> would > >> > > be useful to include in KIP-422. > >> > > > >> > > I also didn't see any authorization in the PR, have we thought abo= ut > >> > > needing to authorize the alter/describe requests per the > user/client? > >> > > > >> > > Thanks, > >> > > Stanislav > >> > > > >> > > On Fri, Jan 25, 2019 at 5:47 PM Yaodong Yang < > yangyaodong88@gmail.com > >> > > >> > > wrote: > >> > > > >> > >> Hi folks, > >> > >> > >> > >> I've published KIP-422 which is about adding support for > user/client > >> > >> configurations in the Kafka Admin Client. > >> > >> > >> > >> Basically the story here is to allow KafkaAdminClient to configur= e > >> the > >> > >> user > >> > >> or client configurations for users, instead of requiring users to > >> directly > >> > >> talk to ZK. > >> > >> > >> > >> The link for this KIP is > >> > >> following: > >> > >> > >> > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=3D975557= 04 > >> > >> > >> > >> I'd be happy to receive some feedback about the KIP I published. > >> > >> > >> > >> -- > >> > >> Best, > >> > >> Yaodong Yang > >> > >> > >> > > > >> > > > >> > > -- > >> > > Best, > >> > > Stanislav > >> > > > >> > > >> > > >> > -- > >> > Best, > >> > Stanislav > >> > >> > >> > >> -- > >> S=C3=B6nke Liebau > >> Partner > >> Tel. +49 179 7940878 > >> OpenCore GmbH & Co. KG - Thomas-Mann-Stra=C3=9Fe 8 - 22880 Wedel - Ger= many > >> > > > --0000000000006791240582477ef4--