Return-Path: 
 <commits-return-10142-apmail-sentry-commits-archive=sentry.apache.org@sentry.incubator.apache.org>
X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org
Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A50C118F5A
	for <apmail-sentry-commits-archive@minotaur.apache.org>;
 Tue, 23 Feb 2016 17:26:21 +0000 (UTC)
Received: (qmail 93721 invoked by uid 500); 23 Feb 2016 17:26:21 -0000
Delivered-To: apmail-sentry-commits-archive@sentry.apache.org
Received: (qmail 93679 invoked by uid 500); 23 Feb 2016 17:26:21 -0000
Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@sentry.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@sentry.incubator.apache.org>
List-Post: <mailto:commits@sentry.incubator.apache.org>
List-Id: <commits.sentry.incubator.apache.org>
Reply-To: dev@sentry.incubator.apache.org
Delivered-To: mailing list commits@sentry.incubator.apache.org
Received: (qmail 93670 invoked by uid 99); 23 Feb 2016 17:26:21 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Feb 2016 17:26:21 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 0E970C1309
	for <commits@sentry.apache.org>; Tue, 23 Feb 2016 17:26:21 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -4.021
X-Spam-Level: 
X-Spam-Status: No, score=-4.021 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-0.001] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id Z5LfCZ166gm9 for <commits@sentry.apache.org>;
	Tue, 23 Feb 2016 17:26:20 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP
 id 53D1B5FAC6
	for <commits@sentry.incubator.apache.org>;
 Tue, 23 Feb 2016 17:26:19 +0000 (UTC)
Received: (qmail 93002 invoked by uid 99); 23 Feb 2016 17:26:18 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Feb 2016 17:26:18 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 520FE2C1F5C
	for <commits@sentry.incubator.apache.org>;
 Tue, 23 Feb 2016 17:26:18 +0000 (UTC)
Date: Tue, 23 Feb 2016 17:26:18 +0000 (UTC)
From: "Ashish K Singh (JIRA)" <jira@apache.org>
To: commits@sentry.incubator.apache.org
Message-ID: <JIRA.12937687.1454974393000.123706.1456248378332@Atlassian.JIRA>
In-Reply-To: <JIRA.12937687.1454974393000@Atlassian.JIRA>
References: <JIRA.12937687.1454974393000@Atlassian.JIRA>
 <JIRA.12937687.1454974393717@arcas>
Subject: [jira] [Updated] (SENTRY-1057) Add implementations for acls' CRUD
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/SENTRY-1057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ashish K Singh updated SENTRY-1057:
-----------------------------------
    Description: 
To allow users to perform CRUD of privileges we have couple of options.

1. Add a custom sentry specific CLI.
2. Reuse Kafka's CLI, kafka-acls.sh.

We propose to use the later approach as that will provide a seamless experience to users. Moreover, Kafka's acls cli supports plugging in third party authorizer implementations.

Kafka will authenticate users before passing user's request to Sentry to perform ACLs CRUD. Sentry can assume that users requests coming to it for performing ACLs CRUD are authenticated and authorized.

  was:
To allow users to perform CRUD of privileges we have couple of options.

1. Add a custom sentry specific CLI.
2. Reuse Kafka's CLI, kafka-acls.sh.

We propose to use the later approach as that will provide a seamless experience to users. Moreover, Kafka's acls cli supports plugging in third party authorizer implementations.


> Add implementations for acls' CRUD
> ----------------------------------
>
>                 Key: SENTRY-1057
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1057
>             Project: Sentry
>          Issue Type: Sub-task
>            Reporter: Ashish K Singh
>            Assignee: Ashish K Singh
>             Fix For: 1.7.0
>
>
> To allow users to perform CRUD of privileges we have couple of options.
> 1. Add a custom sentry specific CLI.
> 2. Reuse Kafka's CLI, kafka-acls.sh.
> We propose to use the later approach as that will provide a seamless experience to users. Moreover, Kafka's acls cli supports plugging in third party authorizer implementations.
> Kafka will authenticate users before passing user's request to Sentry to perform ACLs CRUD. Sentry can assume that users requests coming to it for performing ACLs CRUD are authenticated and authorized.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)