KAFKA-19803: Implemented support for allow.os.group.write.access config. #20744
Conversation
| <td><code class="docutils literal"><span class="pre">10000</span></code></td> | ||
| </tr> | ||
| <tr class="row-even"><td>allow.os.group.write.access</td> | ||
| <td>Medium</td> |
There was a problem hiding this comment.
Do we think Medium is right? Maybe Low would be better? -- Did not bring this up on the KIP. Let me follow up there about it.
There was a problem hiding this comment.
my bad, overlooked when copied the code. fixed
| .define(ALLOW_OS_GROUP_WRITE_ACCESS_CONFIG, | ||
| Type.BOOLEAN, | ||
| false, | ||
| Importance.LOW, |
There was a problem hiding this comment.
Here you set low -- We need to keep the code and cods consistent.
| } | ||
|
|
||
| private void initializeStateDirectory(final boolean createStateDirectory, final boolean hasNamedTopology, | ||
| final boolean allowOsGroupWriteAccess) throws IOException { |
There was a problem hiding this comment.
nit: formatting -- we usually either keep all parameter in a single line, or make one line per parameter. The current formatting is kinda hard to read.
|
|
||
| @Test | ||
| public void shouldHaveSecurePermissionsIfGroupWriteAccessAllowed() throws IOException { | ||
| initializeStateDirectory(true, false, true); |
There was a problem hiding this comment.
Should we cleanup/delete the state directory we create in
@BeforeEach
public void before() throws IOException {
initializeStateDirectory(true, false);
}
before we init a new one?
There was a problem hiding this comment.
I wanted to check that we update the permissions of the existing directories.
Updated the tests to better reflect that.
|
We would expect that an existing state directory get updated when the config is changed, ie, either revoke group write or grant it? We should add a test for it. |
2 participants
Implement KIP-1230.
Reviewers: Matthias J. Sax [email protected]