THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Once this method is added we expect the Client of the authorizer to do the validation on principal types and the authorizer will still not do any validation by it self. As an alternative we can add the validation at Authorizer level. Having validation done at client side enables clients to fail fast for invalid principal types, whereas implementing it at authorization level removes the requirement of having the validation done on each client implementation.
An alternative of providing supported Principal types via interface is via a config option. Having a config option will be helpful for certain third party implementations that uses SimpleAclAuthorizer but support more PrincipalTypes. However, it requires adds one more config.
Compatibility, Deprecation, and Migration Plan
...
The KIP discusses a couple of ways to specify supported principal types. Based on what we choose to go ahead with, one of them will come here.
- Add validation at Authorizer level. Having validation done at client side enables clients to fail fast for invalid principal types, whereas implementing it at authorization level removes the requirement of having the validation done on each client implementation.
- An alternative of providing supported Principal types via interface is via a config option. Having a config option will be helpful for certain third party implementations that uses SimpleAclAuthorizer but support more PrincipalTypes. However, it requires adds one more config.