You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2022/11/29 18:17:00 UTC

[GitHub] [kafka] mumrah commented on a diff in pull request #12885: KAFKA-14358; Disallow creation of cluster metadata partition

mumrah commented on code in PR #12885:
URL: https://github.com/apache/kafka/pull/12885#discussion_r1035093043


##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -1925,9 +1925,18 @@ class KafkaApis(val requestChannel: RequestChannel,
       val hasClusterAuthorization = authHelper.authorize(request.context, CREATE, CLUSTER, CLUSTER_NAME,
         logIfDenied = false)
       val topics = createTopicsRequest.data.topics.asScala.map(_.name)
-      val authorizedTopics =
-        if (hasClusterAuthorization) topics.toSet
-        else authHelper.filterByAuthorized(request.context, CREATE, TOPIC, topics)(identity)
+      val authorizedTopics = if (hasClusterAuthorization) {
+        /* The cluster metatdata topic is an internal topic with a different implementation. The user should not be
+         * allowed to create it as a regular topic.
+         */
+        topics.toSet.diff(Set(Topic.CLUSTER_METADATA_TOPIC_NAME))

Review Comment:
   Can we just filter out the metadata topic once up at L1927? 
   
   Also, should we log a warning if we find it (and remove it)?



##########
core/src/main/scala/kafka/server/ControllerApis.scala:
##########
@@ -374,10 +375,16 @@ class ControllerApis(val requestChannel: RequestChannel,
         }
       }
     }
-    val authorizedTopicNames = if (hasClusterAuth) {
-      topicNames.asScala
-    } else {
-      getCreatableTopics.apply(topicNames.asScala)
+    val authorizedTopicNames = {
+      /* The cluster metatdata topic is an internal topic with a different implementation. The user should not be
+       * allowed to create it as a regular topic.
+       */
+      val allowedTopicNames = topicNames.asScala.diff(Set(Topic.CLUSTER_METADATA_TOPIC_NAME))

Review Comment:
   Similar question to below -- should we log a warning if the user passed in `__cluster_metadata`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org