You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2020/11/05 01:07:10 UTC

[GitHub] [kafka] abbccdda opened a new pull request #9560: KAFKA-10345: Add ZK-notification based update for trust/key store paths

abbccdda opened a new pull request #9560:
URL: https://github.com/apache/kafka/pull/9560


   SSL trust store and key store paths update could no longer go through the direct per broker update due to forwarding. We need to add a mechanism to trigger the update through ZK notification.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] abbccdda commented on a change in pull request #9560: KAFKA-10345: Add ZK-notification based update for trust/key store paths

Posted by GitBox <gi...@apache.org>.

abbccdda commented on a change in pull request #9560:
URL: https://github.com/apache/kafka/pull/9560#discussion_r518264048



##########
File path: core/src/main/scala/kafka/server/DynamicBrokerConfig.scala
##########
@@ -331,6 +334,50 @@ class DynamicBrokerConfig(private val kafkaConfig: KafkaConfig) extends Logging
       }
   }
 
+  private[server] def maybeAugmentSslStorePaths(configProps: Properties, previousConfigProps: Map[String, String]): Unit ={
+    val processedFiles = new mutable.HashSet[String]
+    reconfigurables
+      .filter(reconfigurable => ReloadableFileConfigs.exists(reconfigurable.reconfigurableConfigs.contains))
+        .foreach({
+          case reconfigurable: ListenerReconfigurable =>
+            ReloadableFileConfigs.foreach(configName => {
+              val prefixedName = reconfigurable.listenerName.configPrefix + configName
+              if (!processedFiles.contains(prefixedName) && configProps.containsKey(prefixedName) &&

Review comment:
       @rajinisivaram One case I'm not covering here is that whether we should compare the entire `configProps` with `previousConfigProps` first and skip the augment path when they are the same. Right now I'm only comparing the path change of key/trust store, do you think we should do the comparison on entire config change first?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] rajinisivaram commented on a change in pull request #9560: KAFKA-10345: Add ZK-notification based update for trust/key store paths

Posted by GitBox <gi...@apache.org>.

rajinisivaram commented on a change in pull request #9560:
URL: https://github.com/apache/kafka/pull/9560#discussion_r520474354



##########
File path: core/src/main/scala/kafka/server/DynamicBrokerConfig.scala
##########
@@ -331,6 +334,50 @@ class DynamicBrokerConfig(private val kafkaConfig: KafkaConfig) extends Logging
       }
   }
 
+  private[server] def maybeAugmentSslStorePaths(configProps: Properties, previousConfigProps: Map[String, String]): Unit ={
+    val processedFiles = new mutable.HashSet[String]
+    reconfigurables
+      .filter(reconfigurable => ReloadableFileConfigs.exists(reconfigurable.reconfigurableConfigs.contains))
+        .foreach({
+          case reconfigurable: ListenerReconfigurable =>
+            ReloadableFileConfigs.foreach(configName => {
+              val prefixedName = reconfigurable.listenerName.configPrefix + configName
+              if (!processedFiles.contains(prefixedName) && configProps.containsKey(prefixedName) &&

Review comment:
       I think the current logic seems reasonable since you can have an update with no changes where we just want to reload the key/trust stores. In that case `configProps` would match `previousConfigProps`.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] abbccdda closed pull request #9560: KAFKA-10345: Add ZK-notification based update for trust/key store paths

Posted by GitBox <gi...@apache.org>.

abbccdda closed pull request #9560:
URL: https://github.com/apache/kafka/pull/9560


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org