You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "mumrah (via GitHub)" <gi...@apache.org> on 2023/03/14 18:54:00 UTC

[GitHub] [kafka] mumrah commented on a diff in pull request #13368: KAFKA-14796 Migrate ACLs from AclAuthorizor to KRaft

mumrah commented on code in PR #13368:
URL: https://github.com/apache/kafka/pull/13368#discussion_r1136047272


##########
core/src/main/scala/kafka/zk/ZkMigrationClient.scala:
##########
@@ -211,12 +214,38 @@ class ZkMigrationClient(zkClient: KafkaZkClient) extends MigrationClient with Lo
     }
   }
 
+  def migrateAcls(recordConsumer: Consumer[util.List[ApiMessageAndVersion]]): Unit = {
+    // This is probably fairly inefficient, but it preserves the semantics from AclAuthorizer (which is non-trivial)
+    var allAcls = new scala.collection.immutable.TreeMap[ResourcePattern, VersionedAcls]()(new ResourceOrdering)
+    def updateAcls(resourcePattern: ResourcePattern, versionedAcls: VersionedAcls): Unit = {
+      allAcls = allAcls.updated(resourcePattern, versionedAcls)
+    }
+
+    AclAuthorizer.loadAllAcls(zkClient, this, updateAcls)

Review Comment:
   Yes, good call-out -- we will need documentation on this. We will only support migrating ACLs from AclAuthorizer to StandardAuthorizer. Otherwise, users can continue using whatever authorizer they had configured in ZK mode. In fact, AclAuthorizer _could_ still be used in KRaft mode, but we want to discourage that :) 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org