You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/04/26 14:57:46 UTC

[GitHub] [kafka] rondagostino commented on pull request #10550: MINOR: Add support for ZK Authorizer with KRaft

rondagostino commented on pull request #10550:
URL: https://github.com/apache/kafka/pull/10550#issuecomment-826903361


   @cmccabe Thanks for taking a look.  I agree in principle with your statement that `KafkaRaftServer` should know nothing about ZooKeeper or AclAuthorizer.  My reasoning for violating that idea was due to a specific issue: nothing will work with ZooKeeper when there is a chroot path in the `zk.connect` configuration value unless that chroot path exists.  Currently `KafkaServer` checks for and creates any non-existing chroot path upon startup, and the ZooKeeper initialization being done in `KafkaRaftServer` is the same thing -- the PR refactored that ability out into its own function so that it could be called from both `KafkaServer` and `KafkaRaftServer`.  It is conceivable that we could move this check into `AclAuthorizer`, but then the ZooKeeper-based broker won't run if there is no authorizer configured (and it might not work anyway due to race conditions -- who's to say that the authorizer will win the race and create the chroot path before anything else tries to connect?)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org