THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
Status
Current state: DraftUnder discussion
Discussion thread: TODO
JIRA: TODO KAFKA-7740
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
Quota management via Admin Client has gone through a couple drafts of proposals (KIP-248, KIP-422). While improvements have been made to the Admin interface for configuration handling, fitting quotas into the API is awkward as they don't fit the natural key-value pairing, nor is the configuration output expressive enough to return all useful information. Therefore, it'd be beneficial to have a quota-native API for managing quotas, which would offer an intuitive and less error-prone interface, convey additional information beyond what the configuration APIs provide, and enable for future extensibility as quotas types are added or evolved.
Background
By default, quotas are defined in terms of a user and client ID, where the user acts as an opaque principal name, and the client ID as a generic group identifier. When setting quotas, an administrator has flexibility in how it specifies the user and client ID for which the quota applies, where the user and client ID may be specifically named, indicated as a default, or omitted entirely. Since quotas have flexible configurations, there is a method for resolving the quotas that apply to a request: a hierarchy structure is used, where the most specific defined quota will be matched to a request's user and client ID.
...
As such, reasoning around quotas can be complex, as it's not immediately obvious which quotas may apply to a given user and/or client ID. Providing descriptive information about how quotas are matched is the first goal of this KIP. Likewise, retrieving and modifying quota values can be done in a more expressive and robust way, which is the second goal of the KIP.
APIs
In order to clearly specify the APIs, let's first disambiguate some terminology: Every client request that is processed is associated with a quota entity, which is a map of entity types to their corresponding entity names for the request. Using the current entity types, an entity is of the form {user=test-user, client-id=test-client}, where user and client-id are the types, and test-user and test-client are the names. However, when specifying a quota configuration entry, only a subset of the entity types need to be provided, which is referred to as an entity match, for example, {user=<default>}.
...
Altering quotas only works on a config-centric manner, and therefore doesn't need distinguishing. For a given entity match, the administrator should be able to specify which quotas apply, or alternatively remove existing quotas so they no longer match. This is AlterQuotas.
Units
This KIP introduces the concept of a quota unit to be applied to a quota value. Currently, only a single unit is used for quotas: bytes-per-second, however this has limitations to effective quota management. For example, since it's a global throughput value, it doesn't scale well as brokers are added or removed, and so a broker-bytes-per-second unit could be added to better manage this behavior. As units are added, the possible quota configuration entries becomes the cross product of the quota types by the quota units, which means that it'd be possible to specify bytes-per-second both on a global and per-broker basis, and quota enforcement would occur at whichever limit was hit first. Additional considerations could be made for a fair-share system, where units of shares could be configured for quotas, and when bandwidth is contested, the share count of the active entities could be used to determine their restricted throughput.
It's beyond the scope of this KIP to add new units and implement their corresponding functionality in the broker, however it must be noted for future extensibility of the APIs.
Types Rationale
While there's two defined entity types in AK, a server-side plugin mechanism allows for further expansion. Likewise, as use cases evolve, finer-grained quota control may be necessary. Therefore, entity types should not be statically bound to publicly defined constants, and instead the API should support flexible entity types by interpreting them as a String identifier. Any entity types that the broker doesn't understand should throw an IllegalArgumentException back to the client.
...
Since a fixed set of entity types aren't defined, an entity should be represented by a Map<String, String>, which maps an entity type to the entity name.
Public Interfaces
Admin client calls will be added to correspond to describeQuotas, describeEffectiveQuotas, and alterQuotas, with supporting types defined in the common.quotas package.
...
| Code Block | ||
|---|---|---|
| ||
public class DescribeQuotasOptions extends AbstractOptions<DescribeQuotasOptions> {
// Empty.
}
/**
* The result of the {@link Admin#describeQuotas(Collection<QuotaFilter>, DescribeQuotasOptions)} call.
*/
public class DescribeQuotasResult {
/**
* Maps an entity to its configured quota value(s). Note if no value is defined for a quota
* type for that entity's config, then it is not included in the resulting value map.
*
* @param entities the collection of entities that matched the filter
*/
public DescribeQuotasResult(KafkaFuture<Map<QuotaEntity, Map<QuotaKey, Long>>> entities);
/**
* Returns a map from quota entity to a future which can be used to check the status of the operation.
*/
public KafkaFuture<Map<QuotaEntity, Map<QuotaKey, Long>>> entities();
}
public interface Admin extends AutoCloseable {
...
/**
* Describes all entities matching all provided filters (logical AND) that have at least one
* quota value defined.
*
* @param filters filtering rules to apply to matching entities
* @param options the options to use
* @return result containing all matching entities
*/
DescribeQuotasResult describeQuotas(Collection<QuotaFilter> filters, DescribeQuotasOptions options);
}
|
DescribeEffectiveQuotas:
| Code Block | ||
|---|---|---|
| ||
public class DescribeEffectiveQuotasOptions extends AbstractOptions<DescribeEffectiveQuotasOptions> {
/**
* Whether to exclude the list of overridden values for every quota type in the result.
*/
public DescribeEffectiveQuotasOptions setOmitOverriddenValues(boolean omitOverriddenValues);
}
/**
* The result of the {@link Admin#describeEffectiveQuotas(Collection<QuotaEntity>, DescribeEffectiveQuotasOptions)} call.
*/
public class DescribeEffectiveQuotasResult {
/**
* Information about a specific quota configuration entry.
*/
public class Entry {
/**
* @param source the entity source for the value
* @param value the non-null value
*/
public Entry(QuotaEntity source, Long value);
}
/**
* Information about the value for a quota type.
*/
public class Value {
/**
* @param entry the quota entry
* @param overriddenEntries all values that are overridden due to being lower in
* specificity, or null if not requested
*/
public Value(Entry entry, List<Entry> overriddenEntries);
}
/**
* Maps a collection of entities to their effective quota values.
*
* @param config the quota configuration for the requested entities
*/
public DescribeEffectiveQuotasResult(Map<QuotaEntity, KafkaFuture<Map<QuotaKey, Value>>> config);
/**
* Returns a map from quota entity to a future which can be used to check the status of the operation.
*/
public Map<QuotaEntity, KafkaFuture<Map<QuotaKey, Value>>> config();
/**
* Returns a future which succeeds only if all quota descriptions succeed.
*/
public KafkaFuture<Void> all();
}
public interface Admin extends AutoCloseable {
...
/**
* Describes the effective quotas for the provided entities.
*
* @param entities the entities to describe the effective quotas for
* @param options the options to use
* @return the effective quotas for the entities
*/
DescribeEffectiveQuotasResult describeEffectiveQuotas(Collection<QuotaEntity> entities, DescribeEffectiveQuotasOptions options);
} |
AlterQuotas
| Code Block | ||||
|---|---|---|---|---|
| ||||
public class AlterQuotasEntry {
public class Op {
/**
* @param key the quota type and units to alter
* @param value if set then the existing value is updated,
* otherwise if null, the existing value is cleared
*/
public Op(QuotaKey key, Long value);
}
/**
* @param entity the entity whose config will be modified
* @param ops the alteration to perform - if value is set, then the existing value is updated,
* otherwise if null, the existing value is cleared
*/
public AlterQuotasEntry(QuotaEntity entity, Collection<Op> ops);
}
public class AlterQuotasOptions extends AbstractOptions<AlterQuotasOptions> {
/**
* Sets whether the request should be validated without altering the configs.
*/
public AlterQuotasOptions validateOnly(boolean validateOnly);
}
/**
* The result of the {@link Admin#alterQuotas(Collection<AlterQuotasEntry>, AlterQuotasOptions)} call.
*
* The API of this class is evolving, see {@link Admin} for details.
*/
public class AlterQuotasResult {
public AlterQuotasResult(Map<QuotaEntity, KafkaFuture<Void>> futures);
/**
* Returns a map from quota entity to a future which can be used to check the status of the operation.
*/
public Map<QuotaEntity, KafkaFuture<Void>> values();
/**
* Returns a future which succeeds only if all quota alterations succeed.
*/
public KafkaFuture<Void> all();
}
public interface Admin extends AutoCloseable {
...
/**
* Alters the quotas as specified for the entries.
*
* @param alterations the alterations to perform
* @return the result of the alterations
*/
AlterQuotasResult alterQuotas(Collection<AlterQuotasEntry> entries, AlterQuotasOptions options);
} |
...
- List: Lists the quota entities for the given entity specification and their corresponding quota values, as explicitly specified in the configuration. The user may provide explicit entity types+names, or a pattern to apply to an entity type find matching entity names. If an entity type is omitted from the input, it is treated as a wildcard.
- Describe: Describes the effective quotas for an entity, including contextual information about how those quotas were derived. This includes what configuration entries matched to the entity and, if requested, the overridden, less-specific matches for the entity.
- Alter: Modifies a quota configuration entry in an incremental manner, i.e. specify which entries to add, update, and/or remove.
Flags
Various flags will be used to accomplish these operations.
...
Exclusive to --alter:--add: Comma-separated list of entries to add or update to the configuration, in format "name:unit=value".--delete: Comma-separated list of entries to remove from the configuration, in format "name:unit".--validate-only: If set, validates the alteration but doesn't perform it.
Output
In general, the output of the entities will be of the form: {entity-type=entity-name, ...}, where entity-name is sanitized for output since it is an opaque string. When displaying configuration values, the form: quota-name:quota-unit=quota-value.
...
| Code Block |
|---|
$./bin/kafka-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=client-id=my-client --defaults=user \
--add=producer_byte_rate:shares=100 \
--delete=producer_byte_rate:broker_bps
<no output on success>
$./bin/kafka-quotas.sh --bootstrap-server localhost:9092 --list \
--names=client-id=my-client --defaults=user
{user=<default>, client-id=my-client}
consumer_byte_rate:shares=100
producer_byte_rate:shares=100 |
Proposed Changes
In addition to the API changes above, the following write protocol would be implemented:
...
| Code Block |
|---|
{
"apiKey": 50,
"type": "request",
"name": "AlterQuotasRequest",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "Entry", "type": "[]EntryData", "versions": "0+",
"about": "The quota configuration entries to alter.", "fields": [
{ "name": "QuotaEntity", "type": "[]QuotaEntity", "versions": "0+",
"about": "The quota entity to alter.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The name of the entity." }
]},
{ "name": "Op", "type": "[]OpData", "versions": "0+",
"about": "An individual quota configuration entry to alter.", "fields": [
{ "name": "Type", "type": "string", "versions": "0+",
"about": "The quota type." },
{ "name": "Units", "type": "string", "versions": "0+",
"about": "The units for the quota type." },
{ "name": "Value", "type": "int64", "versions": "0+",
"about": "The value to set, otherwise ignored if the value is to be removed." },
{ "name": "Remove", "type": "bool", "versions": "0+",
"about": "Whether the quota configuration value should be removed, otherwise set." }
]}
]},
{ "name": "ValidateOnly", "type": "bool", "versions": "0+",
"about": "Whether the alteration should be validated, but not performed." }
]
}
{
"apiKey": 50,
"type": "response",
"name": "AlterQuotasResponse",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "ThrottleTimeMs", "type": "int32", "versions": "0+",
"about": "The duration in milliseconds for which the request was throttled due to a quota violation, or zero if the request did not violate any quota." },
{ "name": "Entry", "type": "[]EntryData", "versions": "0+",
"about": "The quota configuration entries to alter.", "fields": [
{ "name": "ErrorCode", "type": "int16", "versions": "0+",
"about": "The error code, or `0` if the quota alteration succeeded." },
{ "name": "ErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The error message, or `null` if the quota alteration succeeded." },
{ "name": "QuotaEntity", "type": "[]QuotaEntity", "versions": "0+",
"about": "The quota entity to alter.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The name of the entity." }
]}
]}
]
} |
Compatibility, Deprecation, and Migration Plan
All changes would be forward-compatible, and no migration plan is necessary. It's outside the scope of this KIP to deprecate any functionality.
Rejected Alternatives
- Use existing describeConfigs/incrementalAlterConfigs for quota functionality. This falls short for a couple reasons. First, quotas entity names are more dynamic than brokers and tasks which makes them awkward to fit into generic tools which expect a single unique, distinct key, e.g. ConfigCommand. Second, there's no tool that expresses a way to get the effective quota for an entity without some heavy engineering on the client side, which lacks extensibility and is more expensive to perform, especially over large collection of entities. Therefore, it makes sense to approach quotas as a standalone set of APIs that provide more targeted information and can properly support future extensibility.
...