THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The reason is that we shall remove "ControllerNodeProvider" on the admin client, so that new clients no longer have direct access towards the controller. Thus the active controller is properly isolated from the outside world, according to the KIP-631. To be more strict, the "ControllerId" field in MetadataResponse shall be set to -1 when the original request comes from a non-broker client. We shall use the request listener name to distinguish whether a given request is inter-broker, or from the client.
Protocol Bump
We also need to bump the Metadata RPC to v10 to propagate internal topic creation policy violation. Specifically:
...
2. For older client, return AUTHORIZATION_FAILED to fail the client quickly as well. It's not a perfect solution as we don't have a notification path for older clients, but at least the system admin could check for broker log when hitting this issue.
To be more strict of protecting controller information, the "ControllerId" field in new MetadataResponse shall be set to -1 when the original request comes from a non-broker client and it is already on v10. We shall use the request listener name to distinguish whether a given request is inter-broker, or from the client.
Security Access Changes
Broker Authorization Override During Forwarding
...