THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
3. `org.apache.kafka.server.authorizer.Authorizer` will have a new interface for checking if checking if the caller is authorized to perform the given the given ACL operation on at least one resource of satisfying the given typefilter.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
/**
* Check if the caller is authorized to perform the given ACL operation on at least one
* resource ofsatisfying the given typefilter.
*
* @param requestContext Request context including request type, security protocol, and listener name
* @param op The ACL Operationoperation to check
* @param resourceType f The type of theThe resource to checkfilter
* @return Return true if the caller is authorized to perform the given ACL operation
* on at least one resource ofsatisfying the given typefilter. Return false otherwise.
*/
booleanAuthorizationResult authorizedOnAtLeastOneResourseauthorizeAny(AuthorizableRequestContext requestContext,
AclOperation op,
ResourceType resourceType
ResourcePatternFilter f); |
Proposed Changes
Besides the public interface changes above, we will deprecate `IDEMPOTENT_WRITE` in release version 2.8 because it's kind of trivial by practice.
We are relaxing the ACL restriction from `IDEMPOTENT_WRITE` to `WRITE` earlier (release version 2.8) and changing the producer defaults later (release version 3.0) in order to give the community users enough time to upgrade their broker first. So their later client-side upgrading, which enables idempotence by default, won't get blocked by the `IDEMPOTENT_WRITE` ACL required by the old version brokers for idempotence production.
`IDEMPOTENT_WRITE` will be deprecated in 2.8 but won't be removed in a short term, in order to give the community enough time to upgrade their `authorizer` implementation.
Compatibility, Deprecation, and Migration Plan
...