THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Changes to Wire Protocol:
- Adds the following new Request/Response messages:
- CreateTopic
- AlterTopic
- DeleteTopic
- ListAcls
- AlterAcls
- DescribeConfig
- AlterConfig
- Modifies Metadata Response to allowing polling for in-progress or complete admin operations. Added fields include:
- Boolean indicating if a topic is marked for deletion
- Boolean indicating if a topic is an internal topic
- Rack information (if not added by KIP-36 Rack aware replica assignment)
- Boolean indicating if a broker is the controller
- Adds the following new Request/Response messages:
- New Java client: AdminClient - a Wire Protocol client for administrative operations
...
- Review privileges for listing and altering ACLs to be more fine grained.
- Provide an Authorizer interface using the new Java classes used by the ACL requests/responses
- Deprecate the old one to encourage transition
- Define standard Exceptions that can be thrown by the Authorizer in the interface.
- Otherwise all exceptions are unknown server exception to the client
- Consider building a sync call into the Authorizer to ensure changes are propagated
Details
1. Wire Protocol Extensions
...
New Protocol Errors
It is proposed to use existing / add these error codes to the protocol.
Error | Description | Requests |
|---|---|---|
TopicExists | Topic with this name already exists. | CreateTopic |
InvalidTopic (existing) | Topic name contains invalid characters or doesn't exist. | CreateTopic, AlterTopic, DeleteTopic |
InvalidPartitions | Partitions field is invalid (e.g. negative or increasing number of partitions in existing topic) | CreateTopic, AlterTopic |
InvalidReplicationFactor | ReplicationFactor field is invalid (e.g. negative) | CreateTopic, |
InvalidReplicaAssignment | ReplicaAssignment field is invalid (e.g. contains duplicates) |
|
InvalidConfiguration | Either topic-level config setting or value is incorrect. | CreateTopic |
Generally, a client should have enough context to provide descriptive error message.
The same notation as in A Guide To The Kafka Protocol is used here.
ACL Admin Schema
Metadata Request (v1)
MetadataRequest => [topics] |
Stays the same as version 0
Metadata Response
MetadataResponse => [brokers] [topic_metadata]
brokers => node_id host port rack is_controller
node_id => INT32
host => STRING
port => INT32
rack => NULLABLE_STRING
is_controller => BOOLEAN
topic_metadata => topic_error_code topic is_internal marked_for_deletion [partition_metadata]
topic_error_code => INT16
topic => STRING
is_internal => BOOLEAN
marked_for_deletion => BOOLEAN
partition_metadata => partition_error_code partition_id leader [replicas] [isr]
partition_error_code => INT16
partition_id => INT32
leader => INT32 |
Adds rack, is_controller, is_internal and marked for deletion to the version 0 response.
ACL Admin Schema
List ACLs Request
ListAclsRequest => principal resource
resource => resource_type resource_name
resource_type => INT8
resource_name => STRING
principal => NULLABLE_STRING |
Request semantics:
- Can be sent to any broker
- If a non-null principal is provided the returned ACLs will be filtered by that principle, otherwise ACLs for all principals will be listed.
- If a resource with a resource_type != -1 is provided ACLs will be filtered by that resource, otherwise ACLs for all resources will be listed.
- Any principle can list their own ACLs where the permission type is "Allow", Otherwise the principle must be authorized to the "All" Operation on the "Cluster" resource to list ACLs.
- Unauthorized requests will receive a ClusterAuthorizationException
- This will be reviewed as a follow up ACLs review after this KIP. See Follow Up Changes.
...