Table of Contents |
---|
This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.
Status
Current state: [One of "Under Discussion", "Accepted", "Rejected"]
Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA: here [Change the link from KAFKA-1 to your own ticket]
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
Describe the problems you are trying to solve.
Public Interfaces
Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.
A public interface is any change to the following:
Binary log format
The network protocol and api behavior
Any class in the public packages under clientsConfiguration, especially client configuration
org/apache/kafka/common/serialization
org/apache/kafka/common
org/apache/kafka/common/errors
org/apache/kafka/clients/producer
org/apache/kafka/clients/consumer (eventually, once stable)
Monitoring
Command line tools and arguments
- Anything else that will likely break existing users in some way when they upgrade
Proposed Changes
...
Motivation
When mirroring ACLs, MirrorMaker downgrades allow ALL ACLs to allow READ. The rationale to is prevent other clients to produce to remote topics, which is mentioned in KIP-382: MirrorMaker 2.0.
However in disaster recovery scenarios, where the target cluster is not used and just a "hot standby", it would be preferable to have exactly the same ACLs on both clusters to speed up failover. Therefore, in this scenario, we can add a configuration to MirrorMakerConfig
whether to support disaster recovery, where we need to synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster topic to the target cluster, so that when the user directly switches the read and write service to the target cluster, it can be ran directly.
Public Interfaces
Add a configuration in MirrorMakerConfig.
- config name: sync.full.acl.enabled
- config definition: Whether the MirrorMaker supports disaster recovery, the default is false.
Proposed Changes
Add a config parameter: sync.full.acl.enabled
, the default is false, it will leave the current sync behavior unchanged, if set true, it will synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster replicated topics to the target cluster.
- topic write&read ACL: Filter all topic read&write Acl informations related to the topics replicated with the source cluster.
- user scram credential: Filter the user scram credential to be synchronized according to the topic acl information to be synchronized and create user in target cluster.
- group ACL: The group Acl information is obtained by filtering the user obtained above.
Compatibility, Deprecation, and Migration Plan
- What impact (if any) will there be on existing users?
- If we are changing behavior how will we phase out the older behavior?
- If we need special migration tools, describe them here.
- When will we remove the existing behavior?
Test Plan
Describe in few sentences how the KIP will be tested. We are mostly interested in system tests (since unit-tests are specific to implementation details). How will we know that the implementation works as expected? How will we know nothing broke?
Rejected Alternatives
...
There is no impact on existing behavior, and the existing behavior is not deprecated. just sync more infos when enable sync.full.acl.enabled.
Test Plan
- add unit test for extra syncing.
- actual mirror maker service to verify acl syncing when
sync.full.acl.enabled
is set to true or false.