Versions Compared

Old Version 14

changes.mady.by.user Magesh kumar Nandakumar

Saved on

compared with

New Version Current

changes.mady.by.user Randall Hauch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


Status

Current state: Voting in progress Accepted

Discussion thread: here 

Vote thread: here 

JIRA:

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyKAFKA-8265

Release: AK 2.3.0

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

...

connector.client.config.override.policy - This will be an implementation of a new interface ConnectorClientConfigOverridePolicy that will be introduced in the connect API. The default value will be `Ignore` `None` which will allow the implementation to be backward compatible

The overrides can be specified in the connector config by using the following prefixes

not allow any overrides. Since the possibility of users already having config with the proposed prefixes is very slim, backward compatibility is generally not a problem. In the very rare case where users have these in their existing configs, they would have to just remove the configs to get it working again.

The overrides can be specified in the connector config by using the following prefixes

  • `producer.`producer.override.` - Used for source connector's producer  & DLQ producer in the context of SinkConnector
  • `consumer.override.` - Used for Sink Connector
  • `admin.override.` - Used for DLQ topic create in Sink Connector ( The KIP will also allow DLQ settings to be specified in the worker using `admin` prefix to be consistent with producer & consumer)

...

The new interface will be treated as a new connect plugin and will be loaded via the plugin path mechanism. The plugins will be discovered via the Service loader mechanism similar to RestExtension and ConfigProvider.  The structure of the new interface and its request are described below:-

Code Block
languagejava
/**
 * import org.apache.kafka.common.config.ConfigValue;

/**
 * <p>An interface for enforcing a policy on overriding of client configs via the connector configs.
 *
 * <p>Common use cases are ability to provide principal per connector, <code>sasl.jaas.config</code>
 * and/or enforcing that the producer/consumer configurations for optimizations are within acceptable ranges.
 */
public interface ConnectorClientConfigOverridePolicy extends Configurable, AutoCloseable {


    /**
     * Specifies if Worker will invoke this while constructing the workerproducer shouldfor attemptthe toSourceConnectors, override theDLQ clientfor configsSinkConnectors fromand the connector. consumer for the
     * Implementation aren't requiredSinkConnectors to overridevalidate thisif methodall asof itsthe includedoverridden toclient preserveconfigurations backwardsare compatibilityallowed inper the default
     * policy implementation.
 This would also be *
invoked during the validate of *connector @returnconfigs avia booleanthe indicatingRest whetherAPI.
 the worker should attempt to*
 override the client configs from* theIf connector
there are any policy violations, */
the connector will not defaultbe boolean useOverrides() {
started.
     *
     return* true;
@param connectorClientConfigRequest an instance }

    /**of {@code ConnectorClientConfigRequest} that provides the configs to overridden and
     * This method will be invoked when {@link ConnectorClientConfigPolicy#useOverrides()} returns true.
     * Worker will invoke this while constructing the producer for the SourceConnectors,  DLQ for SinkConnectors and the consumer for the    its context; never {@code null}
     * SinkConnectors@return toList validateof ifConfig, alleach ofConfig theshould overriddenindicate clientif configurationsthey are allowed via per{@link theConfigValue#errorMessages}
     */
 policy implementation. This would also be invoked during the validate of connector configs via the Rest API.
     *List<ConfigValue> validate(ConnectorClientConfigRequest connectorClientConfigRequest);
}


Code Block
languagejava
public class ConnectorClientConfigRequest {

    private Map<String, Object> clientProps;
    private ClientType  clientType;
    private *String IfconnectorName;
 there are any policy violations, the connector will not be started. private ConnectorType connectorType;
    private Class<? extends Connector> connectorClass;

    public *ConnectorClientConfigRequest(
     * @param connectorClientConfigRequest anString instance of {@code ConnectorClientConfigRequest} that provides the configs to overridden andconnectorName,
        ConnectorType connectorType,
     *   Class<? extends Connector> connectorClass,
        Map<String, Object> clientProps,
        ClientType clientType) {
        this.clientProps =  its contextclientProps;
 never {@code null}
     *this.clientType @throws= PolicyViolationExceptionclientType;
 if any of the overridden property doesn't meet the defined policy this.connectorName = connectorName;
     */
   this.connectorType void validate(ConnectorClientConfigRequest connectorClientConfigRequest) throws PolicyViolationException;
}
Code Block
languagejava
public class ConnectorClientConfigRequest {

= connectorType;
       private Map<String, Object> clientPropsthis.connectorClass = connectorClass;
    private}

 ClientType  clientType; /**
    private String* connectorName;<pre>
    private ConnectorType* connectorType;
Provides Config with prefix private Class<? extends Connector> connectorClass;
{@code producer.override.} for {@link ConnectorType#SOURCE}.
    public ConnectorClientConfigRequest(
* Provides Config with prefix    String connectorName,{@code consumer.override.} for {@link ConnectorType#SINK}.
     * Provides Config ConnectorTypewith connectorType,
prefix {@code producer.override.} for {@link ConnectorType#SINK}   Class<? extends Connector> connectorClass,
        Map<String, Object> clientProps,
   for DLQ.
     * Provides Config with prefix {@code admin.override.} for {@link ConnectorType#SINK} for DLQ.
     ClientType clientType) {* </pre>
     *
   this.clientProps = clientProps;
* @return The client properties specified in the this.clientTypeConnector =Config clientType;
with prefix {@code producer.override.} ,
      this.connectorName = connectorName;
        this.connectorType = connectorType;
   * {@code consumer.override.} and {@code admin.override.}. The configs returned don't include these prefixes.
     */
     this.connectorClass = connectorClasspublic Map<String, Object> clientProps() {
        return clientProps;
    }

    /**
     * <pre>
     * Provides Config with prefix {@code producer.override.@link ClientType#PRODUCER} for {@link ConnectorType#SOURCE}.
     * Provides Config with prefix {@code consumer.override.@link ClientType#CONSUMER} for {@link ConnectorType#SINK}.
     * Provides{@link ConfigClientType#PRODUCER} withfor prefix {@code producer.override.} for DLQ in {@link ConnectorType#SINK} for DLQ.
     * Provides Config with prefix {@code admin.override.} for{@link ClientType#ADMIN} for DLQ  Topic Creation in {@link ConnectorType#SINK} for DLQ.
     * </pre>
     *
     * @return Theenumeration client properties specified in the Connector Config with prefix {@code producer.override.} ,specifying the client type that is being overriden by the worker; never null.
     */
 {@code consumer.override.} and {@code admin.override.}. The configs returned don't include these prefixes.
public ClientType clientType() {
        return */clientType;
    public}

 Map<String, Object> clientProps() { /**
     * Name of the returnconnector clientProps;
specified in the connector }config.

     /**
     * <pre>
@return name of the  * {@link ClientType#PRODUCER} for {@link ConnectorType#SOURCE}connector; never null.
     */
    public * {@link ClientType#CONSUMER} for {@link ConnectorType#SINK}
String connectorName() {
      * {@link ClientType#PRODUCER} for DLQ in {@link ConnectorType#SINK}
return connectorName;
    }

     /**
 {@link ClientType#ADMIN} for DLQ * TopicType Creationof in {@link ConnectorType#SINK}
     * </pre>the Connector.
     *
     * @return enumeration specifying the client type thatof isthe beingconnector overriden{@link byConnectorType#SINK} theor worker; never null{@link ConnectorType#SOURCE}.
     */
    public ClientTypeConnectorType clientTypeconnectorType() {
        return clientTypeconnectorType;
    }

    /**
     * The Nameclass of the connector specified in the connector configConnector.
     *
     * @return namethe class of the Connector being connectorcreated; never null.
     */
    public String connectorName Class<? extends Connector> connectorClass() {
        return connectorNameconnectorClass;
    }

    public enum ClientType /**{
     * Type of the Connector.
     *
     * @return enumeration specifying the type of the connector {@link ConnectorType#SINK} or {@link ConnectorType#SOURCE}.
     */
    public ConnectorType connectorType() {
        return connectorType;
    }

    /**
     * The class of the Connector.
     *
     * @return the class of the Connector being created; never null
     */
    public Class<? extends Connector> connectorClass() {
        return connectorClass;
    }

    public enum ClientType {
        PRODUCER, CONSUMER, ADMIN;
    }
}
PRODUCER, CONSUMER, ADMIN;
    }
}

The KIP The KIP introduces the following implementations of ConnectorClientConfigOverridePolicy that are outlined in the table below

IgnoreConnectorClientConfigOverridePolicyIgnoreIgnores overrides specified in the connector configuration ( current behavior). (This will be accomplished by the implementation returning `false` for `useOverrides()`) behavior.
Class NameAliasBehavior

NoneConnectorClientConfigOverridePolicy

NoneDisallows any configuration overrides. This will be the default

NoneConnectorClientConfigOverridePolicy

NoneDisallows any configuration overridespolicy.

PrincipalConnectorClientConfigOverridePolicy

Principal

Allows override of  of  "security.protocol", "sasl.jaas.config" and "sasl.mechanism" for the producer, consumer and admin prefixes.  Enables the ability to use different principal per connector.

AllConnectorClientConfigOverridePolicy

AllAllows override of all configurations for the producer, consumer and admin prefixes. 

...

The policy itself will be enforced when a user attempts to either create the connector or validate the connector.to either create the connector or validate the connector. When any of the ConfigValue has an error message

  • During validate, the response will include error and the specific configurations  that failed to meet the policy will also include the error message included in the response
  • During create/update connector, the connector will fail to start

Proposed Changes

As specified in the previous section, the design will include introducing a new worker configuration and an interface to define the override policy.

The worker would apply the policy during a create connector flow as follows if a policy is configured and useOverrides() returns true. The configurations that are being overridden will be passed without the prefixes to the policy:-

  • Constructing producer for WorkerSourceTask - invoke validate with all configs with "producer.override." prefix , ClientType=Producer, ConnectorType=Source  & override if no policy violation 
  • Constructing admin client & producer for DeadLetterQueueReporter for the DLQ topic 
    • invoke validate with all configs with "producer.override." prefix , ClientType=Producer, ConnectorType=Sink  & override if no policy violation 
    • invoke validate with all configs with "admin.override." prefix , ClientType=Admin, ConnectorType=Sink  & override if no policy violation 
  • Constructing consumer for WorkerSinkTask - invoke validate with all configs with "consumer.override." prefix , ClientType=Consumer, ConnectorType=Sink  & override if no policy violation 

The herder(AbstractHerder) will apply the policy for all overrides as follows if the policy is configured and useOverrides() returns true during the validate() flow. The configurations that are being overridden will be passed without the prefixes:-

  • If its a source connector, apply the policy on each of the connector configurations with "producer." prefix and update the ConfigInfos result ( response of the validate API)
  • If its a sink connector,
    • apply the policy on each of the connector configurations with "consumer." prefix and update the ConfigInfos result ( response of the validate API)
    • apply the policy on each of the connector configurations with "admin." prefix and update the ConfigInfos result  when DLQ is enabled( response of the validate API)

Compatibility, Deprecation, and Migration Plan, Deprecation, and Migration Plan

  • The possibility of someone having connectors with the proposed prefixes is very slim and hence backward compatibility is not really a problem. In the rare case, if a user has configurations with these prefixes, they would either have to remove the config or alter the policy to get it workingThe KIP is backward compatible since the overridden configurations are ignored by default which is the current behavior.

Rejected Alternatives

  • Override all configurations passed in the connector with the prefix 'producer.' or 'consumer.' - This doesn't provide control to the cluster administrator on what is an acceptable override.
  • Override just the "sasl.jaas.config" from the connector - This is very restrictive in terms of what it can achieve
  • Running multiple herders in the Connect cluster - This will reduce the ease of operation of a connect cluster since each connector would require a Herder to spun up within the cluster.