THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
Status
Current state: Under discussionAccepted - 2.6.0 contains describe and alter functionality, resolve is pending for a future release.
Discussion thread: TODO here
JIRA: KAFKA-7740
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
Quota management via Admin Client has gone through a couple drafts of proposals (KIP-248, KIP-422). While improvements have been made to the Admin interface for configuration handling, fitting quotas into the API is awkward as they don't fit the natural key-value pairing, nor is the configuration output expressive enough to return all useful information. Therefore, it'd be beneficial to have a quota-native API for managing quotas, which would offer an intuitive and less error-prone interface, convey additional information beyond what the configuration APIs provide, and enable for future extensibility as quotas types are added or evolved.
Background
By default, quotas are defined in terms of a user and client ID, where the user acts as an opaque principal name, and the client ID as a generic group identifier. When setting quotas, an administrator has flexibility in how it specifies the user and client ID for which the quota applies, where the user and client ID may be specifically named, indicated as a default, or omitted entirely. Since quotas have flexible configurations, there is a method for resolving the quotas that apply to a request: a hierarchy structure is used, where the most specific defined quota will be matched to a request's user and client ID.
...
As such, reasoning around quotas can be complex, as it's not immediately obvious which quotas may apply to a given user and/or client ID. Providing descriptive information about how quotas are matched is the first goal of this KIP. Likewise, retrieving and modifying quota values can be done in a more expressive and robust way, which is the second goal of the KIP.
APIs
In order to clearly specify the APIs, let's first disambiguate some terminology: Every client request that is processed is associated with a quota entity, which is a map of entity types to their corresponding entity names for the request. Using the current entity types, an entity is of the form {user=test-user, client-id=test-client}, where user and client-id are the types, and test-user and test-client are the names. However, when specifying a quota configuration entry, only a subset of the entity types need to be provided, which is referred to as an entity match, for example, {user=<default>}.
...
- The config-centric mode describes what is exactly specified for the configuration for the given entity match. However, it would also be useful to also be able to determine which matches have configuration values defined, so the presence of a filter is used for gathering information about the entity matches that the administrator is interested in. This is DescribeClientQuotas.
- The entity-centric mode describes what quotas apply to an entity. Note that an entity may match to various configuration entries depending on how the quotas are specified, e.g. the producer byte rate may be specified for the user, but the consumer byte rate for the client ID. Since it may not be clear how quotas were matched for an entity from the configuration, additional information should be returned to provide more context. This is DescribeEffectiveClientQuotas ResolveClientQuotas.
Altering quotas only works on a config-centric manner, and therefore doesn't need distinguishing. For a given entity match, the administrator should be able to specify which quotas apply, or alternatively remove existing quotas so they no longer match. This is AlterClientQuotas.
Units
This KIP introduces the concept of a quota unit to be applied to a quota value. Currently, only a single unit is used for quotas: bytes-per-second, however this has limitations to effective quota management. For example, since it's a global throughput value, it doesn't scale well as brokers are added or removed, and so a broker-bytes-per-second unit could be added to better manage this behavior. As units are added, the possible quota configuration entries becomes the cross product of the quota types by the quota units, which means that it'd be possible to specify bytes-per-second both on a global and per-broker basis, and quota enforcement would occur at whichever limit was hit first. Additional considerations could be made for a fair-share system, where units of shares could be configured for quotas, and when bandwidth is contested, the share count of the active entities could be used to determine their restricted throughput.
It's beyond the scope of this KIP to add new units and implement their corresponding functionality in the broker, however it must be noted for future extensibility of the APIs.
Types Rationale
While there's two defined entity types in AK, a server-side plugin mechanism allows for further expansion. Likewise, as use cases evolve, finer-grained quota control may be necessary. Therefore, entity types should not be statically bound to publicly defined constants, and instead the API should support flexible entity types by interpreting them as a String identifier. Any entity types that the broker doesn't understand should throw an IllegalArgumentException back to the client.
The quota types (producer byte rate, consumer byte rate, etc.) and units should also be given the same consideration. The possible quota applications may expand in the future, and the API shouldn't lock in which quota types are accessible. Modification of quota types/units that are unknown should also fail with error.
Since a fixed set of entity types aren't defined, an entity should be represented by a Map<String, String>, which maps an entity type to the entity name.
Public Interfaces
Admin client calls will be added to correspond to DescribeClientQuotas, DescribeEffectiveClientQuotas, and AlterClientQuotas, with supporting types defined in the common.quotas package.
Common types in package org.apache.kafka.common.quota:
The quota values are of type Double, which presents a complication in that the RPC protocol doesn't support floating point values. To accommodate this, RPC protocol message type 'double' will be added, which will serialize doubles according to the IEEE 754 floating-point "double format" bit layout.
Types Rationale
While there's two defined entity types in AK, a server-side plugin mechanism allows for further expansion. Likewise, as use cases evolve, finer-grained quota control may be necessary. Therefore, entity types should not be statically bound to publicly defined constants, and instead the API should support flexible entity types by interpreting them as a String identifier. Any entity types that the broker doesn't understand should throw an IllegalArgumentException back to the client.
The quota types (producer byte rate, consumer byte rate, etc.) should also be given the same consideration. The possible quota applications may expand in the future, and the API shouldn't lock in which quota types are accessible. Modification of quota types that are unknown should also fail with error.
Since a fixed set of entity types aren't defined, an entity should be represented by a Map<String, String>, which maps an entity type to the entity name.
Public Interfaces
Admin client calls will be added to correspond to DescribeClientQuotas, ResolveClientQuotas, and AlterClientQuotas, with supporting types defined in the common.quotas package.
Common types in package org.apache.kafka.common.quota (2.6.0)
| Code Block | ||
|---|---|---|
| ||
/**
* Describes a client quota entity, which is a mapping of entity types to their names.
*/
public class ClientQuotaEntity {
/**
* The type of an entity entry.
*/
public static final String USER = "user";
public static final String CLIENT_ID = "client-id";
/**
* Constructs a quota entity for the given types and names. If a name is null,
* then it is mapped to the built-in default entity name.
*
* @param entries maps entity type to its name
*/
public ClientQuotaEntity(Map<String, String> entries);
| ||
| Code Block | ||
| ||
/** * Describes a fully-qualified entity. */ public class QuotaEntity { /** * Type@return map of entity type anto entityits entry.name */ public enumMap<String, Type { USER, CLIENT_ID, UNKNOWN; }String> entries(); } /** * Describes a component for applying a client quota filter. */ public class ClientQuotaFilterComponent { /** * Constructs Representsand thereturns defaulta namefilter forcomponent anthat entity, i.e.exactly matches the entity that's matchedprovided entity * whenname anfor exactthe match isn't foundentity type. */ public* final@param staticentityType String QUOTA_ENTITY_NAME_DEFAULT = // implementation defined /**the entity type the filter component applies to * `entries`@param describesentityName the fully-qualified entity. Thename keythat's is a {@code Type} string, howevermatched exactly */ there may also existpublic keysstatic thatClientQuotaFilterComponent are not enumerated by {@code Type} that still apply, e.g.ofEntity(String entityType, String entityName); /** * theConstructs serverand mayreturns internallya associatefilter another type. When querying entities, it's necessarycomponent that matches the built-in default entity name * to return all quota types because quota values for these types may influence the effective * quota value. However, when altering a quota, any types that aren't specified must be able * to be inferred by the server, otherwise an error is returned. *for the entity type. * * @param entityType the entity type the filter component applies to */ public static ClientQuotaFilterComponent ofDefaultEntity(String entityType); /** * Constructs and returns a filter component that matches any specified name for the * For example, {("CLIENT_ID" -> "test-client"),entity type. * * @param entityType the entity type the filter component ("USER" -> "test-user"),applies to */ public static ("GROUP" -> "internal-group")}.ClientQuotaFilterComponent ofEntityType(String entityType); /**/ public QuotaEntity(Map<String, String> entries); } /** * Describes a quota key. * @return the component's entity type */ public class QuotaKey {String entityType(); /** * The@return quotathe types. optional match */string, where: public enum* Type { if CONSUMER_BYTE_RATEpresent, the name that's matched exactly PRODUCER_BYTE_RATE, * REQUEST_PERCENTAGE, if empty, matches the default UNKNOWN;name } * /** * Theif unitsnull, formatches aany quotaspecified value.name Note there may be multiple*/ units for a givenpublic quota typeOptional<String> match(); } /** * Describes a client *quota that influences quota behaviorentity filter. */ public enumclass UnitsClientQuotaFilter { /** RATE_BPS, * A filter to be applied to UNKNOWN; matching client quotas. } /** * @param typecomponents the components quotato filter typeon * @param unitsstrict whether the unitsfilter foronly theincludes quotaspecified typecomponents */ publicprivate QuotaKeyClientQuotaFilter(TypeCollection<ClientQuotaFilterComponent> typecomponents, Unitsboolean unitsstrict); } /** * DescribesConstructs and returns a quota entity filter. */ public class QuotaFilter { /** * A filter to be applied filter that matches all provided components. Matching entities * with entity types that are not specified by a component will also be included in the result. * * @param entityTypecomponents the entitycomponents typefor the filter applies to */ @param match the non-nullpublic stringstatic that's matched exactlyClientQuotaFilter contains(Collection<ClientQuotaFilterComponent> components); /**/ public QuotaFilter(QuotaEntity.Type entityType, String match); } |
DescribeClientQuotas:
| Code Block | ||
|---|---|---|
| ||
public class DescribeClientQuotasOptions extends AbstractOptions<DescribeClientQuotasOptions> { // Empty. } /** * The result of the {@link Admin#DescribeClientQuotas(Collection<QuotaFilter>, DescribeClientQuotasOptions)} call. */ public class DescribeClientQuotasResult { /** * Maps an entity to its configured quota value(s). Note if no value is defined for a quota* Constructs and returns a quota filter that matches all provided components. Matching entities * with entity types that are not specified by a component will *not* be included in the result. * * @param components the components for the filter */ type for that entity's config, then it is not included in the resulting value map.public static ClientQuotaFilter containsOnly(Collection<ClientQuotaFilterComponent> components); /** * Constructs and returns a *quota @paramfilter entitiesthat thematches collectionall ofconfigured entities that matched the filter. */ public DescribeClientQuotasResult(KafkaFuture<Map<QuotaEntity, Map<QuotaKey, Long>>> entitiesstatic ClientQuotaFilter all(); /** * Returns a map from quota entity to a future which can be used to check@return the status of the operation.filter's components */ public KafkaFuture<Map<QuotaEntity, Map<QuotaKey, Long>>> entitiesCollection<ClientQuotaFilterComponent> components(); } public interface Admin extends AutoCloseable { ... /** * Describes@return allwhether entitiesthe matchingfilter allis provided filters (logical AND) that have at least onestrict, i.e. only includes specified components */ quota value defined. public boolean strict(); } /** * Describes a configuration *alteration @paramto filtersbe filtersmade to applya client toquota matching entities * @param options the options to useentity. */ public class ClientQuotaAlteration { public static class Op { /** @return result containing all matching entities * @param key the quota type to alter */ DescribeClientQuotasResult DescribeClientQuotas(Collection<QuotaFilter> filters, DescribeClientQuotasOptions options); } |
DescribeEffectiveClientQuotas:
| Code Block | ||
|---|---|---|
| ||
public class DescribeEffectiveClientQuotasOptions extends AbstractOptions<DescribeEffectiveClientQuotasOptions> { * @param value if set then the existing value is updated, /** * Whether to exclude the list of overridden valuesotherwise forif everynull, quotathe typeexisting invalue theis result.cleared */ public DescribeEffectiveClientQuotasOptions setOmitOverriddenValues(boolean omitOverriddenValues public Op(String key, Double value); } /** * The result of the {@link Admin#DescribeEffectiveClientQuotas(Collection<QuotaEntity>, DescribeEffectiveClientQuotasOptions)} call. /*/* public class DescribeEffectiveClientQuotasResult { /** * @return the *quota Informationtype aboutto aalter specific quota configuration entry. */ public class Entry {String key(); /** * @return @paramif set sourcethen the entityexisting sourcevalue for the valueis updated, * @param value the non-null value otherwise if null, the existing value is cleared */ public Entry(QuotaEntity source, LongDouble value(); } /** private final ClientQuotaEntity entity; * Information aboutprivate thefinal value for a quota type.Collection<Op> ops; /**/ public class* Value@param { entity the entity whose config will be /** modified * @param entryops the alteration quotato entryperform */ *public @param overriddenEntries all values that are overridden due to being lower inClientQuotaAlteration(ClientQuotaEntity entity, Collection<Op> ops); /** * @return the entity *whose config will be modified */ public ClientQuotaEntity entity(); /** * @return specificity,the oralteration null if not requested to perform */ public Collection<Op> public Value(Entry entry, List<Entry> overriddenEntriesops(); } |
DescribeClientQuotas (2.6.0)
| Code Block | ||
|---|---|---|
| ||
public class DescribeClientQuotasOptions extends AbstractOptions<DescribeClientQuotasOptions> }{ // Empty. } /** * MapsThe aresult collection of entitiesthe to their effective quota values{@link Admin#describeClientQuotas(Collection, DescribeClientQuotasOptions)} call. */ public class DescribeClientQuotasResult *{ /** @param config the quota configuration* forMaps thean requestedentity entities to its configured quota */ public DescribeEffectiveClientQuotasResult(Map<QuotaEntity, KafkaFuture<Map<QuotaKey, Value>>> config); value(s). Note if no value is defined for a quota /** type for that * Returns a map from quota entity to a future which can be used to check the status of the operation.entity's config, then it is not included in the resulting value map. * * @param entities future for the collection of entities that matched the filter */ public Map<QuotaEntityDescribeClientQuotasResult(KafkaFuture<Map<ClientQuotaEntity, KafkaFuture<Map<QuotaKeyMap<String, Value>>>Double>>> config(entities); /** * Returns a map from quota entity to a future which succeeds only if all quota descriptions succeed can be used to check the status of the operation. */ public KafkaFuture<Void> allKafkaFuture<Map<ClientQuotaEntity, Map<String, Double>>> entities(); } public interface Admin extends AutoCloseable { ... /** * Describes all entities matching the effective quotas for the provided entities. provided filter that have at least one client quota configuration * value defined. * @param<p> entities the entities to describe* theThe effectivefollowing quotasexceptions for can be anticipated when calling * @param options{@code get()} on the optionsfuture tofrom usethe * @returnreturned the effective quotas for the entities{@link DescribeClientQuotasResult}: */ <ul> DescribeEffectiveClientQuotasResult* DescribeEffectiveClientQuotas(Collection<QuotaEntity> entities, DescribeEffectiveClientQuotasOptions options); } |
AlterClientQuotas
| Code Block | ||||
|---|---|---|---|---|
| ||||
public class AlterClientQuotasEntry { public class Op { /** <li>{@link org.apache.kafka.common.errors.ClusterAuthorizationException} * If the authenticated user didn't have describe access to the cluster.</li> * <li>{@link org.apache.kafka.common.errors.InvalidRequestException} * @param keyIf the request quotadetails typeare and units to alter invalid. e.g., an invalid entity type was specified.</li> * @param value if set then the existing value is updated,<li>{@link org.apache.kafka.common.errors.TimeoutException} * If *the request timed out before the describe could finish.</li> * otherwise</ul> if null, the existing value* is cleared<p> */ This operation is supported by brokers with public Op(QuotaKey key, Long value);version 2.6.0 or higher. } /** * @param entityfilter the entityfilter whoseto configapply willto bematch modifiedentities * @param opsoptions the alterationoptions to perform - if value is set, then the existing value is updated,use * @return the otherwise if null, the existing value is clearedDescribeClientQuotasResult containing the result */ publicDescribeClientQuotasResult AlterClientQuotasEntrydescribeClientQuotas(QuotaEntityClientQuotaFilter entityfilter, Collection<Op>DescribeClientQuotasOptions opsoptions); } |
ResolveClientQuotas (pending future release)
| Code Block | ||
|---|---|---|
| ||
public class AlterClientQuotasOptionsResolveClientQuotasOptions extends AbstractOptions<AlterClientQuotasOptions>AbstractOptions<ResolveClientQuotasOptions> { // Empty. } /** * The result of the {@link Admin#resolveClientQuotas(Collection, ResolveClientQuotasOptions)} call. */ public class ResolveClientQuotasResult { /** Sets whether the request* shouldInformation beabout validateda withoutspecific alteringquota theconfiguration configsentry. */ public AlterClientQuotasOptionsclass validateOnly(boolean validateOnly); } /** * The result of the {@link Admin#AlterClientQuotas(Collection<AlterClientQuotasEntry>, AlterClientQuotasOptions)} call. * * The API of this class is evolving, see {@link Admin} for details. */ public class AlterClientQuotasResult { public AlterClientQuotasResult(Map<QuotaEntity, KafkaFuture<Void>> futures); /** * Returns a map from quota entity to a future which can be used to check the status of the operation. */ public Map<QuotaEntity, KafkaFuture<Void>> values();Entry { /** * @param source the entity source for the value * @param value the non-null value */ public Entry(QuotaEntity source, Double value); } /** * ReturnsInformation aabout futurethe whichvalue succeeds only if allfor a quota alterations succeedtype. */ * public KafkaFuture<Void> all(); } public interface Admin extends AutoCloseable { ... NOTE: We maintain a `Value` class because additional information may be added, e.g., /** * Alters thea quotaslist asof specified foroverridden the entries. */ public *class @paramValue alterations{ the alterations to perform /** @return the result of the alterations */ @param entry the AlterClientQuotasResult AlterClientQuotas(Collection<AlterClientQuotasEntry> entries, AlterClientQuotasOptions options); } |
kafka-client-quotas.sh/ClientQuotasCommand:
A ClientQuotasCommand would be constructed with an associated bin/kafka-client-quotas.sh script for managing quotas via command line, and would have three modes of operation, roughly correlating to each of the API calls:
- List: Lists the quota entities for the given entity specification and their corresponding quota values, as explicitly specified in the configuration. The user may provide explicit entity types+names, or a pattern to apply to an entity type find matching entity names. If an entity type is omitted from the input, it is treated as a wildcard.
- Describe: Describes the effective quotas for an entity, including contextual information about how those quotas were derived. This includes what configuration entries matched to the entity and, if requested, the overridden, less-specific matches for the entity.
- Alter: Modifies a quota configuration entry in an incremental manner, i.e. specify which entries to add, update, and/or remove.
Flags
Various flags will be used to accomplish these operations.
Common flags:--bootstrap-server: The standard bootstrap server.--command-config: Property file for the Admin client.
Operations (mutually exclusive):--list: Lists the entities that match the given specification, and prints out their configuration values.--describe: Describes the effective quota values for an entity.--alter: Alters the configuration for the given specification.
Entity specification flags (common to all):--names: Comma-separated list of type=name pairs, e.g. "user=some-user,client-id=some-client-id"--defaults: Comma-separated list of entity types with the default name, e.g. "defaults=user,client-id" (Note a separate flag is necessary since names are opaque.)
Exclusive to --list:--prefix: Comma-separated prefix=name pairs, e.g. "user=test-".
Exclusive to --describe:--show-overridden: Whether to include overridden config entries.
Exclusive to --alter:--add: Comma-separated list of entries to add or update to the configuration, in format "name:unit=value".--delete: Comma-separated list of entries to remove from the configuration, in format "name:unit".--validate-only: If set, validates the alteration but doesn't perform it.
Input
When specifying configuration entries, the form: quota-name[:quota-unit][=quota-value] is used. For convenience, if no quota unit is specified, then the historical default RATE_BPS is used.
Output
In general, the output of the entities will be of the form: {entity-type=entity-name, ...}, where entity-name is sanitized for output since it is an opaque string. When displaying configuration values, the form: quota-name:quota-unit=quota-value.
List:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --list \
--names=client-id=my-client
{user=user-two, client-id=my-client}
consumer_byte_rate:shares=200
producer_byte_rate:bps=10000000
{user=user-one, client-id=my-client}
producer_byte_rate:broker_bps=2000000
{user=<default>, client-id=my-client}
consumer_byte_rate:shares=100
producer_byte_rate:broker_bps=500000
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --list \
--prefix=user=user-
{user=user-two, client-id=my-client}
consumer_byte_rate:shares=200
producer_byte_rate:bps=10000000
{user=user-one, client-id=my-client}
producer_byte_rate:broker_bps=2000000 |
Describe:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=user=user-one,client-id=my-client
consumer_byte_rate:shares=200 {user=user-one, client-id=my-client}
producer_byte_rate:bps=10000000 {user=user-one, client-id=my-client}
producer_byte_rate:broker_bps=500000 {user=<default>, client-id=my-client}
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=user=user-two,client-id=my-client \
--show-overridden
consumer_byte_rate:shares=100 {user=<default>, client-id=my-client}
producer_byte_rate:broker_bps=2000000 {user=user-two, client-id=my-client}
*producer_byte_rate:broker_bps=500000 {user=<default>, client-id=my-client}
|
Alter:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=client-id=my-client --defaults=user \
--add=producer_byte_rate:shares=100 \
--delete=producer_byte_rate:broker_bps
<no output on success>
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --list \
--names=client-id=my-client --defaults=user
{user=<default>, client-id=my-client}
consumer_byte_rate:shares=100
producer_byte_rate:shares=100 |
...
quota entry
*/
public Value(Entry entry);
}
/**
* Maps a collection of entities to their resolved quota values.
*
* @param config the quota configuration for the requested entities
*/
public ResolveClientQuotasResult(Map<QuotaEntity, KafkaFuture<Map<String, Value>>> config);
/**
* Returns a map from quota entity to a future which can be used to check the status of the operation.
*/
public Map<QuotaEntity, KafkaFuture<Map<String, Value>>> config();
/**
* Returns a future which succeeds only if all quota descriptions succeed.
*/
public KafkaFuture<Void> all();
}
public interface Admin extends AutoCloseable {
...
/**
* Resolves the effective quota values for the provided entities.
*
* @param entities the entities to describe the resolved quotas for
* @param options the options to use
* @return the resolved quotas for the entities
*/
ResolveClientQuotasResult resolveClientQuotas(Collection<QuotaEntity> entities, ResolveClientQuotasOptions options);
} |
AlterClientQuotas (2.6.0)
| Code Block | ||||
|---|---|---|---|---|
| ||||
/**
* Options for {@link Admin#alterClientQuotas(Collection, AlterClientQuotasOptions)}.
*
* The API of this class is evolving, see {@link Admin} for details.
*/
public class AlterClientQuotasOptions extends AbstractOptions<AlterClientQuotasOptions> {
/**
* Returns whether the request should be validated without altering the configs.
*/
public boolean validateOnly();
/**
* Sets whether the request should be validated without altering the configs.
*/
public AlterClientQuotasOptions validateOnly(boolean validateOnly);
}
/**
* The result of the {@link Admin#alterClientQuotas(Collection, AlterClientQuotasOptions)} call.
*
* The API of this class is evolving, see {@link Admin} for details.
*/
@InterfaceStability.Evolving
public class AlterClientQuotasResult {
/**
* Maps an entity to its alteration result.
*
* @param futures maps entity to its alteration result
*/
public AlterClientQuotasResult(Map<ClientQuotaEntity, KafkaFuture<Void>> futures);
/**
* Returns a map from quota entity to a future which can be used to check the status of the operation.
*/
public Map<ClientQuotaEntity, KafkaFuture<Void>> values();
/**
* Returns a future which succeeds only if all quota alterations succeed.
*/
public KafkaFuture<Void> all();
}
public interface Admin extends AutoCloseable {
...
/**
* Alters client quota configurations with the specified alterations.
* <p>
* Alterations for a single entity are atomic, but across entities is not guaranteed. The resulting
* per-entity error code should be evaluated to resolve the success or failure of all updates.
* <p>
* The following exceptions can be anticipated when calling {@code get()} on the futures obtained from
* the returned {@link AlterClientQuotasResult}:
* <ul>
* <li>{@link org.apache.kafka.common.errors.ClusterAuthorizationException}
* If the authenticated user didn't have alter access to the cluster.</li>
* <li>{@link org.apache.kafka.common.errors.InvalidRequestException}
* If the request details are invalid. e.g., a configuration key was specified more than once for an entity.</li>
* <li>{@link org.apache.kafka.common.errors.TimeoutException}
* If the request timed out before the alterations could finish. It cannot be guaranteed whether the update
* succeed or not.</li>
* </ul>
* <p>
* This operation is supported by brokers with version 2.6.0 or higher.
*
* @param entries the alterations to perform
* @return the AlterClientQuotasResult containing the result
*/
AlterClientQuotasResult alterClientQuotas(Collection<ClientQuotaAlteration> entries, AlterClientQuotasOptions options);
} |
kafka-configs.sh/ConfigCommand (2.6.0)
As a result of introducing the APIs, the ConfigCommand will be updated to support the users and clients entity types when using the --bootstrap-server option. The modification to ConfigCommand was adopted in KIP-543, and usage will remain unchanged from the original --zookeeper functionality.
kafka-client-quotas.sh/ClientQuotasCommand (pending future release)
A ClientQuotasCommand would be constructed with an associated bin/kafka-client-quotas.sh script for managing quotas via command line, and would have three modes of operation, roughly correlating to each of the API calls:
- Describe: Describes the quota entities for the given entity specification and their corresponding quota values, as explicitly specified in the configuration. The user may provide explicit entity types+names, or a pattern to apply to an entity type find matching entity names. If an entity type is omitted from the input, it is treated as a wildcard.
- Resolve: Resolves the effective quotas for an entity, including contextual information about how those quotas were derived. This includes what configuration entries matched to the entity.
- Alter: Modifies a quota configuration entry in an incremental manner, i.e. specify which entries to add, update, and/or remove.
Flags
Various flags will be used to accomplish these operations.
Common flags:--bootstrap-server: The standard bootstrap server.--command-config: Property file for the Admin client.
Operations (mutually exclusive):--describe: Describes the entities that match the given specification, and prints out their configuration values.--resolve: Resolves the effective quota values for an entity.--alter: Alters the configuration for the given specification.
Entity specification flags (common to all):--names: Comma-separated list of type=name pairs, e.g. "user=some-user,client-id=some-client-id"--defaults: Comma-separated list of entity types with the default name, e.g. "defaults=user,client-id" (Note a separate flag is necessary since names are opaque.)
Exclusive to --describe: None.
Exclusive to --resolve: None.
Exclusive to --alter:--add: Comma-separated list of entries to add or update to the configuration, in format "name=value".--delete: Comma-separated list of entries to remove from the configuration, in format "name".--validate-only: If set, validates the alteration but doesn't perform it.
Input
When specifying configuration entries, the form: quota-name[=quota-value] is used.
Output
In general, the output of the entities will be of the form: {entity-type=entity-name, ...}, where entity-name is sanitized for output since it is an opaque string. When displaying configuration values, the form: quota-name=quota-value.
Describe:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=client-id=my-client
{user=user-one, client-id=my-client}
consumer_byte_rate=4000000
producer_byte_rate=1000000
{user=user-two, client-id=my-client}
producer_byte_rate=2000000
{user=<default>, client-id=my-client}
consumer_byte_rate=1000000
producer_byte_rate=500000 |
Resolve:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --resolve \
--names=user=user-two,client-id=my-client
consumer_byte_rate=2000000 {user=user-two, client-id=my-client}
producer_byte_rate=500000 {user=<default>, client-id=my-client} |
Alter:
| Code Block |
|---|
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --alter \
--names=client-id=my-client --defaults=user \
--add=consumer_byte_rate=2000000 \
--delete=producer_byte_rate
<no output on success>
$./bin/kafka-client-quotas.sh --bootstrap-server localhost:9092 --describe \
--names=client-id=my-client --defaults=user
{user=<default>, client-id=my-client}
consumer_byte_rate=2000000 |
Proposed Changes
In addition to the API changes above, the following write protocol would be implemented:
DescribeClientQuotas (2.6.0)
| Code Block |
|---|
{
"apiKey": 48,
"type": "request |
In addition to the API changes above, the following write protocol would be implemented:
DescribeClientQuotas:
| Code Block |
|---|
{
"apiKey": 48,
"type": "request",
"name": "DescribeClientQuotasRequest",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "Filter", "type": "[]QuotaFilterData", "versions": "0+",
"about": "Filters to apply to quota entities.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type that the filter applies to." },
{ "name": "Match", "type": "string", "versions": "0+",
"about": "The string to match against." }
]}
]
}
{
"apiKey": 48,
"type": "response",
"name": "DescribeClientQuotasResponse",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "ThrottleTimeMs", "type": "int32", "versions": "0+",
"about": "The duration in milliseconds for which the request was throttled due to a quota violation, or zero if the request did not violate any quota." },
{ "name": "Entry", "type": "[]EntryData", "versions": "0+",
"about": "A result entry.", "fields": [
{ "name": "ErrorCode", "type": "int16", "versions": "0+",
"about": "The error code, or `0` if the quota description succeeded." },
{ "name": "ErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The error message, or `null` if the quota description succeeded." },
{ "name": "Entity", "type": "[]QuotaEntityData", "versions": "0+",
"about": "The quota entity description.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The entity name." }
]},
{ "name": "Type", "type": "string", "versions": "0+",
"about": "The quota type." },
{ "name": "Units", "type": "string", "versions": "0+",
"about": "The units for the value." },
{ "name": "Value", "type": "int64", "versions": "0+",
"about": "The quota value." }
]}
]
}
|
DescribeEffectiveClientQuotas:
| Code Block |
|---|
{ "apiKey": 49, "type": "request", "name": "DescribeEffectiveClientQuotasRequest", "validVersions": "0", "flexibleVersions": "none", "fields": [ { "name": "Entity", "type": "[]QuotaEntityData", "versions": "0+", "about": "The quota entity description.", "fields": [ { "name": "EntityType", "type": "string", "versions": "0+", "about": "The entity type." }, { "name": "EntityName", "type": "string", "versions": "0+", "about": "The entity name." } ]}, { "name": "OmitOverriddenValues", "type": "bool", "versions": "0+", "about": "Whether to exclude the list of overridden values for every quota type." } ] } { "apiKey": 49, "type": "response", "name": "DescribeEffectiveClientQuotasResponseDescribeClientQuotasRequest", "validVersions": "0", "flexibleVersions": "none", "fields": [ { "name": "ThrottleTimeMsComponents", "type": "int32[]ComponentData", "versions": "0+", "about": "TheFilter durationcomponents into millisecondsapply forto which the request was throttled due to a quota violation, or zero if the request did not violate any quota." }, quota entities.", "fields": [ { "name": "EntryEntityType", "type": "[]QuotaEntryDatastring", "versions": "0+", "about": "Effective quota entries.", "fields": [The entity type that the filter component applies to." }, { "name": "ErrorCodeMatchType", "type": "int16int8", "versions": "0+", "about": "TheHow errorto code,match orthe `0`entity if{0 the= effectiveexact quotaname, description succeeded1 = default name, 2 = any specified name}." }, { "name": "ErrorMessageMatch", "type": "string", "versions": "0+", "nullableVersions": "0+", "about": "The error messagestring to match against, or `null`null if theunused effectivefor quotathe descriptionmatch succeededtype." }, ]}, { "name": "QuotaEntityStrict", "type": "[]QuotaEntitybool", "versions": "0+", "about": "Effective quota entries.", "fields": [ { "name": "EntityType", Whether the match is strict, i.e. should exclude entities with unspecified entity types." } ] } { "apiKey": 48, "type": "stringresponse", "versionsname": "0+DescribeClientQuotasResponse", "validVersions": "0", "aboutflexibleVersions": "The entity type." }none", "fields": [ { "name": "EntityNameThrottleTimeMs", "type": "stringint32", "versions": "0+", "about": "The entity name." } ] duration in milliseconds for which the request was throttled due to a quota violation, or zero if the request did not violate any quota." }, { "name": "QuotaValuesErrorCode", "type": "[]QuotaValueDataint16", "versions": "0+", "about": "QuotaThe configurationerror values.", "fields": [ code, or `0` if the quota description succeeded." }, { "name": "TypeErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+", "about": "The error message, or `null` if the quota description typesucceeded." }, { "name": "UnitsEntries", "type": "string[]EntryData", "versions": "0+", "nullableVersions": "0+", "about": "TheA units for the quota typeresult entry." }, "fields": [ { "name": "EntryEntity", "type": "[]ValueEntryDataEntityData", "versions": "0+", "about": "QuotaThe valuequota entity entriesdescription.", "fields": [ { "name": "QuotaEntityEntityType", "type": "[]ValueQuotaEntitystring", "versions": "0+", "about": "EffectiveThe quotaentity entriestype.", "fields": [ }, { "name": "EntityTypeEntityName", "type": "string", "versions": "0+", "nullableVersions": "0+", "about": "The entity type name, or null if the default." }, ]}, { "name": "EntityNameValues", "type": "string[]ValueData", "versions": "0+", "about": "The quota values for the entity name." }.", "fields": [ { ]}, "name": "Key", "type": "string", "versions": "0+", "about": "The quota configuration key." }, { "name": "Value", "type": "int64float64", "versions": "0+", "about": "The quota configuration value." } ]} ]} ]} ] } |
...
ResolveClientQuotas (pending future release)
| Code Block |
|---|
{
"apiKey": 50,
"type": "request",
"name": "AlterClientQuotasRequestResolveClientQuotasRequest",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "EntryEntity", "type": "[]EntryDataQuotaEntityData", "versions": "0+",
"about": "The quota configuration entries to alterentity description.", "fields": [
{ "name": "QuotaEntity", "type": "[]QuotaEntity", "versions": "0+",
"about": "The quota entity to alter.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+", { "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The entity name." }
]}
]
}
{
"apiKey": 50,
"type": "response",
"name": "ResolveClientQuotasResponse",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "ThrottleTimeMs", "type": "int32", "versions": "0+",
"about": "The duration in milliseconds for which the request was throttled due to a quota violation, or zero if the request did not violate any quota." },
{ "name": "Entry", "type": "[]QuotaEntryData", "versions": "0+",
"about": "Resolved quota entries.", "fields": [
{ "name": "ErrorCode", "type": "int16", "versions": "0+",
"about": "The error code, or `0` if the resolved quota description succeeded." },
{ "name": "ErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The error message, or `null` if the resolved quota description succeeded." },
{ "name": "QuotaEntity", "type": "[]QuotaEntity", "versions": "0+",
"about": "Resolved quota entries.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The entity name." }
]},
{ "name": "QuotaValues", "type": "[]QuotaValueData", "versions": "0+",
"about": "Quota configuration values.", "fields": [
{ "name": "Type", "type": "string", "versions": "0+",
"about": "The quota type." },
{ "name": "Entry", "type": "[]ValueEntryData", "versions": "0+",
"about": "Quota value entries.", "fields": [
{ "name": "QuotaEntity", "type": "[]ValueQuotaEntity", "versions": "0+",
"about": "Resolved quota entries.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+",
"about": "The entity name." }
]},
{ "name": "Value", "type": "double", "versions": "0+",
"about": "The quota configuration value." }
]}
]}
]}
]
}
|
AlterClientQuotas (2.6.0)
| Code Block |
|---|
{
"apiKey": 49,
"type": "request",
"name": "AlterClientQuotasRequest",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "Entries", "type": "[]EntryData", "versions": "0+",
"about": "The quota configuration entries to alter.", "fields": [
{ "name": "Entity", "type": "[]EntityData", "versions": "0+",
"about": "The quota entity to alter.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The name of the entity, or null if the default." }
]},
{ "name": "Ops", "type": "[]OpData", "versions": "0+",
"about": "An individual quota configuration entry to alter.", "fields": [
{ "name": "Key", "type": "string", "versions": "0+",
"about": "The quota configuration key." },
{ "name": "Value", "type": "float64", "versions": "0+",
"about": "The value to set, otherwise ignored if the value is to be removed." },
{ "name": "Remove", "type": "bool", "versions": "0+",
"about": "Whether the quota configuration value should be removed, otherwise set." }
]}
]},
{ "name": "ValidateOnly", "type": "bool", "versions": "0+",
"about": "Whether the alteration should be validated, but not performed." }
]
}
{
"apiKey": 49,
"type": "response",
"name": "AlterClientQuotasResponse",
"validVersions": "0",
"flexibleVersions": "none",
"fields": [
{ "name": "ThrottleTimeMs", "type": "int32", "versions": "0+",
"about": "The duration in milliseconds for which the request was throttled due to a quota violation, or zero if the request did not violate any quota." },
{ "name": "Entries", "type": "[]EntryData", "versions": "0+",
"about": "The quota configuration entries to alter.", "fields": [
{ "name": "ErrorCode", "type": "int16", "versions": "0+",
"about": "The error code, or `0` if the quota alteration succeeded." },
{ "name": "ErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The error message, or `null` if the quota alteration succeeded." },
{ "name": "Entity", "type": "[]EntityData", "versions": "0+",
"about": "The quota entity to alter.", "fields": [
{ "name": "EntityType", "type": "string", "versions": "0+",
"about": "The entity type." },
{ "name": "EntityName", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The name of the entity, or null if the default." }
]}
]}
]
} |
Kafka RPC 'double' support (2.6.0)
Note that, while the ByteBuffer natively supports serializing a Double, the format in which the value is serialized is not strongly specified, so the preference is to explicitly ensure a standard representation of double-precision 64-bit IEEE 754 format. This is achieved in Java using Double.doubleToRawLongBits() and Double.longBitsToDouble() and should be easily portable to other languages.
| Code Block | ||
|---|---|---|
| ||
/** * Read a double-precision 64-bit format IEEE 754 value. * * @param buffer The buffer to read from * @return The long value read */ public static double readDouble(ByteBuffer buffer) { return "about": "The name of the entity." }Double.longBitsToDouble(buffer.getLong()); } /** ]}, { "name": "Op", "type": "[]OpData", "versions": "0+", "about": "An individual quota configuration entry to alter.", "fields": [* Write the given double following the double-precision 64-bit format IEEE 754 value into the buffer. * * @param value The value to write * @param buffer { "name": "Type", "type": "string", "versions": "0+", The buffer to write to */ public static "about": "The quota type." },void writeDouble(double value, ByteBuffer buffer) { buffer.putLong(Double.doubleToRawLongBits(value)); } |
The protocol type definition:
| Code Block | ||
|---|---|---|
| ||
public static final DocumentedType DOUBLE = new DocumentedType() { @Override{ "name": "Units", "type": "string", "versions": "0+", "about": "The units for the quota type." }, public { "name": "Value", "type": "int64", "versions": "0+",void write(ByteBuffer buffer, Object o) { "about": "The value to set, otherwise ignored if the value is to be removed." }, ByteUtils.writeDouble((Double) o, buffer); } { "name": "Remove", "type": "bool", "versions": "0+", @Override public Object read(ByteBuffer buffer) { "about": "Whether the quota configuration value should be removed, otherwisereturn set." } ByteUtils.readDouble(buffer); ]} ]},@Override { "name": "ValidateOnly", "type": "bool", "versions": "0+", public int sizeOf(Object o) { "about": "Whether the alteration should be validated, but not performed." }return 8; ] } { "apiKey": 50, "type": "response", } "name": "AlterClientQuotasResponse", "validVersions": "0", "flexibleVersions": "none", "fields": [ { "name": "ThrottleTimeMs", "type": "int32", "versions": "0+", @Override public String typeName() { return "aboutDOUBLE":; "The duration in milliseconds for which the request} was throttled due to a quota violation, or zero@Override if the request did not violate any quota." }, { "name": "Entry", "type": "[]EntryData", "versions": "0+", public Double validate(Object item) { "about": "The quota configuration entries to alter.", "fields": [ if (item instanceof Double) { "name": "ErrorCode", "type": "int16", "versions": "0+", return (Double) item; "about": "The error code, orelse `0` if the quota alteration succeeded." }, { "name": "ErrorMessage", "type": "string", "versions": "0+", "nullableVersions": "0+", throw new SchemaException(item + " is not a Double."); } "about": "The error message, or `null` if the quota alteration succeeded." }, @Override public String documentation() { { "name": "QuotaEntity", "type": "[]QuotaEntity", "versions": "0+", "about": "The quota entity to alter.", "fields": [ return "Represents a double-precision 64-bit format IEEE 754 value. " + { "name": "EntityType", "type": "string", "versions": "0+", "about": "The entity type." }, { "name": "EntityName", "type": "string", "versions": "0+", "about": "The name of the entity." } ]} ]} ] }The values are encoded using eight bytes in network byte order (big-endian)."; } }; |
In generator/src/main/java/org/apache/kafka/message/MessageGenerator.java, the following operations will be used (code omitted for brevity):
| Code Block | ||
|---|---|---|
| ||
Hash code: Double.hashCode(value)
Empty value: (double) 0
Parsing a default value string: Double.parseDouble(defaultValue) |
Compatibility, Deprecation, and Migration Plan
All changes would be are forward-compatible, and no migration plan is necessary. It's outside the scope of this KIP to deprecate any functionality.
Rejected Alternatives
- Use existing describeConfigs/incrementalAlterConfigs for quota functionality. This falls short for a couple reasons. First, quotas entity names are more dynamic than brokers and tasks which makes them awkward to fit into generic tools which expect a single unique, distinct key, e.g. ConfigCommand. Second, there's no tool that expresses a way to get the effective quota resolved quota for an entity without some heavy engineering on the client side, which lacks extensibility and is more expensive to perform, especially over large collection of entities. Therefore, it makes sense to approach quotas as a standalone set of APIs that provide more targeted information and can properly support future extensibility.
...