THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Examples of affected async runtimes are Kotlin co-routines (see KAFKA-7143) and Zio.
Public Interfaces
Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.
A public interface is any change to the following:
Binary log format
The network protocol and api behavior
Any class in the public packages under clientsConfiguration, especially client configuration
org/apache/kafka/common/serialization
org/apache/kafka/common
org/apache/kafka/common/errors
org/apache/kafka/clients/producer
org/apache/kafka/clients/consumer (eventually, once stable)
Monitoring
Command line tools and arguments
- Anything else that will likely break existing users in some way when they upgrade
Proposed Changes
Two new method will be added to org.apache.kafka.clients.consumer.KafkaConsumer.
Proposed Changes
In this PR we replace the thread-id check with an access-key that is stored on a thread-local variable and is also put on a stack of access keys stored in the consumer. Developers that work in an async runtime can get the access-key and then use it on the thread-local variable in a thread of their choosing.
The consumer maintains a stack of access keys so that invocations from a callback within a callback are possible. The top of the stack corresponds to the most recent invocation. An empty stack means that the consumer was not yet invoked.
When acquire is invoked, we first check if access is restricted. It is restricted when the access-key stack is not empty. If it is not empty, the thread-local variable must be equal to the value on the top of the stack. If it is empty, any thread may continue. After this check, we generate a new access-key that can be used inside callbacks. This new access key is pushed on the stack and also stored in the thread-local variable.
When after this, the consumer calls a callback, the callback must be able to invoke the consumer again. This is allowed because the thread-local variable corresponds to the top of the stack. Therefore, code that is not aware of this KIP (all programs in existence till now) will continue to work as before.
The callback may now chose to access the thread-local variable, and store the access key on the local-variable of another thread, thereby allowing that thread to access the consumer. Because acquire immediately and atomically stores a new access key, it is not possible for multiple threads to use a valid access key concurrently.
When release is invoked, we first validate that the top of the stack is equal to the thread-local variable. If it is not equal, it means that another nested invocations must end first. After the check we pop the top value of the access-key stack, and then copy the new top of the stack to the thread-local variable, or if the stack is now empty we clear the thread-local variable.
Details
The access keys must be sufficiently random so that they cannot be guessed.
When a check fails, we throw a ConcurrentModificationException similarly to current behavior of the consumerDescribe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.
Compatibility, Deprecation, and Migration Plan
- What impact (if any) will there be on existing users?
- If we are changing behavior how will we phase out the older behavior?
- If we need special migration tools, describe them here.
- When will we remove the existing behavior?
Test Plan
Describe in few sentences how the KIP will be tested. We are mostly interested in system tests (since unit-tests are specific to implementation details). How will we know that the implementation works as expected? How will we know nothing broke?
Rejected Alternatives
For existing-users (almost) nothing changes. The only change is when the program calls the consumer from the wrong thread: the message of the ConcurrentModificationException no longer contains the expected thread id.
There is no need to deprecate anything. No migration is needed.
Test Plan
INPUT NEEDED
As far as the author is aware, there are currently no (integration) tests that test the thread-id check. If there would be, these should continue to pass. In addition, they could be extended to support the additional behavior.
Rejected Alternatives
Alternative: add a configuration to disable the thread-id check
Disabling the thread-id check based on configuration would be a very easy change for us. However, without the check it will become very easy to use the consumer wrong, especially from multi-threaded asynchronous runtimesIf there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.