Hi Ismael, fair point and totally reasonable point. I added the CLI part to bring compatibility, but I can agree with not doing it right now per compatibility reasons. However, I do have a question for you: You say most of the CLI tools, is there anyone in your mind that you recall that would break if the cluster uses a TLS activated Zookeeper cluster? Only one I can probably think right now is the Zookeeper Security Migration tool, right?
If I clean the others, would you agree to move the KIP forward? -- Pere Missatge de Ismael Juma <ism...@juma.me.uk> del dia dt., 3 de set. 2019 a les 14:53: > Hi Pere, > > Thanks for the KIP. With regards to the CLI tools, most of them support > direct access to ZK for compatibility reasons and we encourage usage of the > Kafka protocol instead. I am not sure we should be extending them as > described in the KIP. What are your thoughts on that? > > Ismael > > On Thu, Aug 29, 2019 at 11:11 AM Pere Urbón Bayes <pere.ur...@gmail.com> > wrote: > >> Hi, >> this is my first KIP for a change in Apache Kafka, so I'm really need to >> the process. Looking forward to hearing from you and learn the best ropes >> here. >> >> I would like to propose this KIP-515 to enable the ZookeeperClients to >> take >> full advantage of the TLS communication in the new Zookeeper 3.5.5. >> Specially interesting it the Zookeeper Security Migration, that without >> this change will not work with TLS, disabling users to use ACLs when the >> Zookeeper cluster use TLS. >> >> link: >> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-515%3A+Enable+ZK+client+to+use+the+new+TLS+supported+authentication >> >> Looking forward to hearing from you on this, >> >> /cheers >> >> -- >> Pere Urbon-Bayes >> Software Architect >> http://www.purbon.com >> https://twitter.com/purbon >> https://www.linkedin.com/in/purbon/ >> > -- Pere Urbon-Bayes Software Architect http://www.purbon.com https://twitter.com/purbon https://www.linkedin.com/in/purbon/
