Hi Steven, Because of the change in KIP numbers, the KIP numbers above are misleading. The subject says of the discussion thread says KIP-552 and the link says KIP-553. But it is actually none of those since the KIP is now KIP-565.
A couple of questions regarding the KIP: 1) Do we bound the number of entries in the cache? At the moment, it looks like we add every resource to the cache and only remove entries when ACLs are updated. I think we also need to limit the number of entries we cache. Otherwise, in a deployment with changing resource access (short-lived topics, some hosts that access topics for a short time etc.) the cache would keep growing unless there are ACL changes. 2) Will caching be optional for AclAuthorizer? 3) Why do we have a separate CachedAuthorizer if AclAuthorizer is going to extend that? On Sat, Jan 18, 2020 at 11:02 PM Steven Lu <lushiji2...@gmail.com> wrote: > Hello all, > > I wrote a KIP about adding the new cached authorizer,this improvement can > reduce greatly the CPU usage in the long run. > Please take a look: > https://cwiki.apache.org/confluence/display/KAFKA/KIP-553%3A+Using+AclCommand%2Cavoid+call+the+global+method+loadcache+in+SimpleAclAuthorizer > > Thanks, > Steven >
