On Tue, Dec 14, 2021, at 10:13, David Arthur wrote:
> Thanks for the KIP, Colin!
>
> 4) For the various "Type" fields in the AccessControlEntityRecord, is it
> worth explicitly enumerating the allowed types in the KIP? E.g.,
> PermissionType = {Any, Deny, Allow}. If these are listed out in another
> KIP, maybe we can just reference that.
>Hi David, Good question. The values should be the same as those used in the ACL RPCs (CreateAclsRequest, etc.) I will include this information in the KIP. > 5) You mention "StandardAuthorizer must load all the records atomically as > a group" when loading from a snapshot. I was under the impression that > snapshot loads were already effectively atomic operations. That is, we > recalculate the whole MetadataImage from the snapshot and publish it to > components. Can you clarify what you mean here? Is this to do with how > StandardAuthorizer handles the published metadata? > Snapshots are still replayed one record at a time, though. I was pointing out that we don't want to do this for ACLs since we want to encounter only valid states. > 6) When we handle Create/Delete ACL RPCs on the controller, I think > the operations should be written as atomic batches to the metadata log. > Should we mention this here? Hmm... I'm not sure if batching has an impact since these are single records. I hope I'm not issing something. best, Colin > > Thanks! > David > > > > > > > > On Tue, Dec 14, 2021 at 11:27 AM José Armando García Sancio > <jsan...@confluent.io.invalid> wrote: > >> Thanks for the additional information Colin. >> >> On Mon, Dec 13, 2021 at 4:43 PM Colin McCabe <cmcc...@apache.org> wrote: >> > >> > Hi José, >> > >> > I think these are good questions. We have a few situations like this >> where there is something brokers have to know before they can contact the >> controller quorum -- or something controllers have to know before they can >> accept broker connections. Basically, the bootstrapping problem. >> > >> > Offhand, I can think of a few scenarios like this: >> > 1. If you need certain ACLs to be present, you need a way of setting >> those up on the controller before starting the controller quorum for the >> first time. >> > 2. If you are using SCRAM for the broker user, you need some way of >> setting that up before starting up the cluster for the first time. >> > 3. If you are using KIP-226 dynamic broker configurations to configure >> the SSL settings for the connection to the controller, you need a way of >> setting those up before starting the broker. >> >> It sounds to me like KIP-801 is assuming that this "bootstrapping KIP" >> will at least generate a snapshot with this information in all of the >> controllers. I would like to understand this a bit better. Do you >> think that we need to write this "bootstrapping KIP" as soon as >> possible? >> >> Thanks >> -José >> > > > -- > -David
