Hi Omnia, Thanks for those answers. I'm a bit confused by the changes you've made for 1 though. It's MM2 that's going to instantiate the class named in forwarding.admin.class, so it's MM2 that needs to know the constructor signature. The easiest way of doing this is to specify the signature as part of the contract for forwarding.admin.class. But ForwardingAdmin now has two constructors, which is confusing for someone who wants to subclass it. Surely only one is needed? It would also be a good idea to show the documentation that forward.admin.class will have.
Kind regards, Tom On Tue, 21 Jun 2022 at 17:06, Omnia Ibrahim <o.g.h.ibra...@gmail.com> wrote: > Hi Tom > > > 1. I assume there's an undocumented requirement in the KIP that whatever > > class is named for forwarding.admin.class it has a public single argument > > constructor that takes an Admin instance? > > > you are right, I updated the KIP to reflect the missing one. > 3. What if the implementation needs to distinguish between creating ACLs on > the source cluster and creating them on the destination cluster? E.g. the > one should be done one way, but the other using a different mechanism? > Users will need to define 2 implementations, one for source and another for > target and configure each using <cluster_alias>.forwarding.admin.class. for > example > - target.forwarding.admin.class = TargetAdmin > - source.forwarding.admin.class = SourceAdmin > > On Tue, Jun 21, 2022 at 2:14 PM Tom Bentley <tbent...@redhat.com> wrote: > > > Hi Omnia, > > > > Thanks for the KIP! I'm sorry for the delay in this response. I have a > few > > questions: > > > > 1. I assume there's an undocumented requirement in the KIP that whatever > > class is named for forwarding.admin.class it has a public single argument > > constructor that takes an Admin instance? > > 2. If 1 is correct then what about an implementation that requires extra > > configuration, e.g. for whatever infra-as-code API it needs to use > (instead > > of using an Admin instance directly) how does it learn about that > non-Kafka > > config when it's only receiving an Admin instance? > > 3. What if the implementation needs to distinguish between creating ACLs > on > > the source cluster and creating them on the destination cluster? E.g. the > > one should be done one way, but the other using a different mechanism? > > > > Kind regards, > > > > Tom > > > > > > On Mon, 20 Jun 2022 at 17:13, Omnia Ibrahim <o.g.h.ibra...@gmail.com> > > wrote: > > > > > Hi Chris, sorry for the late reply. > > > ..Hi, > > > > > > > 1. I might be missing something, but can you give a concrete Java > > example > > > > of how the proposed ForwardingAdmin class is more convenient than > > > > subclassing the KafkaAdminClient class? AFAICT the two would be > > virtually > > > > identical. > > > > > > I might be misunderstanding exactly how that class will be used; > > > > I'm envisioning it as the pluggable class that users will implement > for > > > > custom administration logic and specify as the value for the > > > > "forwarding.admin.class" (or "<cluster>.forwarding.admin.class") > > > property, > > > > and that it will be instantiated with a KafkaAdminClient instance > that > > > can > > > > be used to get the same logic that MM2 provides today. In the case > you > > > > mentioned (KafkaAdminClient for read/describe, custom Admin for > > > > create/update), I'd imagine one could override the createTopics, > > > > deleteTopics, createAcls, deleteAcls (maybe?), alterConfigs (maybe?), > > > etc. > > > > methods, and then leave other methods such as listTopics, > > describeTopics, > > > > describeCluster, etc. as they are. > > > > > > > The Forwarding decorator is one alternative for inheritance so you are > > > right to say that they look identical. However, I would like to point > out > > > few points > > > 1. that Kafka codebase has few wrappers or decorators around > AdminClient > > > instead of inheritance so using decorator over inheritance isn't new > > > proposal for example > > > > > > - - > > `org.apache.kafka.streams.processor.internals.InternalTopicManager` > > > which has AdminClient as parameter instead of inheatance > > > - - `org.apache.kafka.connect.util.SharedTopicAdmin` and > > > `org.apache.kafka.connect.util.TopicAdmin` don't inherit > > > KafkaAdminClient > > > instead initialize KafkaAdminClient. > > > > > > 2. Using ForwardingAdmin will make it easier to test which methods use > > > KafkaAdminClient and which don't this make the test for any customized > > > implementation easier. We can't have this with inheatcancs > > > 3. Inhearting KafkaAdminClient has the following limitation > > > a. KafkaAdminClient doesn't have a public default constructor, > so > > > isn't gonna be easy to have contractor that initialize both > > > KafkaAdminClient (to be used for read/describe/list) and customized > > > fedrated client (to be used for create/update). (Note I don't want to > > touch > > > anything in KafkaAdminClient code base to change that) > > > b. the only way to initialize instance is by > using`createInternal` > > > which is static and can't be overridden to include creating customized > > > fedrated client. This is the method used by `Admin.create` to > > > initialize `KafkaAdminClient`in > > > most MM2 and Kafka codebase. > > > > > > 3. KIP-158 deals with the topics that source connectors write to, not > the > > > > internal topics used by the Connect framework. IIUC this includes the > > > > topics that MM2 mirrors. I think it's still fine if we want to leave > > > > support for this out and say that this KIP only addresses code that > > lives > > > > inside the connect/mirror (and possibly connect/mirror-client?) > > modules, > > > I > > > > just want to make sure that whatever behavior we settle on is > specified > > > > clearly in the KIP and user-facing documentation. > > > > > > MM2 deals with a large number of topics, creating the topic if not > > > existing, adding new partitions if the number of partitions increases > and > > > syncing configs and ACLs, so while KIP-158 can stop the source connect > > from > > > creating a topic, this wouldn't be a great solution for MM2 when it > runs > > on > > > a large scale as this will add too much operation headache on the teams > > > that run MM2 to create/update large number of topics manually. Also, it > > > prevents teams from enabling MM2 to sync configs and ACLs as this still > > > will be at odds with the federated solution. > > > > > > 4. That's fine 👍 Just out of curiosity, is the motivation for this > > > > decision to simplify the implementation? I can imagine it'd be easier > > to > > > > modify the MM2 codebase exclusively and not have to worry about > > touching > > > > the Connect framework as well given the possibility for unintended > > > > consequences for other connectors with the latter. > > > > > > The motivation of the KIP is to have the option to let MM2 create > > topics, > > > add partitions, and sync configs and ACLs without being at odds with > > > federated or capacity solutions when it runs on a large scale instead > of > > > just turning the admin client off. > > > > > > > Wondering if there's a > > > > distinction on the feature front as well that makes MM2 internal > topics > > > > different from Connect internal topics. > > > > > > > > > The only diff here is the MM2 call TopicManager directly to create > these > > > topics. > > > > > > > > > Thanks > > > Omnia > > > > > > > > > On Tue, Jun 7, 2022 at 5:05 AM Chris Egerton <fearthecel...@gmail.com> > > > wrote: > > > > > > > Hi Omnia, > > > > > > > > 1. I might be missing something, but can you give a concrete Java > > example > > > > of how the proposed ForwardingAdmin class is more convenient than > > > > subclassing the KafkaAdminClient class? AFAICT the two would be > > virtually > > > > identical. I might be misunderstanding exactly how that class will be > > > used; > > > > I'm envisioning it as the pluggable class that users will implement > for > > > > custom administration logic and specify as the value for the > > > > "forwarding.admin.class" (or "<cluster>.forwarding.admin.class") > > > property, > > > > and that it will be instantiated with a KafkaAdminClient instance > that > > > can > > > > be used to get the same logic that MM2 provides today. In the case > you > > > > mentioned (KafkaAdminClient for read/describe, custom Admin for > > > > create/update), I'd imagine one could override the createTopics, > > > > deleteTopics, createAcls, deleteAcls (maybe?), alterConfigs (maybe?), > > > etc. > > > > methods, and then leave other methods such as listTopics, > > describeTopics, > > > > describeCluster, etc. as they are. > > > > > > > > 3. KIP-158 deals with the topics that source connectors write to, not > > the > > > > internal topics used by the Connect framework. IIUC this includes the > > > > topics that MM2 mirrors. I think it's still fine if we want to leave > > > > support for this out and say that this KIP only addresses code that > > lives > > > > inside the connect/mirror (and possibly connect/mirror-client?) > > modules, > > > I > > > > just want to make sure that whatever behavior we settle on is > specified > > > > clearly in the KIP and user-facing documentation. > > > > > > > > 4. That's fine 👍 Just out of curiosity, is the motivation for this > > > > decision to simplify the implementation? I can imagine it'd be easier > > to > > > > modify the MM2 codebase exclusively and not have to worry about > > touching > > > > the Connect framework as well given the possibility for unintended > > > > consequences for other connectors with the latter. Wondering if > > there's a > > > > distinction on the feature front as well that makes MM2 internal > topics > > > > different from Connect internal topics. > > > > > > > > Cheers, > > > > > > > > Chris > > > > > > > > On Mon, Jun 6, 2022 at 6:36 AM Omnia Ibrahim < > o.g.h.ibra...@gmail.com> > > > > wrote: > > > > > > > > > Hi Chris, Thanks for having the time to look into this. > > > > > > > > > > 1. Is the introduction of the new "ForwardingAdmin" class > necessary, > > or > > > > can > > > > > > the same behavior can be achieved by subclassing the existing > > > > > > KafkaAdminClient class? > > > > > > > > > > forwarding decorators give more flexibility than the inheritance, > in > > > this > > > > > case, ForwardingAdmin gives the ability to use the default > > > > KafkaAdminClient > > > > > for reading/describing resources and at the same time configure > > another > > > > > client to connect to the federated solution to create and update > > > > resources. > > > > > Using forwarding seems cleaner and more flexible for this use case > > than > > > > > inheritance. > > > > > > > > > > 2. Would it be just as accurate to name the new Mirror Maker 2 > > property > > > > > > "admin.class" instead of "forwarding.admin.class"? I think > brevity > > > may > > > > > work > > > > > > in our favor here > > > > > > > > > > > I don't mind renaming it to "admin.class" if this is better. > > > > > > > > > > 3. Would the admin class specified by the user also take effect for > > > > KIP-158 > > > > > > [1] style automatic topic creation? (Forgive me if this isn't > > > > applicable > > > > > > for Mirror Maker 2; I'm asking solely based on the knowledge that > > MM2 > > > > can > > > > > > be run as a source connector and has its own source task class > > [2].) > > > > > > > > > > No this only control creating/updating mirrored topics and MM2 > > internal > > > > > topics. And not going to affect connect runtime's internal topics > > that > > > > are > > > > > needed by connect cluster that runs MM2. > > > > > > > > > > 4. Would the admin class specified by the user also take effect for > > > > > > internal topics created by the Connect framework (i.e., the > statue, > > > > > config, > > > > > > and offsets topics)? > > > > > > > > > > No this wouldn't address connect as connect "realtime" uses > > TopicAdmin > > > > to > > > > > manage topics needed for KafkaOffsetBackingStore, > > > KafkaStatusBackingStore > > > > > and KafkaConfigBackingStore directly. These 3 topics aren't a huge > > > > concern > > > > > for MM2 as they are a small set of topics and can be created > up-front > > > as > > > > a > > > > > one-time job. However, the main concern of the KIP is addressing > the > > > > > mirrored topics, synced configs, synced ACLs and the internal > topics > > of > > > > MM2 > > > > > which are needed for MM2 features like heartbeat and offset mapping > > > > between > > > > > Kafka clusters. > > > > > > > > > > The KIP states that Mirror Maker 2 will "Use > > > > > > ForwardingAdmin in MirrorUtils instead of TopicAdmin to create > > > internal > > > > > > compacted topics", but IIUC these topics (the ones created with > the > > > > > > MirrorUtils class) are Mirror Maker 2-specific and different from > > the > > > > > > Connect framework's internal topics. > > > > > > > > > > MM2 has been using 2 patterns to create topics > > > > > 1- Use AdminClient directly to create/update mirrored topics and > > their > > > > ACLs > > > > > 2- Use TopicAdmin in MirrorUtils to create MM2 internal topics > which > > > are > > > > > heartbeat, mm2-offset-syncs.<cluster_alias>.internal and > > > > > <cluster_alias>.checkpoints.internal > > > > > > > > > > This KIP will only replace AdminClient and TopicAdmin in the MM2 > > > codebase > > > > > by ForwardingAdmin and not connect related topics. > > > > > As Colin mentioned before we can have a feature KIP where we use > > > > > ForwardingAdmin outside MM2 but this is not addressed in this KIP. > > > > > > > > > > Hope this answered your questions. > > > > > > > > > > Best > > > > > Omnia > > > > > > > > > > > > > > > > > > > > On Wed, Jun 1, 2022 at 2:14 AM Chris Egerton < > > fearthecel...@gmail.com> > > > > > wrote: > > > > > > > > > > > Hi Omnia, > > > > > > > > > > > > Thank you for your patience with this KIP! I have a few quick > > > thoughts: > > > > > > > > > > > > 1. Is the introduction of the new "ForwardingAdmin" class > > necessary, > > > or > > > > > can > > > > > > the same behavior can be achieved by subclassing the existing > > > > > > KafkaAdminClient class? > > > > > > > > > > > > 2. Would it be just as accurate to name the new Mirror Maker 2 > > > property > > > > > > "admin.class" instead of "forwarding.admin.class"? I think > brevity > > > may > > > > > work > > > > > > in our favor here > > > > > > > > > > > > 3. Would the admin class specified by the user also take effect > for > > > > > KIP-158 > > > > > > [1] style automatic topic creation? (Forgive me if this isn't > > > > applicable > > > > > > for Mirror Maker 2; I'm asking solely based on the knowledge that > > MM2 > > > > can > > > > > > be run as a source connector and has its own source task class > > [2].) > > > > > > > > > > > > 4. Would the admin class specified by the user also take effect > for > > > > > > internal topics created by the Connect framework (i.e., the > statue, > > > > > config, > > > > > > and offsets topics)? The KIP states that Mirror Maker 2 will "Use > > > > > > ForwardingAdmin in MirrorUtils instead of TopicAdmin to create > > > internal > > > > > > compacted topics", but IIUC these topics (the ones created with > the > > > > > > MirrorUtils class) are Mirror Maker 2-specific and different from > > the > > > > > > Connect framework's internal topics. > > > > > > > > > > > > [1] - > > > > > > > > > > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-158%3A+Kafka+Connect+should+allow+source+connectors+to+set+topic-specific+settings+for+new+topics > > > > > > [2] - > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/apache/kafka/blob/4c9eeef5b2dff9a4f0977fbc5ac7eaaf930d0d0e/connect/mirror/src/main/java/org/apache/kafka/connect/mirror/MirrorSourceTask.java > > > > > > > > > > > > Cheers, > > > > > > > > > > > > Chris > > > > > > > > > > > > On Wed, May 25, 2022 at 5:26 AM Omnia Ibrahim < > > > o.g.h.ibra...@gmail.com > > > > > > > > > > > wrote: > > > > > > > > > > > > > Hi everyone, If there's no major concern anymore, I'll start > the > > > > > > > voting process. > > > > > > > > > > > > > > On Fri, May 20, 2022 at 5:58 PM Omnia Ibrahim < > > > > o.g.h.ibra...@gmail.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > Hi Colin, > > > > > > > > > > > > > > > > >Thanks for the clarification. I agree it's reasonable for > > people > > > > to > > > > > > want > > > > > > > > to use their own implementations of Admin. And we could have > a > > > > config > > > > > > for > > > > > > > > this, so that it becomes pluggable (possibly in other places > > than > > > > > > > > MirrorMaker, although we don't have to do that in this KIP). > > > > > > > > > > > > > > > > > Allowing people to plug custom implementation of Admin in > other > > > > > places > > > > > > > > sounds like a neat idea indeed. It can be nice addition for > > > > example ` > > > > > > > > org.apache.kafka.connect.util.SharedTopicAdmin` in Connect to > > use > > > > > > custom > > > > > > > > Admin as well. But agree no need to have it in this KIP. > > > > > > > > >We could even try to make this easier on developers. For > > > example, > > > > we > > > > > > > > could provide a public ForwardingAdmin class that forwards > all > > > > > requests > > > > > > > to > > > > > > > > the regular KafkaAdminClient. Then, people could make their > > > custom > > > > > > class > > > > > > > > inherit from ForwardingAdmin and override >just the specific > > > > methods > > > > > > that > > > > > > > > they wanted to override. So they don't have to implement all > > the > > > > > > methods, > > > > > > > > but just the ones that are different for them. > > > > > > > > > > > > > > > > > >I just wanted to make sure we weren't creating a second > Admin > > > > client > > > > > > > > interface -- I think that would really be hard for us to > > support > > > > > > > long-term. > > > > > > > > > > > > > > > > Forwarding would defiantly make it easier. I have updated the > > KIP > > > > to > > > > > > > > introduce ForwardingAdmin as well. > > > > > > > > > > > > > > > > regards, > > > > > > > > Omnia > > > > > > > > > > > > > > > > On Mon, May 16, 2022 at 9:31 PM Colin McCabe < > > cmcc...@apache.org > > > > > > > > > > wrote: > > > > > > > > > > > > > > > >> On Mon, May 16, 2022, at 10:24, Omnia Ibrahim wrote: > > > > > > > >> > Hi Colin, > > > > > > > >> > > > > > > > > >> > Thanks for your reply. > > > > > > > >> > > > > > > > > >> > This KIP doesn’t aim to solve any security concerns, but > > > rather > > > > a > > > > > > > >> conflict > > > > > > > >> > of responsibilities within any Kafka ecosystem that > includes > > > MM2 > > > > > and > > > > > > > any > > > > > > > >> > resource management solution. I’m not sure that was clear, > > so > > > > I’m > > > > > > > >> concerned > > > > > > > >> > about the motivation for your suggestion to close this > KIP. > > > > > > > >> > > > > > > > > >> > > > > > > > >> Hi Omnia, > > > > > > > >> > > > > > > > >> Thanks for the clarification. I agree it's reasonable for > > people > > > > to > > > > > > want > > > > > > > >> to use their own implementations of Admin. And we could > have a > > > > > config > > > > > > > for > > > > > > > >> this, so that it becomes pluggable (possibly in other places > > > than > > > > > > > >> MirrorMaker, although we don't have to do that in this KIP). > > > > > > > >> > > > > > > > >> We could even try to make this easier on developers. For > > > example, > > > > we > > > > > > > >> could provide a public ForwardingAdmin class that forwards > all > > > > > > requests > > > > > > > to > > > > > > > >> the regular KafkaAdminClient. Then, people could make their > > > custom > > > > > > class > > > > > > > >> inherit from ForwardingAdmin and override just the specific > > > > methods > > > > > > that > > > > > > > >> they wanted to override. So they don't have to implement all > > the > > > > > > > methods, > > > > > > > >> but just the ones that are different for them. > > > > > > > >> > > > > > > > >> I just wanted to make sure we weren't creating a second > Admin > > > > client > > > > > > > >> interface -- I think that would really be hard for us to > > support > > > > > > > long-term. > > > > > > > >> > > > > > > > >> > > > > > > > > >> > It is generally accepted that resource management should > be > > > > > > > centralized, > > > > > > > >> > especially on the scale of mirroring N number of clusters. > > The > > > > > point > > > > > > > of > > > > > > > >> > this KIP is that any sort of topic management / federate > > > > solution > > > > > / > > > > > > > >> > up-front capacity planning system will be at odds with MM2 > > if > > > > MM2 > > > > > > > keeps > > > > > > > >> > using the Admin client directly. > > > > > > > >> > > > > > > > > >> > > > > > > > >> Thanks for the explanation. That makes sense. > > > > > > > >> > > > > > > > >> > > > > > > > > >> > I understand your concern that the interface proposed in > the > > > > first > > > > > > > >> approach > > > > > > > >> > may become too similar to the existing Admin interface. > I’ll > > > > > update > > > > > > > the > > > > > > > >> > proposal by moving Ryanne’s previous suggestion to re-use > > the > > > > > Admin > > > > > > > >> > interface and add configuration to accept a custom > > > > implementation. > > > > > > > >> > > > > > > > > >> > > > > > > > >> +1. > > > > > > > >> > > > > > > > >> > > > > > > > > >> > If you still feel this KIP should be closed but can > > understand > > > > its > > > > > > > >> > motivation I can close this one and create a new one. > > > > > > > >> > > > > > > > > >> > > > > > > > >> I think it's reasonable to keep this one open and make the > > > changes > > > > > you > > > > > > > >> talked about above. > > > > > > > >> > > > > > > > >> regards, > > > > > > > >> Colin > > > > > > > >> > > > > > > > >> > > > > > > > > >> > Thanks, > > > > > > > >> > Omnia > > > > > > > >> > > > > > > > > >> > On Fri, May 13, 2022 at 6:10 PM Colin McCabe < > > > > cmcc...@apache.org> > > > > > > > >> wrote: > > > > > > > >> > > > > > > > > >> >> On Wed, May 11, 2022, at 15:07, Omnia Ibrahim wrote: > > > > > > > >> >> > Hi Colin, > > > > > > > >> >> > I don't mind the idea of MM2 users implementing the > > > > AdminClient > > > > > > > >> >> interface. > > > > > > > >> >> > However, there're two disadvantages to this. > > > > > > > >> >> > > > > > > > > >> >> > 1. Having around 70 methods definitions to have > > > > > > "NotImplemented" > > > > > > > >> is > > > > > > > >> >> one > > > > > > > >> >> > downside, and keep up with these if the AdminClient > > > > > interface > > > > > > > >> changes. > > > > > > > >> >> > 2. It makes it hard to list what admin functionality > > MM2 > > > > > uses > > > > > > as > > > > > > > >> MM2 > > > > > > > >> >> > interactions with AdminClient in the codebase are in > > > many > > > > > > > places. > > > > > > > >> >> > > > > > > > > >> >> > I guess it's OK for MM2 users who want to build their > > admin > > > > > > client > > > > > > > to > > > > > > > >> >> carry > > > > > > > >> >> > this burden, as I explained in my previous response to > > the > > > > > > > discussion > > > > > > > >> >> > thread. And we can do some cleanup to the codebase to > > have > > > > all > > > > > > > Admin > > > > > > > >> >> > interactions in MM2 in a utils class or something like > > that > > > > to > > > > > > make > > > > > > > >> it > > > > > > > >> >> > easier to navigate what MM2 needs from the Admin > > interface. > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> Hi Omnia, > > > > > > > >> >> > > > > > > > >> >> Anyone who wants to extend Kafka with proprietary tooling > > > does > > > > > need > > > > > > > to > > > > > > > >> >> keep up with the Kafka API. We have done everything we > can > > to > > > > > make > > > > > > > this > > > > > > > >> >> easier. We rigorously define what the API is through the > > KIP > > > > > > process, > > > > > > > >> and > > > > > > > >> >> make it possible to extend by making it an interface > rather > > > > than > > > > > > > >> concrete > > > > > > > >> >> class. We also have a pretty lengthy deprecation process > > for > > > > > these > > > > > > > >> APIs. > > > > > > > >> >> > > > > > > > >> >> > > > > > > > > >> >> > Maybe I'm misunderstanding the use-case you're > describing > > > > here. > > > > > > But > > > > > > > >> it > > > > > > > >> >> >> seems to me that if you create a proxy that has the > > > ability > > > > to > > > > > > do > > > > > > > >> any > > > > > > > >> >> admin > > > > > > > >> >> >> operation, and give MM2 access to that proxy, the > > security > > > > > model > > > > > > > is > > > > > > > >> the > > > > > > > >> >> >> same as just giving MM2 admin access. (Or it may be > > worse > > > if > > > > > the > > > > > > > >> >> sysadmin > > > > > > > >> >> >> doesn't know what this proxy is doing, and doesn't > lock > > it > > > > > > > down...) > > > > > > > >> >> >> > > > > > > > >> >> > > > > > > > > >> >> > MM2 runs with the assumption that it has > > > > > > > >> >> > > > > > > > > >> >> > - "CREATE" ACLs for topics on the source clusters to > > > > create > > > > > > > >> >> `heartbeat` > > > > > > > >> >> > topics. > > > > > > > >> >> > - "CREATE" and "ALTER" ACLs to create topics, add > > > > > partitions, > > > > > > > >> update > > > > > > > >> >> > topics' config and topics' ACLs (in future, will > also > > > > > include > > > > > > > >> group > > > > > > > >> >> ACLS as > > > > > > > >> >> > Mikael mentioned before in the thread) on the > > > destination > > > > > > > >> clusters. > > > > > > > >> >> > > > > > > > > >> >> > Most organisations have some resource management or > > > federated > > > > > > > >> solutions > > > > > > > >> >> > (some would even have a budget system as part of these > > > > systems) > > > > > > to > > > > > > > >> manage > > > > > > > >> >> > Kafka resources, and these systems are usually the only > > > > > > application > > > > > > > >> >> allowed > > > > > > > >> >> > to initializing a client with "CREATE" and "ALTER" > ACLs. > > > They > > > > > > don't > > > > > > > >> grant > > > > > > > >> >> > these ACLs to any other teams/groups/applications to > > create > > > > > such > > > > > > a > > > > > > > >> client > > > > > > > >> >> > outside these systems, so assuming MM2 can bypass these > > > > systems > > > > > > and > > > > > > > >> use > > > > > > > >> >> the > > > > > > > >> >> > AdminClient directly to create/update resources isn't > > > valid. > > > > > This > > > > > > > is > > > > > > > >> the > > > > > > > >> >> > primary concern here. > > > > > > > >> >> > > > > > > > > >> >> > The KIP is trying to give MM2 more flexibility to allow > > > > > > > >> organisations to > > > > > > > >> >> > integrate MM2 with their resource management system as > > they > > > > see > > > > > > fit > > > > > > > >> >> without > > > > > > > >> >> > forcing them to disable most MM2 features. > > > > > > > >> >> > > > > > > > > >> >> > Hope this make sense and clear it up. > > > > > > > >> >> > > > > > > > > >> >> > > > > > > > >> >> The point I was trying to make is that there is no > > additional > > > > > > > security > > > > > > > >> >> here. If you have some agent that has all the > permissions, > > > and > > > > > MM2 > > > > > > > can > > > > > > > >> talk > > > > > > > >> >> to that agent and tell it what to do, then that is > > equivalent > > > > to > > > > > > just > > > > > > > >> >> giving MM2 all the permissions. So while there may be > other > > > > > reasons > > > > > > > to > > > > > > > >> use > > > > > > > >> >> this kind of agent-based architecture, added security > isn't > > > > one. > > > > > > > >> >> > > > > > > > >> >> In any case, I think we should close this KIP since we > > > already > > > > > have > > > > > > > an > > > > > > > >> >> Admin API. There isn't a need to create a public API for > > > admin > > > > > > > >> operations. > > > > > > > >> >> > > > > > > > >> >> best, > > > > > > > >> >> Colin > > > > > > > >> >> > > > > > > > >> >> > > > > > > > >> >> > > > > > > > > >> >> > On Wed, May 11, 2022 at 9:09 PM Colin McCabe < > > > > > cmcc...@apache.org > > > > > > > > > > > > > > >> wrote: > > > > > > > >> >> > > > > > > > > >> >> >> Hi Omnia Ibrahim, > > > > > > > >> >> >> > > > > > > > >> >> >> I'm sorry, but I am -1 on adding competing Admin > > > interfaces. > > > > > > This > > > > > > > >> would > > > > > > > >> >> >> create confusion and a heavier maintenance burden for > > the > > > > > > project. > > > > > > > >> >> >> > > > > > > > >> >> >> Since the org.apache.kafka.clients.admin.Admin > interface > > > is > > > > a > > > > > > Java > > > > > > > >> >> >> interface, any third-party software that wants to > insert > > > its > > > > > own > > > > > > > >> >> >> implementation of the interface can do so already. > > > > > > > >> >> >> > > > > > > > >> >> >> A KIP to make the Admin class used pluggable for MM2 > > would > > > > be > > > > > > > >> >> reasonable. > > > > > > > >> >> >> Adding a competing admin API is not. > > > > > > > >> >> >> > > > > > > > >> >> >> It's true that there are many Admin methods, but you > do > > > not > > > > > need > > > > > > > to > > > > > > > >> >> >> implement all of them -- just the ones that > MirrorMaker > > > > uses. > > > > > > The > > > > > > > >> other > > > > > > > >> >> >> ones can throw a NotImplementedException or similar. > > > > > > > >> >> >> > > > > > > > >> >> >> > The current approach also assumes that the user > > running > > > > MM2 > > > > > > has > > > > > > > >> the > > > > > > > >> >> >> Admin right to > > > > > > > >> >> >> > create/update topics, which is only valid if the > user > > > who > > > > > runs > > > > > > > MM2 > > > > > > > >> >> also > > > > > > > >> >> >> manages both > > > > > > > >> >> >> > source and destination clusters. > > > > > > > >> >> >> > > > > > > > >> >> >> Maybe I'm misunderstanding the use-case you're > > describing > > > > > here. > > > > > > > But > > > > > > > >> it > > > > > > > >> >> >> seems to me that if you create a proxy that has the > > > ability > > > > to > > > > > > do > > > > > > > >> any > > > > > > > >> >> admin > > > > > > > >> >> >> operation, and give MM2 access to that proxy, the > > security > > > > > model > > > > > > > is > > > > > > > >> the > > > > > > > >> >> >> same as just giving MM2 admin access. (Or it may be > > worse > > > if > > > > > the > > > > > > > >> >> sysadmin > > > > > > > >> >> >> doesn't know what this proxy is doing, and doesn't > lock > > it > > > > > > > down...) > > > > > > > >> >> >> > > > > > > > >> >> >> best, > > > > > > > >> >> >> Colin > > > > > > > >> >> >> > > > > > > > >> >> >> > > > > > > > >> >> >> On Mon, May 9, 2022, at 13:21, Omnia Ibrahim wrote: > > > > > > > >> >> >> > Hi, I gave the KIP another look after talking to > some > > > > people > > > > > > at > > > > > > > >> the > > > > > > > >> >> Kafka > > > > > > > >> >> >> > Summit in London. And I would like to clear up the > > > > > motivation > > > > > > of > > > > > > > >> this > > > > > > > >> >> >> KIP. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > At the moment, MM2 has some opinionated decisions > that > > > are > > > > > > > >> creating > > > > > > > >> >> >> issues > > > > > > > >> >> >> > for teams that use IaC, federated solutions or have > a > > > > > > > >> capacity/budget > > > > > > > >> >> >> > planning system for Kafka destination clusters. To > > > explain > > > > > it > > > > > > > >> better, > > > > > > > >> >> >> let's > > > > > > > >> >> >> > assume we have MM2 with the following configurations > > to > > > > > > > highlight > > > > > > > >> >> these > > > > > > > >> >> >> > problems. > > > > > > > >> >> >> > > > > > > > > >> >> >> > ``` > > > > > > > >> >> >> > > > > > > > > >> >> >> > topics = .* > > > > > > > >> >> >> > > > > > > > > >> >> >> > refresh.topics.enabled = true > > > > > > > >> >> >> > > > > > > > > >> >> >> > sync.topic.configs.enabled = true > > > > > > > >> >> >> > > > > > > > > >> >> >> > sync.topic.acls.enabled = true > > > > > > > >> >> >> > > > > > > > > >> >> >> > // Maybe in futrue we can have > > sync.group.acls.enabled = > > > > > true > > > > > > > >> >> >> > > > > > > > > >> >> >> > ``` > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > These configurations allow us to run MM2 with the > > value > > > of > > > > > its > > > > > > > >> full > > > > > > > >> >> >> > features. However, there are two main concerns when > we > > > run > > > > > on > > > > > > a > > > > > > > >> scale > > > > > > > >> >> >> with > > > > > > > >> >> >> > these configs: > > > > > > > >> >> >> > > > > > > > > >> >> >> > 1. *Capacity/Budgeting Planning:* > > > > > > > >> >> >> > > > > > > > > >> >> >> > Functionality or features that impact capacity > > planning > > > > > using > > > > > > > MM2 > > > > > > > >> are: > > > > > > > >> >> >> > > > > > > > > >> >> >> > 1. MM2 automatically creates topics (breaking the > > > rule > > > > of > > > > > > > >> >> >> > `auto.create.topics.enable=false`) and creates > > topic > > > > > > > >> partitions on > > > > > > > >> >> >> > destination clusters if the number of partitions > > > > > increases > > > > > > on > > > > > > > >> the > > > > > > > >> >> >> source. > > > > > > > >> >> >> > In the previous example, this functionality will > > > apply > > > > to > > > > > > any > > > > > > > >> topic > > > > > > > >> >> >> that > > > > > > > >> >> >> > matches the regex of the `topics` config. > > > > > > > >> >> >> > 2. Sync topic configs include configurations that > > > > impact > > > > > > > >> capacity > > > > > > > >> >> >> like ` > > > > > > > >> >> >> > retention.ms` and `retention.bytes`. > > > > > > > >> >> >> > > > > > > > > >> >> >> > These 2 points lead to adding new untracked capacity > > to > > > > > > > >> destination > > > > > > > >> >> >> > clusters without a way to count for them up-front or > > > > > safeguard > > > > > > > the > > > > > > > >> >> >> cluster. > > > > > > > >> >> >> > The team that runs the cluster will only see the > > > capacity > > > > > > issue > > > > > > > >> when > > > > > > > >> >> >> their > > > > > > > >> >> >> > disk usage hits the threshold for their alerts. The > > desk > > > > > > > capacity > > > > > > > >> >> issue > > > > > > > >> >> >> can > > > > > > > >> >> >> > be avoided if MM2 is flexible enough to > > > > > > > >> >> >> > > > > > > > > >> >> >> > - have a way for teams that run their ecosystem > to > > > have > > > > > MM2 > > > > > > > >> behave > > > > > > > >> >> >> > within their system. > > > > > > > >> >> >> > - disable the auto-creation and avoid syncing > > configs > > > > > that > > > > > > > >> impact > > > > > > > >> >> >> > capacity > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > 2. *Provisioning conflict:* > > > > > > > >> >> >> > > > > > > > > >> >> >> > In the previous MM2 configurations; we ended up with > > > > > conflict > > > > > > as > > > > > > > >> MM2 > > > > > > > >> >> used > > > > > > > >> >> >> > `AdminClient` directly to perform the following > > > > > functionality > > > > > > > >> >> >> > > > > > > > > >> >> >> > - Create a Kafka topic (no way to disable this > at > > > the > > > > > > > moment) > > > > > > > >> >> >> > - Add new Kafka partitions (no way to disable > this > > > at > > > > > the > > > > > > > >> moment) > > > > > > > >> >> >> > - Sync Kafka Topic configurations (can be > > disabled, > > > > but > > > > > > then > > > > > > > >> this > > > > > > > >> >> >> > reduces the value of MM2 potential for users) > > > > > > > >> >> >> > - Sync Kafka topic's ACLs (can be disabled, but > > this > > > > > > reduces > > > > > > > >> the > > > > > > > >> >> >> users' > > > > > > > >> >> >> > value). Disabling this feature also means that > > users > > > > must > > > > > > > >> ensure > > > > > > > >> >> they > > > > > > > >> >> >> have > > > > > > > >> >> >> > the right ACLs to the mirrored topics on the > > > > destination > > > > > > > >> cluster > > > > > > > >> >> >> before > > > > > > > >> >> >> > switching their consumers, especially when MM2 is > > > used > > > > > for > > > > > > > >> disaster > > > > > > > >> >> >> > recovery. It may lead to extra downtime for them. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > All these functionalities are using AdminClient; > which > > > > > causes > > > > > > an > > > > > > > >> issue > > > > > > > >> >> >> with > > > > > > > >> >> >> > teams that > > > > > > > >> >> >> > > > > > > > > >> >> >> > - Manage their Kafka resources using tools like > > > > Strimizi > > > > > or > > > > > > > >> custom > > > > > > > >> >> >> > federated solutions. For example, Strimizi's > > > > UserOperator > > > > > > > >> doesn't > > > > > > > >> >> >> sync the > > > > > > > >> >> >> > topic ACLs when MM2 is enabled. Strimzi > > documentation > > > > > > > mentions > > > > > > > >> that > > > > > > > >> >> >> users > > > > > > > >> >> >> > must to disable MM2 `sync.topic.acls.enabled` if > > they > > > > use > > > > > > > >> >> >> `UserOperator`. > > > > > > > >> >> >> > On the other hand, Strimizi's TopicOperator > doesn't > > > > have > > > > > > the > > > > > > > >> same > > > > > > > >> >> >> issue > > > > > > > >> >> >> > because it has a bi-directional reconciliation > > > process > > > > > that > > > > > > > >> watches > > > > > > > >> >> >> the > > > > > > > >> >> >> > topics state on the Kafka cluster and updates > > > > KafkaTopic > > > > > > > >> resources > > > > > > > >> >> for > > > > > > > >> >> >> > Strimzi. This design works fine with Kafka MM2 > for > > > > Topics > > > > > > but > > > > > > > >> not > > > > > > > >> >> for > > > > > > > >> >> >> > syncing ACLs. Strimizi TopicOperator also doesn't > > > have > > > > a > > > > > > way > > > > > > > to > > > > > > > >> >> stop > > > > > > > >> >> >> > syncing config that impact capacity for example > > > > retention > > > > > > > >> configs. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > - Teams that run MM2 but don't own the > destination > > > > > cluster. > > > > > > > In > > > > > > > >> this > > > > > > > >> >> >> > case, these teams don't have Admin access, but > they > > > may > > > > > > have > > > > > > > >> Kafka > > > > > > > >> >> >> > management solutions, such as yahoo/CMAK or an > > > in-house > > > > > > > >> solution. > > > > > > > >> >> For > > > > > > > >> >> >> such > > > > > > > >> >> >> > a tool as CMAK, these teams can update/create > > > resources > > > > > > using > > > > > > > >> CMAK > > > > > > > >> >> >> REST API. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > The Proposed KIP gives users the flexibility to > > > integrate > > > > > MM2 > > > > > > > >> within > > > > > > > >> >> >> their > > > > > > > >> >> >> > ecosystem without disabling any MM2 features. We can > > > > achieve > > > > > > > this > > > > > > > >> >> >> > flexibility with one of the following solutions. > > > > > > > >> >> >> > > > > > > > > >> >> >> > 1. Introduce a new interface that hides Admin > > > > > interactions > > > > > > in > > > > > > > >> one > > > > > > > >> >> >> place. > > > > > > > >> >> >> > Then users can provide their way of resource > > > > management. > > > > > As > > > > > > > >> well as > > > > > > > >> >> >> clean > > > > > > > >> >> >> > up the MM2 code by having one place that manages > > the > > > > > > > >> resources, as > > > > > > > >> >> at > > > > > > > >> >> >> the > > > > > > > >> >> >> > moment, MM2 usage of AdminClient is all over the > > > code. > > > > > > > >> >> >> > 2. The second solution could be to add only a new > > > > config > > > > > > that > > > > > > > >> >> allows > > > > > > > >> >> >> the > > > > > > > >> >> >> > users to override AdminClient with another > > > > implementation > > > > > > of > > > > > > > >> the > > > > > > > >> >> >> > AdminClient interface, as Ryanne suggested > before. > > > The > > > > > > > >> downside is > > > > > > > >> >> >> that > > > > > > > >> >> >> > AdminClient is enormous and constantly under > > > > development, > > > > > > so > > > > > > > >> any > > > > > > > >> >> >> users who > > > > > > > >> >> >> > opt-in for custom implementation will need to > carry > > > > this > > > > > > > >> burden. > > > > > > > >> >> >> > > > > > > > > >> >> >> > I favour the first solution as it will make it > either > > > > later > > > > > to > > > > > > > >> add any > > > > > > > >> >> >> new > > > > > > > >> >> >> > feature related to resource management. But don't > mind > > > if > > > > > > others > > > > > > > >> think > > > > > > > >> >> >> that > > > > > > > >> >> >> > the second solution is easier for MM2 design. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > *Note*: There are two possible future KIPs following > > > this > > > > > KIP > > > > > > to > > > > > > > >> >> >> > > > > > > > > >> >> >> > 1. Add config to disable MM2 from auto creating > or > > > > adding > > > > > > new > > > > > > > >> topic > > > > > > > >> >> >> > partitions. > > > > > > > >> >> >> > 2. Add a way to exclude a specific topic's > > > > configuration > > > > > > from > > > > > > > >> being > > > > > > > >> >> >> > synced. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > I hope this clears up the problem better. Please let > > me > > > > know > > > > > > > what > > > > > > > >> do > > > > > > > >> >> you > > > > > > > >> >> >> > think. > > > > > > > >> >> >> > > > > > > > > >> >> >> > > > > > > > > >> >> >> > On Mon, Feb 7, 2022 at 3:26 PM Omnia Ibrahim < > > > > > > > >> o.g.h.ibra...@gmail.com > > > > > > > >> >> > > > > > > > > >> >> >> > wrote: > > > > > > > >> >> >> > > > > > > > > >> >> >> >> Hi Mickael. Thanks for the feedback. I address some > > of > > > > your > > > > > > > >> points > > > > > > > >> >> >> below. > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> *> This seems to address a relatively advanced and > > > > specific > > > > > > use > > > > > > > >> case* > > > > > > > >> >> >> >> The main point of the KIP is that MM2 is making a > > > massive > > > > > > > >> assumption > > > > > > > >> >> >> that > > > > > > > >> >> >> >> it has the right to alter/create resources. This > > > > assumption > > > > > > > isn't > > > > > > > >> >> valid > > > > > > > >> >> >> in > > > > > > > >> >> >> >> the world of Infra-as-Code, federated solutions and > > > > > > popularity > > > > > > > >> of OS > > > > > > > >> >> >> Kafka > > > > > > > >> >> >> >> Kubernetes operators; these infra/resource > management > > > > > > solutions > > > > > > > >> >> aren't > > > > > > > >> >> >> >> advanced use-cases anymore nowadays. These concerns > > had > > > > > been > > > > > > > >> raised > > > > > > > >> >> in > > > > > > > >> >> >> the > > > > > > > >> >> >> >> past, especially regarding the assumption that MM2 > > can > > > > > create > > > > > > > >> topics > > > > > > > >> >> on > > > > > > > >> >> >> the > > > > > > > >> >> >> >> destination cluster. For example, > > > > > > > >> >> >> >> https://issues.apache.org/jira/browse/KAFKA-12753 > > and > > > > > > > >> >> >> >> > > > > > > > > https://www.mail-archive.com/dev@kafka.apache.org/msg119340.html > > > > > > > >> . > > > > > > > >> >> >> >> The primary motivation is giving some power to data > > > > > > > >> >> >> >> platform/infrastructure team to make MM2 part of > > their > > > > > > internal > > > > > > > >> Kafka > > > > > > > >> >> >> >> ecosystem without dropping the main features that > > make > > > > MM2 > > > > > > > >> valuable, > > > > > > > >> >> >> like > > > > > > > >> >> >> >> syncing topic configs. For example, if someone uses > > any > > > > OS > > > > > > > Kafka > > > > > > > >> k8s > > > > > > > >> >> >> >> operator, they can implement the class to interact > > with > > > > the > > > > > > k8s > > > > > > > >> >> >> operator to > > > > > > > >> >> >> >> create these resources. > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> *> My initial concern is this may make it hard to > > > evolve > > > > > > > >> MirrorMaker > > > > > > > >> >> as > > > > > > > >> >> >> >> we'll likely need to update this new interface if > new > > > > > > features > > > > > > > >> are > > > > > > > >> >> >> added.* > > > > > > > >> >> >> >> I agree it's a disadvantage to adding a new > interface > > > > > however > > > > > > > >> adding > > > > > > > >> >> >> more > > > > > > > >> >> >> >> admin interactions from MM2 to alter/create > resources > > > and > > > > > > > access > > > > > > > >> will > > > > > > > >> >> >> feed > > > > > > > >> >> >> >> the main issue as I mentioned above with the > > popularity > > > > of > > > > > > IaC > > > > > > > >> and > > > > > > > >> >> >> >> federated solutions; most data > > platform/infrastructure > > > > > teams > > > > > > > will > > > > > > > >> >> endup > > > > > > > >> >> >> >> disabling these new features. > > > > > > > >> >> >> >> Also, at the moment, most MM2 interactions with the > > > admin > > > > > > > client > > > > > > > >> are > > > > > > > >> >> >> >> scattered across the codebase so having one place > > where > > > > all > > > > > > > admin > > > > > > > >> >> >> >> interactions are listed isn't a bad thing. > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> *> For example if we wanted to sync group ACLs.* > > > > > > > >> >> >> >> As I mentioned before, altering any resource's > > > > > configurations > > > > > > > >> with > > > > > > > >> >> MM2 > > > > > > > >> >> >> is > > > > > > > >> >> >> >> the one main concern for any data > > > platform/infrastructure > > > > > > team > > > > > > > >> that > > > > > > > >> >> >> wants > > > > > > > >> >> >> >> to have control over their clusters and use MM2. So > > the > > > > > main > > > > > > > >> question > > > > > > > >> >> >> with > > > > > > > >> >> >> >> adding any new altering feature like sync group > ACLs > > > will > > > > > > raise > > > > > > > >> the > > > > > > > >> >> same > > > > > > > >> >> >> >> question of how many teams will actually enable > this > > > > > feature. > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> *>Regarding the proposed API, I have a few > > suggestions: > > > > >- > > > > > > What > > > > > > > >> about > > > > > > > >> >> >> >> using configure() instead of the constructor to > pass > > > the > > > > > > > >> >> >configuration, > > > > > > > >> >> >> >> especially as it's implementing Configurable >- > It's > > > not > > > > > > clear > > > > > > > >> what > > > > > > > >> >> all > > > > > > > >> >> >> the > > > > > > > >> >> >> >> arguments of createTopicPartitions()>are. What's > the > > > > > > difference > > > > > > > >> >> between > > > > > > > >> >> >> >> partitionCounts and newPartitions?>Should we have > > > > separate > > > > > > > >> methods > > > > > > > >> >> for > > > > > > > >> >> >> >> creating topics and partitions? >- Do we really > need > > > > > > > >> >> >> >> createCompactedTopic()? >- Instead of > > > > updateTopicConfigs() > > > > > > and > > > > > > > >> >> >> updateAcls() > > > > > > > >> >> >> >> should we use the >"alter" prefix to stay > consistent > > > with > > > > > > > Admin?* > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> These are good suggestions that will update the KIP > > to > > > > > > address > > > > > > > >> these. > > > > > > > >> >> >> >> Regarding the `createCompactedTopic` MM2 is using > > this > > > > > method > > > > > > > to > > > > > > > >> >> create > > > > > > > >> >> >> >> internal topics. > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> Thanks > > > > > > > >> >> >> >> > > > > > > > >> >> >> >> On Wed, Jan 26, 2022 at 1:55 PM Mickael Maison < > > > > > > > >> >> >> mickael.mai...@gmail.com> > > > > > > > >> >> >> >> wrote: > > > > > > > >> >> >> >> > > > > > > > >> >> >> >>> Hi Omnia, > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >>> Thanks for the KIP, sorry for taking so long to > > > comment. > > > > > > I've > > > > > > > >> only > > > > > > > >> >> had > > > > > > > >> >> >> >>> time to take a quick look so far. > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >>> This seems to address a relatively advanced and > > > specific > > > > > use > > > > > > > >> case. > > > > > > > >> >> My > > > > > > > >> >> >> >>> initial concern is this may make it hard to evolve > > > > > > MirrorMaker > > > > > > > >> as > > > > > > > >> >> >> >>> we'll likely need to update this new interface if > > new > > > > > > features > > > > > > > >> are > > > > > > > >> >> >> >>> added. For example if we wanted to sync group > ACLs. > > > > > > > >> >> >> >>> I'm wondering if it's something you've thought > > about. > > > > I'm > > > > > > not > > > > > > > >> saying > > > > > > > >> >> >> >>> it's a blocker but we have to weigh the pros and > > cons > > > > when > > > > > > > >> >> introducing > > > > > > > >> >> >> >>> new features. > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >>> Regarding the proposed API, I have a few > > suggestions: > > > > > > > >> >> >> >>> - What about using configure() instead of the > > > > constructor > > > > > to > > > > > > > >> pass > > > > > > > >> >> the > > > > > > > >> >> >> >>> configuration, especially as it's implementing > > > > > Configurable > > > > > > > >> >> >> >>> - It's not clear what all the arguments of > > > > > > > >> createTopicPartitions() > > > > > > > >> >> >> >>> are. What's the difference between partitionCounts > > and > > > > > > > >> >> newPartitions? > > > > > > > >> >> >> >>> Should we have separate methods for creating > topics > > > and > > > > > > > >> partitions? > > > > > > > >> >> >> >>> - Do we really need createCompactedTopic()? > > > > > > > >> >> >> >>> - Instead of updateTopicConfigs() and updateAcls() > > > > should > > > > > we > > > > > > > >> use the > > > > > > > >> >> >> >>> "alter" prefix to stay consistent with Admin? > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >>> Thanks, > > > > > > > >> >> >> >>> Mickael > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >>> On Wed, Jan 26, 2022 at 11:26 AM Omnia Ibrahim < > > > > > > > >> >> >> o.g.h.ibra...@gmail.com> > > > > > > > >> >> >> >>> wrote: > > > > > > > >> >> >> >>> > > > > > > > > >> >> >> >>> > Hi, > > > > > > > >> >> >> >>> > If there are no more concerns regarding the > > proposal > > > > > can I > > > > > > > get > > > > > > > >> >> some > > > > > > > >> >> >> >>> votes on the KIP here > > > > > > > >> >> >> >>> > > > > > > > >> > > > https://lists.apache.org/thread/950lpxjb5kbjm8qdszlpxm9h4j4sfyjx > > > > > > > >> >> >> >>> > > > > > > > > >> >> >> >>> > Thanks > > > > > > > >> >> >> >>> > > > > > > > > >> >> >> >>> > On Wed, Oct 27, 2021 at 3:54 PM Ryanne Dolan < > > > > > > > >> >> ryannedo...@gmail.com> > > > > > > > >> >> >> >>> wrote: > > > > > > > >> >> >> >>> >> > > > > > > > >> >> >> >>> >> Well I'm convinced! Thanks for looking into it. > > > > > > > >> >> >> >>> >> > > > > > > > >> >> >> >>> >> Ryanne > > > > > > > >> >> >> >>> >> > > > > > > > >> >> >> >>> >> On Wed, Oct 27, 2021, 8:49 AM Omnia Ibrahim < > > > > > > > >> >> >> o.g.h.ibra...@gmail.com> > > > > > > > >> >> >> >>> wrote: > > > > > > > >> >> >> >>> >> > > > > > > > >> >> >> >>> >> > I checked the difference between the number > of > > > > > methods > > > > > > in > > > > > > > >> the > > > > > > > >> >> >> Admin > > > > > > > >> >> >> >>> >> > interface and the number of methods MM2 > invokes > > > > from > > > > > > > >> Admin, and > > > > > > > >> >> >> this > > > > > > > >> >> >> >>> diff > > > > > > > >> >> >> >>> >> > is enormous (it's more than 70 methods). > > > > > > > >> >> >> >>> >> > As far as I can see, the following methods > MM2 > > > > > depends > > > > > > on > > > > > > > >> (in > > > > > > > >> >> >> >>> >> > MirrorSourceConnector, MirrorMaker, > > > > > > MirrorCheckpointTask > > > > > > > >> and > > > > > > > >> >> >> >>> >> > MirrorCheckpointConnector), this will leave > 73 > > > > > methods > > > > > > on > > > > > > > >> the > > > > > > > >> >> >> Admin > > > > > > > >> >> >> >>> >> > interface that customer will need to return > > dummy > > > > > data > > > > > > > for, > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > 1. create(conf) > > > > > > > >> >> >> >>> >> > 2. close > > > > > > > >> >> >> >>> >> > 3. listTopics() > > > > > > > >> >> >> >>> >> > 4. createTopics(newTopics, > > > createTopicsOptions) > > > > > > > >> >> >> >>> >> > 5. createPartitions(newPartitions) > > > > > > > >> >> >> >>> >> > 6. alterConfigs(configs) // this method > is > > > > marked > > > > > > for > > > > > > > >> >> >> >>> deprecation in > > > > > > > >> >> >> >>> >> > Admin and the ConfigResource MM2 use is > only > > > > TOPIC > > > > > > > >> >> >> >>> >> > 7. createAcls(aclBindings) // the list of > > > > bindings > > > > > > > >> always > > > > > > > >> >> >> >>> filtered by > > > > > > > >> >> >> >>> >> > TOPIC > > > > > > > >> >> >> >>> >> > 8. describeAcls(aclBindingFilter) // > filter > > is > > > > > > always > > > > > > > >> >> >> >>> ANY_TOPIC_ACL > > > > > > > >> >> >> >>> >> > 9. describeConfigs(configResources) // > > Always > > > > for > > > > > > > TOPIC > > > > > > > >> >> >> resources > > > > > > > >> >> >> >>> >> > 10. listConsumerGroupOffsets(groupId) > > > > > > > >> >> >> >>> >> > 11. listConsumerGroups() > > > > > > > >> >> >> >>> >> > 12. alterConsumerGroupOffsets(groupId, > > > offsets) > > > > > > > >> >> >> >>> >> > 13. describeCluster() // this is invoked > > from > > > > > > > >> >> >> >>> >> > ConnectUtils.lookupKafkaClusterId(conf), > > > > > > > >> >> >> >>> >> > but MM2 isn't the one that initialize the > > > > > > AdminClient > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > Going with the Admin interface in practice > will > > > > make > > > > > > any > > > > > > > >> custom > > > > > > > >> >> >> Admin > > > > > > > >> >> >> >>> >> > implementation humongous even for a fringe > use > > > case > > > > > > > >> because of > > > > > > > >> >> the > > > > > > > >> >> >> >>> number > > > > > > > >> >> >> >>> >> > of methods that need to return dummy data, > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > I am still leaning toward a new interface as > it > > > > > > abstract > > > > > > > >> all > > > > > > > >> >> MM2's > > > > > > > >> >> >> >>> >> > interaction with Kafka Resources in one > place; > > > this > > > > > > makes > > > > > > > >> it > > > > > > > >> >> >> easier > > > > > > > >> >> >> >>> to > > > > > > > >> >> >> >>> >> > maintain and make it easier for the use cases > > > where > > > > > > > >> customers > > > > > > > >> >> >> wish to > > > > > > > >> >> >> >>> >> > provide a different method to handle > resources. > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > Omnia > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > On Tue, Oct 26, 2021 at 4:10 PM Ryanne Dolan > < > > > > > > > >> >> >> ryannedo...@gmail.com> > > > > > > > >> >> >> >>> >> > wrote: > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> >> > > I like the idea of failing-fast whenever a > > > custom > > > > > > impl > > > > > > > is > > > > > > > >> >> >> >>> provided, but I > > > > > > > >> >> >> >>> >> > > suppose that that could be done for Admin > as > > > > well. > > > > > I > > > > > > > >> agree > > > > > > > >> >> your > > > > > > > >> >> >> >>> proposal > > > > > > > >> >> >> >>> >> > is > > > > > > > >> >> >> >>> >> > > more ergonomic, but maybe it's okay to > have a > > > > > little > > > > > > > >> >> friction in > > > > > > > >> >> >> >>> such > > > > > > > >> >> >> >>> >> > > fringe use-cases. > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > Ryanne > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > On Tue, Oct 26, 2021, 6:23 AM Omnia > Ibrahim < > > > > > > > >> >> >> >>> o.g.h.ibra...@gmail.com> > > > > > > > >> >> >> >>> >> > > wrote: > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > > Hey Ryanne, Thanks fo the quick feedback. > > > > > > > >> >> >> >>> >> > > > Using the Admin interface would make > > > everything > > > > > > > >> easier, as > > > > > > > >> >> MM2 > > > > > > > >> >> >> >>> will > > > > > > > >> >> >> >>> >> > need > > > > > > > >> >> >> >>> >> > > > only to configure the classpath for the > new > > > > > > > >> implementation > > > > > > > >> >> and > > > > > > > >> >> >> >>> use it > > > > > > > >> >> >> >>> >> > > > instead of AdminClient. > > > > > > > >> >> >> >>> >> > > > However, I have two concerns > > > > > > > >> >> >> >>> >> > > > 1. The Admin interface is enormous, and > the > > > MM2 > > > > > > users > > > > > > > >> will > > > > > > > >> >> >> need > > > > > > > >> >> >> >>> to know > > > > > > > >> >> >> >>> >> > > the > > > > > > > >> >> >> >>> >> > > > list of methods MM2 depends on and > override > > > > these > > > > > > > only > > > > > > > >> >> >> instead of > > > > > > > >> >> >> >>> >> > > > implementing the whole Admin interface. > > > > > > > >> >> >> >>> >> > > > 2. MM2 users will need keep an eye on any > > > > changes > > > > > > to > > > > > > > >> Admin > > > > > > > >> >> >> >>> interface > > > > > > > >> >> >> >>> >> > that > > > > > > > >> >> >> >>> >> > > > impact MM2 for example deprecating > methods. > > > > > > > >> >> >> >>> >> > > > Am not sure if adding these concerns on > the > > > > users > > > > > > is > > > > > > > >> >> >> acceptable > > > > > > > >> >> >> >>> or not. > > > > > > > >> >> >> >>> >> > > > One solution to address these concerns > > could > > > be > > > > > > > adding > > > > > > > >> some > > > > > > > >> >> >> >>> checks to > > > > > > > >> >> >> >>> >> > > make > > > > > > > >> >> >> >>> >> > > > sure the methods MM2 uses from the Admin > > > > > interface > > > > > > > >> exists > > > > > > > >> >> to > > > > > > > >> >> >> fail > > > > > > > >> >> >> >>> >> > faster. > > > > > > > >> >> >> >>> >> > > > What do you think > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > Omnia > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > On Mon, Oct 25, 2021 at 11:24 PM Ryanne > > > Dolan < > > > > > > > >> >> >> >>> ryannedo...@gmail.com> > > > > > > > >> >> >> >>> >> > > > wrote: > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > > Thanks Omnia, neat idea. I wonder if we > > > could > > > > > use > > > > > > > the > > > > > > > >> >> >> existing > > > > > > > >> >> >> >>> Admin > > > > > > > >> >> >> >>> >> > > > > interface instead of defining a new > one? > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > Ryanne > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > On Mon, Oct 25, 2021, 12:54 PM Omnia > > > Ibrahim > > > > < > > > > > > > >> >> >> >>> >> > o.g.h.ibra...@gmail.com> > > > > > > > >> >> >> >>> >> > > > > wrote: > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > > Hey everyone, > > > > > > > >> >> >> >>> >> > > > > > Please take a look at KIP-787 > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> > > > > > > > >> >> >> > > > > > > > >> >> > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-787%3A+MM2+Interface+to+manage+Kafka+resources > > > > > > > >> >> >> >>> >> > > > > > < > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> > > > > > > > >> >> >> > > > > > > > >> >> > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-787%3A+MM2+Interface+to+manage+Kafka+resources > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > >> >> >> >>> >> > > > > > Thanks for the feedback and support > > > > > > > >> >> >> >>> >> > > > > > Omnia > > > > > > > >> >> >> >>> >> > > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > > >> >> >> >>> >> > > > > > > > > > >> >> >> >>> >> > > > > > > > > >> >> >> >>> > > > > > > > >> >> >> >> > > > > > > > >> >> >> > > > > > > > >> >> > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
