Hi hudeqi, Thanks for the KIP! I think the original behavior (removing WRITE permissions during the sync) is a good default, but is not acceptable in every situation. I think providing a configuration for this behavior is the right idea.
I had a few questions: 1. Is this configuration only relevant to the MirrorSourceConnector? Since we split the different connector configurations, we can omit this configuration from the Checkpoint and Heartbeat connectors when deployed in a connect cluster. 2. Is this configuration only able to be configured globally for an entire Dedicated MirrorMaker2? Can it be configured for one flow in a dedicated deployment and not another by specifying `source->target.sync.full.acl.enabled`? 3. Is the documentation going to include the "disaster recovery" language, or is that a left-over from an earlier revision in the KIP? I don't think that "disaster recovery" is a very clear term in this situation, and we should probably be very specific in the documentation about what this configuration is changing. 4. Did you consider any use-cases where a more restrictive ACL sync would be desirable? Right now we are downgrading ALL/removing WRITE, but leaving CREATE/DELETE/ALTER/etc ACLs as-is. Perhaps users would like to choose between an ACL sync which is more locked-down, the current behavior, or more permissive. 5. Currently MM2 only syncs topic ACLs, and not group ACLs or SCRAM credentials, so those would be new capabilities. Can you here (or in the KIP) go into more detail about how these would work? 6. Is there a reason to have one configuration control these three different syncs? Could users want to change the topic ACL sync semantics, while not using the group sync or the SCRAM sync? Thanks, Greg On Mon, Aug 28, 2023 at 2:10 AM hudeqi <16120...@bjtu.edu.cn> wrote: > > Hi, all, this is a vote about kip-965, thanks. > > best, > hudeqi > > > > -----原始邮件----- > > 发件人: hudeqi <16120...@bjtu.edu.cn> > > 发送时间: 2023-08-17 18:03:49 (星期四) > > 收件人: dev@kafka.apache.org > > 抄送: > > 主题: Re: [DISCUSSION] KIP-965: Support disaster recovery between clusters > by MirrorMaker > >
