Hi Nikhil, I agree with Christo. This is a good improvement and I think your choice of Alter permission on the cluster is the best available.
Thanks, Andrew > On 15 Apr 2024, at 12:33, Christo Lolov <christolo...@gmail.com> wrote: > > Heya Nikhil, > > Thank you for raising this KIP! > > Your proposal makes sense to me. In essence you are saying that the > permission required by WriteTxnMarkers should be the same as for CreateAcls > and DeleteAcls, which is reasonable. If we trust an administrator to assign > the correct permissions then we should also trust them to be able to abort > a hanging transaction. > > I would support this KIP if it is put to the vote unless there are other > suggestions for improvements! > > Best, > Christo > > On Thu, 11 Apr 2024 at 16:48, Nikhil Ramakrishnan < > ramakrishnan.nik...@gmail.com> wrote: > >> Hi everyone, >> >> I would like to start a discussion for >> >> KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission >> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1037%3A+Allow+WriteTxnMarkers+API+with+Alter+Cluster+Permission >> >> The WriteTxnMarkers API was originally used for inter-broker >> communication only. This required the ClusterAction permission on the >> Cluster resource to invoke. >> >> In KIP-664, we modified the WriteTxnMarkers API so that it could be >> invoked externally from the Kafka AdminClient to safely abort a >> hanging transaction. Such usage is more aligned with the Alter >> permission on the Cluster resource, which includes other >> administrative actions invoked from the Kafka AdminClient (i.e. >> CreateAcls and DeleteAcls). This KIP proposes allowing the >> WriteTxnMarkers API to be invoked with the Alter permission on the >> Cluster. >> >> I am looking forward to your thoughts and suggestions for improvement! >> >> Thanks, >> Nikhil >>
