hi all,
I'm revisiting authorizer metrics, which are currently absent from the
codebase. While KIP-608 and KIP-801 both propose adding authorizer metrics,
neither of them has implemented the actual metrics. Since authorizer
metrics are valuable for Kafka maintainers, I intend to implement them
based on these accepted KIPs.
However, I've identified some conflicts between the two KIPs regarding
metric exposure:
Q0: Who should expose the metrics?
-
KIP-608 suggests that the authorizer itself should expose its metrics by
receiving a server metrics object.
-
In contrast, KIP-801 proposes that the broker/controller should expose
authorizer metrics by calling methods within the authorizer.
-
To align with both KIPs, I propose passing the server metrics object to
the authorizer, allowing it to define its own "custom" metrics.
Additionally, the broker/controller should be responsible for exposing
"general" authorizer metrics.
Q1: What is the suitable metrics name?
-
KIP-608 proposes kafka.server:type=kafka.security.authorizer.metrics,
while KIP-801 suggests kafka.server:type=Authorizer
-
I prefer the shorter naming convention. Therefore, I plan to use the
following metrics names:
-
kafka.server:type=Authorizer,name=acls-total-count
-
kafka.server:type=Authorizer,name=authorization-request-rate-per-minute
-
kafka.server:type=Authorizer,name=authorization-allowed-rate-per-minute
-
kafka.server:type=Authorizer,name=authorization-denied-rate-per-minute
In short, I plan to implement authorizer metrics. This proposal addresses
the conflicts between KIP-608 and KIP-801 regarding metric exposure. The
feedback is welcomed!
references:
KIP-608 https://cwiki.apache.org/confluence/x/zBQRCQ
KIP-801 https://cwiki.apache.org/confluence/x/h5KqCw
Best,
Chia-Ping
