Jun, Yes, I agree that it makes sense to retain the existing semantics for client-id quotas for compatibility. Especially if we can provide the option to enable secure client-id quotas for multi-user clusters as well.
I have updated the KIP - each of these levels can have defaults as well as specific entries: - /config/clients : Insecure <client-id> quotas with the same semantics as now - /config/users: User quotas - /config/users/userA/clients: <user, client-id> quotas for userA - /config/users/<default>/clients: Default <user, client-id> quotas Now it is fully flexible as well as compatible with the current implementation. I used /config/users/<default>/clients rather than /config/users/clients since "clients" is a valid (unlikely, but still possible) user principal. I used <default>, but it could be anything that is a valid Zookeeper node name, but not a valid URL-encoded name. Thank you, Rajini On Thu, Jun 23, 2016 at 3:43 PM, Jun Rao <j...@confluent.io> wrote: > Hi, Rajini, > > For the following statements, would it be better to allocate the quota to > all connections whose client-id is clientX? This way, existing client-id > quotas are fully compatible in the new release whether the cluster is in a > single user or multi-user environment. > > 4. If client-id quota override is defined for clientX in > /config/clients/clientX, this quota is allocated for the sole use of > <userN, > clientX> > 5. If dynamic client-id default is configured in /config/clients, this > default quota is allocated for the sole use of <userN, clientX> > 6. If quota.producer.default is configured for the broker in > server.properties, this default quota is allocated for the sole use of > <userN, > clientX> > > We can potentially add a default quota for both user and client at path > /config/users/clients? > > Thanks, > > Jun > > On Wed, Jun 22, 2016 at 3:01 AM, Rajini Sivaram < > rajinisiva...@googlemail.com> wrote: > > > Ismael, Jun, > > > > Thank you both for the feedback. Have updated the KIP to add dynamic > > default quotas for client-id with deprecation of existing static default > > properties. > > > > > > On Wed, Jun 22, 2016 at 12:50 AM, Jun Rao <j...@confluent.io> wrote: > > > > > Yes, for consistency, perhaps we can allow client-id quota to be > > configured > > > dynamically too and mark the static config in the broker as deprecated. > > If > > > both are set, the dynamic one wins. > > > > > > Thanks, > > > > > > Jun > > > > > > On Tue, Jun 21, 2016 at 3:56 AM, Ismael Juma <ism...@juma.me.uk> > wrote: > > > > > > > On Tue, Jun 21, 2016 at 12:50 PM, Rajini Sivaram < > > > > rajinisiva...@googlemail.com> wrote: > > > > > > > > > It is actually quite tempting to do the same for client-id quotas > as > > > > well, > > > > > but I suppose we can't break existing users who have configured > > > defaults > > > > in > > > > > server.properties and providing two ways of setting client-id > > defaults > > > > > would be just too confusing. > > > > > > > > > > > > > Using two different approaches for client-id versus user quota > defaults > > > is > > > > also not great. We could deprecate the server.properties default > > configs > > > > for client-id quotas and remove them in the future. In the meantime, > we > > > > would have to live with 2 level defaults. > > > > > > > > Jun, what are your thoughts on this? > > > > > > > > Ismael > > > > > > > > > > > > > > > -- > > Regards, > > > > Rajini > > > -- Regards, Rajini
