rondagostino commented on PR #13116: URL: https://github.com/apache/kafka/pull/13116#issuecomment-1401088949
Thanks, Colin. That all makes sense. The KIP indicates that `validateOnly` is not throttled because it does not load the controller (https://cwiki.apache.org/confluence/display/KAFKA/KIP-599%3A+Throttle+Create+Topic%2C+Create+Partition+and+Delete+Topic+Operations#KIP599:ThrottleCreateTopic,CreatePartitionandDeleteTopicOperations-HandlingofValidateOnly), but that is not the case here as you point out. So I will proceed as follows: 1. Keep the logic inside `ControllerApis.scala` to avoid taking locks in the controller thread 2. Expose any necessary information required via the `org.apache.kafka.controller.Controller` interface. It isn't clear to me that we should charge for unauthorized requests. First, this is not mentioned in the KIP, so it is a different case than the `validateOnly` situation (where the spirit of the KIP implies we should charge for `validateOnly` in KRaft). Also, I wonder if it is possible that charging for unauthorized requests could lead to indirectly exposing partition information that a client is unauthorized to know. For now I will leave this piece alone. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
